On 08/23/2011 07:37 AM, Andreas Gruener wrote:
But where do I have access to a key identifier which is, for example, specified
by the parameter "-keyout" to put it in the prime number fields?
-keyout is the name of a file where the generate rsa key (a real or a fake
one) is stored. It is not an input parameter for an engine. ???
Your engine should just enumerate the keys in its internal storage, or
use a hash, or.. you can communicate via engine commands in
a configuration file. (cf the doc of config).
*Peter Sylvester <[email protected]>*
Gesendet von: [email protected]
18.08.2011 09:42
Bitte antworten an
[email protected]
An
[email protected]
Kopie
Thema
Re: Key Generation with OpenSSL Engine
On 08/18/2011 09:06 AM, Andreas Gruener wrote:
Hello,
I write an engine which shifts private key operations to a hardware security
module.
I face a problem concerning the key generation process. The keys are stored in
the hsm but
there exists an external reference file, like an keystore, which is used to address the key in
conjunction
with an alias name. If I invoke the key generation then a certain key_id is not available within
the key
generation function. Furthermore openssl saves the key and not the engine.
Therefore I can't create
a certain reference keystore and an alias for a key.
Is there a possibility to allow the engine to save the key?
Here is an example of the problem. The execution of openssl req -newkey rsa:1024 -keyout <key_id>
-engine <engine>
leads to the function call of rsa_keygen(RSA *rsa, BIGNUM *e, BN_GENCB *cb). But within this
function and in no other function,
which is called before or after rsa_keygen, the key_id string is available to
the engine.
But if the load_key function of an engine is called, an key_id, to specify the
key, is available.
some engines use the rsa prime numbers
as placeholders for identifiers to a private and a public key.
the generated key file looks like an rsa private key and
the prime numbers are 1, 2 or so.
--
Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen
Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter
_http://www.deutsche-bank.de/de/content/pflichtangaben.htm_. Diese E-Mail enthält vertrauliche
und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie
diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht
gestattet.
Please refer to _http://www.db.com/en/content/eu_disclosures.htm_for information (including
mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered
or incorporated in the European Union. This e-mail may contain confidential and/or privileged
information. If you are not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
