> > "Richard Levitte via RT" <[EMAIL PROTECTED]> wrote: > > 2. Those extra functions in the RSA method, are they really needed? > > I understand that they provide a lot of automagic things, but then > > it should be added in the ENGINE framework as something that would > > be potentially available for any hardware (that supports that extra > > functionality). Also, when it comes to loading keys, the current > > modus operandi is to explicitely use the ENGINE key loading > > functions rather than having some implicit functionality going on. > > The reason is that we'd prefer not to surprise the users too much. > > > "Afchine Madjlessi" <[EMAIL PROTECTED] > wrote > The Bull Trustway CC2000 isn't only a cryptographic accelerator card, > it is a high level security hardware providing key generation and storage > in secure memory. That's why we can't use ENGINE key loading functions. > Yes those extra functions are really needed when using this kind of > hardware. > You can find below a sample to generate and store key pair when using openssl-engine over trustway PKCS#11 card. # # create certificate request, sign it -> server certificate # (an RSA key pair is generated) #
# 1. making a CA certificate # CA-trustway.sh -newca # openssl req -engine trustway -config ../openssl.cnf \ -new -x509 -keyout ./demoCA/private/cakey.pem \ -out =./demoCA/cacert.pem -days 365 # # 2. create a certificate request # CA-trustway.sh -newreq # openssl req -engine trustway -config ../openssl.cnf -new \ -keyout newkey.pem -out newreq.pem -nodes -days 365 # # 3.create a certificate request # CA-trustway.sh -signreq # openssl ca -engine trustway -config ../openssl.cnf \ -policy policy_anything -out newcert.pem -infiles newreq.pem afchine ______________________________________ [EMAIL PROTECTED] Bull Technologies - Trustway R&D - Networking & Security http://www.servers.bull.com/trustway ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
