But where do I have access to a key identifier which is, for example, specified by the parameter "-keyout" to put it in the prime number fields?
Peter Sylvester <[email protected]> Gesendet von: [email protected] 18.08.2011 09:42 Bitte antworten an [email protected] An [email protected] Kopie Thema Re: Key Generation with OpenSSL Engine On 08/18/2011 09:06 AM, Andreas Gruener wrote: Hello, I write an engine which shifts private key operations to a hardware security module. I face a problem concerning the key generation process. The keys are stored in the hsm but there exists an external reference file, like an keystore, which is used to address the key in conjunction with an alias name. If I invoke the key generation then a certain key_id is not available within the key generation function. Furthermore openssl saves the key and not the engine. Therefore I can't create a certain reference keystore and an alias for a key. Is there a possibility to allow the engine to save the key? Here is an example of the problem. The execution of openssl req -newkey rsa:1024 -keyout <key_id> -engine <engine> leads to the function call of rsa_keygen(RSA *rsa, BIGNUM *e, BN_GENCB *cb). But within this function and in no other function, which is called before or after rsa_keygen, the key_id string is available to the engine. But if the load_key function of an engine is called, an key_id, to specify the key, is available. some engines use the rsa prime numbers as placeholders for identifiers to a private and a public key. the generated key file looks like an rsa private key and the prime numbers are 1, 2 or so. -- Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.deutsche-bank.de/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet. Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
