On 5/18/2013 2:09 PM, Rajeswari K wrote:
Hello Users/dev Team, Need some urgent help to program openssl for smart card/HSM. Our smart card never shares private keys. All crypto operations such as encryption,decryption will be performed by smart card. And any such actions from openssl needs to be redirected to smart card. Only certicate is left open. Have read about pkcs11 crypto engine support at openssl. Currently we are using openssl 0.9.8q. Does this version supports pkcs11 engine support? If supports, can you provide which part of the code needs to be changed to have successful handshake using smart card. Currently our openssl code is expecting a private key to perform handshake. When smart card is used, private_key is updated with NULL at SSL_ACCEPT(). Hence, its throwing as no shard cipher during handshake. Please provide a sample application how to program openssl for smart card where private key is not known. Thanks in advance.
Have a look at https://www.opensc-project.org/opensc/wiki/engine_pkcs11 This is an engine that can call pkcs11, either the OpenSC or some other PKCS#11 implementation.
Rajeswari.
-- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
