On 08/18/2011 09:06 AM, Andreas Gruener wrote:
Hello,
I write an engine which shifts private key operations to a hardware security
module.
I face a problem concerning the key generation process. The keys are stored in
the hsm but
there exists an external reference file, like an keystore, which is used to address the key in
conjunction
with an alias name. If I invoke the key generation then a certain key_id is not available within
the key
generation function. Furthermore openssl saves the key and not the engine.
Therefore I can't create
a certain reference keystore and an alias for a key.
Is there a possibility to allow the engine to save the key?
Here is an example of the problem. The execution of openssl req -newkey rsa:1024 -keyout <key_id>
-engine <engine>
leads to the function call of rsa_keygen(RSA *rsa, BIGNUM *e, BN_GENCB *cb). But within this
function and in no other function,
which is called before or after rsa_keygen, the key_id string is available to
the engine.
But if the load_key function of an engine is called, an key_id, to specify the
key, is available.
some engines use the rsa prime numbers
as placeholders for identifiers to a private and a public key.
the generated key file looks like an rsa private key and
the prime numbers are 1, 2 or so.
