You can write your own engine that calls the routines you have. You can also write a shim library that wraps the library you have and presents it as PKCS#11. Then you can use a PKCS#11 engine.
The first approach is easiest but the second gives you more options down the line (you don't need to implement the entire interface, just enough to get things working...) What is your hardware? I've done the above with Spyrus Links II (I can't remember the details, but I think the PKCS#11 wrapper was actually for openssh; for openSSL I used the first approach). It's easiest if you start with an existing engine as a template. Andrew On Tue, Nov 05, 2013 at 06:33:55PM +0200, 133mmx runner wrote: > Hi All, > > I am using openssl library. I have succeded establishing ssl connection > with pfx files. But we will keep private key in hardware. Our hardware has > no engine library or pkcs#11 library. > > There are sign and encryption functions that i can use. Is there a way in > openssl to manipulate RSA operation. > > Thanks in advance. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
