Hello, > I writing a TLS server application. That is the easy part. > The server certificate is on a smart card. So I get only the public key and > the certificate but not the private key from the smart card. > So I have to decrypt everything in the TLS handshake, which is encrypted with > server public key (the premaster secret), with the smart card . > So my question is: How can I control the TLS handshake in openssl so, that the > premaster secrete is decypted with the smart card. In SSL/TLS you encrypt pre_master_secret with server certificate. For that, you do not need smartcard, TLS server will send you certificate and (after verification) you (client) encrypt generated pre_master_secret with server public key send to you by server with certificate. You may use smartcard if TLS server requires client verification, then your (client) private key from smartcard is used to prove your identity.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]