Thank you, David. It wasn't obvious :) Let me look into. Regards, Alex.
On Tue, Jul 21, 2015 at 7:32 AM, David Woodhouse <dw...@infradead.org> wrote: > On Tue, 2015-07-21 at 06:55 -0700, Alexander Gostrer wrote: > > > > I didn't find any reference to pkcs11 or engine_pkcs11 or cryptoki in > > the code. The closest thing I see on the master branch are > > openssl/engines/vendor_defns/hwcryptohook.h, sureware.h, and so on. > > Is there a special branch for pkcs11? Or I just need to use > > hwcryptohook.h/sureware.h as a reference code and make my own > > implementation? > > Unfortunately, PKCS#11 support isn't a part of OpenSSL directly > (although it would be really good to fix that). > > The PKCS#11 engine is at https://github.com/OpenSC/engine_pkcs11 > > A new release is imminent, which allows you to specify certificates and > keys by a PKCS#11 URI (RFC7512) instead of the old format. > > On systems where p11-kit exists, it also automatically loads the > appropriate PKCS#11 modules according to the system configuration. So > using it really is as simple as providing the correct PKCS#11 URI for > the cert/key you want. > > -- > David Woodhouse Open Source Technology Centre > david.woodho...@intel.com Intel Corporation >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
