On Thu, 2010-06-03 at 18:04 +0200, Dr. Stephen Henson wrote: > If you mean private key security then this makes more sense. > > OpenSSL includes means to secure private keys through the ENGINE interface. > There are some built in which can use external private keys (e.g. Windows CSPs > or Chil HSMs).
As part of the TrouSerS project there is an OpenSSL engine which provides secure private-key storage. A TPM is present on a reasonable number of machines these days. > It only requires a few calls to make use of a private key in an ENGINE after > that usage is almost transparent. However at present very applications support > that. We could (and indeed I've planned for a while) make that easier to do > without needing application modification. It's not just engine keys. It's bad enough when you just want to be able to load PEM or PKCS#12 keys. Making that work better would be extremely useful. -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
