On 13.12.2001 16:45:15 Richard Levitte - VMS Whacker wrote:
>What you're talking about below is something different than what I >answered above. Ok, this seems to be going into the wrong direction, but that's probably my own fault. Let me put some things straight. >Ah. Well, the very simple answer is that we don't support card-stored >(and card-hidden?) certificates yet. Also, *you were asking about >private keys*! Where exactly do you store the private key in the >certificate? The client's certificate is indeed stored in the card, but that's just for convenience. It could be anywhere, also in a file, and certainly not hidden. I've never said I store the private key in the certificate. That doesn't make any sense. It's in the card and it stays there. >AKuit> I don't have and need access to the private key in the card, I only >AKuit> have to make sure the right key is used during the SSL handshake, >AKuit> but that's easy also without a dummy/proxy/shadow (whatever one >AKuit> could call it) EVP_PKEY. > >Let's see, you need the private key to sign certain things with, so I >fail to see in what way you don't need it. What I meant is that I don't have *direct* access to the private key. Only the card has direct access to "sign certain things". I tell the card which key to use. >It's becoming apparent that one or more of the following is true: >1. you don't know jack shit about how SSL works and what is needed for > it to work properly. >2. you didn't bother looking at the code I suggested that you study. Both is not correct. Please hold back with such comments if things are based on misunderstandings. >"What data do I put into the RSA struct?" > >The public components of the key, which I'm sure can be extracted from >your card, no? This is exactly the point. When during the handshake does the client need its own public key (other than sending it to the server) ?? >If you need, I can probably help you code that engine. However, I >will request that you pay me for it, and make sure I get appropriate >hardware to test against. Thanks, no need. Alex. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
