Hi, Our PKCS#11 generic engine delivered to openssl provides already RSA_generate_key and is able to store private key in the hardware crypto. It provides also i2d & d2i RSA functions to load the stored private keys from the crypto card. These methods are added in RSA_method. This patch is non-intrusive for other engines and no-engine calls. You can find the patch at RT/openssl.org Ticket #11. The last patch is available for openssl-engine.0.9.6g.
Best regards Afchine ______________________________________ [EMAIL PROTECTED] Bull - Trustway R&D - Networking & Security http://www.servers.bull.com/trustway ----- Original Message ----- From: "Frederic DONNAT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 11, 2002 3:02 PM Subject: RE: OpenSSL ENGINE, OpenCA & MUSCLE Hi Richard, I have a question PKCS#11 ENGINE, etc ... As far as i can see some method like "RSA_generate_key()" are not available in "RSA_Method" structure, but RSA key generation can be provide by hardaware even if key is not stored on it (for example). On the other hand, according to PKCS#11 standard if you generate a key pair using a PKCS#11 module you should keep the private one secret (no reading or export available from PKCS#11 module). So i think that some method like "RSA_generate_key()" should be accessible from "RSA_Method". Is there an update planed for this? Regards Fred ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]