Re: [openssl.org #11] Fw: trustway pkcs11 engine for openssl

[afchine madjlessi]

Zoran, could you please send me source code of Eracom PKCS11 engine for openssl? regards ______________________________________ [EMAIL PROTECTED] Bull Technologies -Trustway R&D - Networking & Security http://www.servers.bull.com/trustway     ----- Original Message ----- From: Zoran Radenkovic With Eracom PKCS11 engine we tried to work in boundaries defined with engine API with minimal impact on openssl core code base. As well we wanted to have "key handling" transparent to application build up on openssl (not need to change source and rebuild application). Problem of key generation is not simple as generate key in a HSM. What if you already have a key approved from CA and want to put in HSM. That if you have key on multiple smart card in multi custodian key-management environment �, or you want to generate key but you want to have key components back-up in smart cards, protected by different pins. This is the reason (for time being � while openssl come up with it's own model), we decoupled "HSM key" generation from "openssl key" generation. Our user has key generation utility which covers all aspects mentioned above, and openssl utilities are used "to tell" that corresponding keys are stored on HSM. Cheers, Zoran