On Tue, 2015-07-21 at 06:55 -0700, Alexander Gostrer wrote: > > I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in > the code. The closest thing I see on the master branch are > openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on. > Is there a special branch for pkcs11? Or I just need to use > hwcryptohook.h/sureware.h as a reference code and make my own > implementation?
Unfortunately, PKCS#11 support isn't a part of OpenSSL directly (although it would be really good to fix that). The PKCS#11 engine is at https://github.com/OpenSC/engine_pkcs11 A new release is imminent, which allows you to specify certificates and keys by a PKCS#11 URI (RFC7512) instead of the old format. On systems where p11-kit exists, it also automatically loads the appropriate PKCS#11 modules according to the system configuration. So using it really is as simple as providing the correct PKCS#11 URI for the cert/key you want. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
