On 11/30/16, 10:24 AM, "openssl-dev on behalf of James Bottomley" 
<openssl-dev-boun...@openssl.org on behalf of 
james.bottom...@hansenpartnership.com> wrote:

    > One of the principle problems of using TPM based keys is that there's
    > no easy way of integrating them with standard file based keys. 

Why should token- and/or TPM-based keys be integrated with file-based keys? 
OpenSSL and its engines need/should accept URI pointing at the keys. Pointing 
them at files containing some proprietary reference to keys that are kept in 
hardware does not seem to make sense. 

So why is it better to say “…engine –key /some/weird/path/weird-file.pem” than 
“…engine –key pkcs11:id=02” (or such)?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to