Hi Alexander,
Alexander Gostrer wrote:
Hi All,
I am working on an OpenSSL modification for a hardware accelerator who
generates and uses private keys internally without a way to
export/import them. The standard OpenSSL approach is to use keys from
files. Is there any preferred way to point to keys in the hardware?
There is more and more hardware on the market that people want to use
directly from the OpenSSL.
There is a standard for this, PKCS#11, that is fairly well supported by
OpenSSL. Numerous hardware tokens and smartcards exist that can interact
with OpenSSL (via engine_pkcs11). I have personal experience with
various usb hardware tokens from Feitian and Aladdin/SafeNet. The main
feature of such tokens is that indeed the private key cannot be exported
from the device.
hope this helps,
JJK / Jan Just Keijser
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
