Hi Jan, Erwann, I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in the code. The closest thing I see on the master branch are openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on. Is there a special branch for pkcs11? Or I just need to use hwcryptohook.h/sureware.h as a reference code and make my own implementation?
Thank you, Alex. On Mon, Jul 20, 2015 at 9:51 AM, Alexander Gostrer <agost...@gmail.com> wrote: > Hi Jan, > > It definitely helps. I am already looking into this standard. > > Thank you, > Alex. > > On Mon, Jul 20, 2015 at 8:21 AM, Jan Just Keijser <janj...@nikhef.nl> > wrote: > >> Hi Alexander, >> >> >> Alexander Gostrer wrote: >> >>> Hi All, >>> >>> I am working on an OpenSSL modification for a hardware accelerator who >>> generates and uses private keys internally without a way to export/import >>> them. The standard OpenSSL approach is to use keys from files. Is there any >>> preferred way to point to keys in the hardware? There is more and more >>> hardware on the market that people want to use directly from the OpenSSL. >>> >>> There is a standard for this, PKCS#11, that is fairly well supported by >> OpenSSL. Numerous hardware tokens and smartcards exist that can interact >> with OpenSSL (via engine_pkcs11). I have personal experience with various >> usb hardware tokens from Feitian and Aladdin/SafeNet. The main feature of >> such tokens is that indeed the private key cannot be exported from the >> device. >> >> >> hope this helps, >> >> JJK / Jan Just Keijser >> >> _______________________________________________ >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >> > >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
