Hi all,
I want to write a patch to openssl so that it can directly use a
private key stored
in windows certificate store. For this i am planning to write a
proxies for sign and decrypt functions. This proxy will use the
private key stored in windows certificate which is not marked as
exportable and which is password protected.
These sign and decrypt functions will be called via php's openssl
library. Since these keys are not exportable and are password
protected, a work around from php is not possible. ( A solution i got
from the archives). I am planning to use the windows cryptography API
(CAPI) to access the windows certificate store.
Here are some questions i am trying to find answers for:
1) How difficult/easy is it make these changes? ( I am only interested
in the sign and decrypt functions).
2) Has anyone written a patch already to do this? (I have not found
anything related on the contrib page).
3) Upon browsing through the source code, I came across a macro,
PEM_read_PrivateKey in crypto/pem/pem.h which actually access the
private key.
The current definition of the macro in 0.9.8b is
#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
I am planning to change this macro to call my proxy which will inturn
call PEM_ASN1_read.
Is this the right way to solve the problem? I only started looking at
the codebase today, so please go soft in this noob :).
4) Openssl not having its own datastore all the more confuses me
because, then it should have some mechanism to talk to the windows
certificate store already, which seems not to be the case.
5) A few pointers on where to start looking would be immensely helpful.
Thanks in advance,
-Suman
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
