On 11/30/16, 10:24 AM, "openssl-dev on behalf of James Bottomley" <openssl-dev-boun...@openssl.org on behalf of james.bottom...@hansenpartnership.com> wrote:
> One of the principle problems of using TPM based keys is that there's
> no easy way of integrating them with standard file based keys.
Why should token- and/or TPM-based keys be integrated with file-based keys?
OpenSSL and its engines need/should accept URI pointing at the keys. Pointing
them at files containing some proprietary reference to keys that are kept in
hardware does not seem to make sense.
So why is it better to say “…engine –key /some/weird/path/weird-file.pem” than
“…engine –key pkcs11:id=02” (or such)?
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
