Hi Gilad,
You must copy the public key file generated by openssl (cakey.pem)
in usr/local/appache/ssl.crt/server.key.
The pkcs#11 engine load_private_key function read the public key file
to find the private key in the hardware.
cheers
Afchine
__
[EMAIL
Hi,
I have written this patch to be used with a hardware Crypto PKCS#11
accelerator
which can store keys. It is used in my company in TrustWay SSL accelerator
and,
TrustWay Apache-SSL accelerator with the Bull PCI CC2000 HSM.
Our HSM doesn't require C_Login. I believe that call to C_Login is
PROTECTED]
To: 'Afchine Madjlessi' [EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 7:33 PM
Subject: RE: pkcs#11 engine for openssl
HI Afchine,
I probably do not understand fully the concept of the engine module in
openssl maybe you can help.
My understanding is that you must call certain ENGINE_
to add the ability to create the certificate on the
hardware token and not as a file.
Thanks for your help
Gilad
-Original Message-
From: Gilad Finkelstein
Sent: Sunday, June 15, 2003 11:48 AM
To: 'Afchine Madjlessi'
Subject: RE: pkcs#11 engine for openssl newbie question
Hi
Hi,
I used the joined shell to generate key pair on my crypto hardware, a CSR,
and make a self-signed certificate.
Regards
Afchine Madjlessi
- Original Message -
From: Gilad Finkelstein [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 4:21 PM
Subject: pkcs#11 engine
find attached to this mail updates taking in account your
advice.
Cheers,
Afchine Madjlessi
__
[EMAIL PROTECTED]
Bull TrustWay RD, France
http://www.servers.bull.com/trustway
trustway-pkcs11-openssl-engine-0.9.6h.patch.gz
Description: GNU Zip compressed data
find attached to this mail updates taking in account your
advice.
Cheers,
Afchine Madjlessi
__
[EMAIL PROTECTED]
Bull TrustWay RD, France
http://www.servers.bull.com/trustway
trustway-pkcs11-openssl-0.9.7.patch.gz
Description: GNU Zip compressed data
This patch implements a generic pkcs#11 engine in openssl-0.9.7.
Applying this patch to openssl-0.9.7 allows applicatioto use
the security functions provided by a cryptographic card supporting
the PKCS#11 interface.
This release permits to use the key storage in secure memory and
acceleration
PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, December 16, 2002 9:47 AM
Subject: [openssl.org #11] Fw: trustway pkcs11 engine for openssl
It's so nice that someone provided pkcs11 enginge patch.
Thanks a lot, Afchine Madjlessi...
However I have one
PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, December 16, 2002 9:47 AM
Subject: [openssl.org #11] Fw: trustway pkcs11 engine for openssl
It's so nice that someone provided pkcs11 enginge patch.
Thanks a lot, Afchine Madjlessi...
However I have one
Hi Fred,
Frederic DONNAT [EMAIL PROTECTED] wrote:
Hi,
First of all, thanks for your answer.;)
A few question about your PKCS#11 ENGINE.
When you say that the stored private key can be load:
- do you mean that one can get it from the store?
-or do you mean that one can use it
Hi,
Our PKCS#11 generic engine delivered to openssl provides already RSA_generate_key and
is able to store private key in the hardware crypto. It provides also i2d d2i RSA
functions to load the stored private keys from the crypto card.
These methods are added in RSA_method. This patch is
tested also on Win32.
Cheers,
Afchine Madjlessi
__
[EMAIL PROTECTED]
Bull - Trustway RD - Networking Security
http://www.servers.bull.com/trustway
__
OpenSSL Project
aSteven A. Bade wrote
The 64$ question from my mind is are you working on a 0.9.7 engine for
PKCS#11... That's the one of particular interest to me in the long run.
of course.
afchine
__
[EMAIL PROTECTED]
Bull - Trustway RD - Networking Security
You can find here the last updates for Trustway PKCS#11 engine.
ChangeLog:
- patch update for openssl-engine-0.9.6d
- patch update for mod_ssl-2.2.10-1.3.26
Work on a generic non-intrusive version of pkcs11 engine implementation for
openssl is in progress.
I will submit it as soon as possible.
.
Afchine Madjlessi [EMAIL PROTECTED] wrote
The Bull Trustway CC2000 isn't only a cryptographic accelerator card,
it is a high level security hardware providing key generation and storage
in secure memory. That's why we can't use ENGINE key loading functions.
Yes those extra functions
Steven Bade [EMAIL PROTECTED] wrote
We generate all keys within our tokens Some tokens such as the
4758 keep all the token objects within the secure boundary, and rely on
the proper PKCS#11 attributes to control selection, keys generated stay
within the FIPS4 boundary. Others which are
Zoran,
could you please send me source code of Eracom
PKCS11 engine for openssl?
regards
__[EMAIL PROTECTED]Bull
Technologies -Trustway RD - Networking Securityhttp://www.servers.bull.com/trustway
- Original Message -
From:
Zoran
Richard Levitte via RT [EMAIL PROTECTED] writes:
I've just started looking at this, and I've got a couple of
questions:
1. could this engine be considered a general PKCS#11 engine, or are
there specific ties to Trustway. I'd prefer to see a general
PKCS#11 engine.
This engine is a
Steven Bade [EMAIL PROTECTED] writes:
I'm not sure about the second question, but we found that the eracom
engine submission was much more generic. When one of my co-workers
tried to get our PKCS#11 libraries (openCryptoki) used by the Trustway
module there were many issues, as well as
You can find here the last updates for Trustway PKCS#11 engine.
ChangeLog:
- add of PKCS#11 free session callback function
- add of generate RSA temp keys callback function
- logging PKCS#11 error codes
These patches applies to openssl-engine-0.9.6c and mod_ssl-2.2.8-1.3.24.
Afchine
Based on openssl-engine-0.9.6c, we have developed a new engine which
allowsopenssl applications and Apache-mod_ssl servers to use through a
PKCS#11interface the security functions provided by the Bull trustway cc2000
cryptographiccard, taking advantage of key storage in secure memory and
Hello everybody,
We are implementing an new engine (based on openssl 0.9.6c) to use the RSA
PKCS11 interface of our crypto hardware (Bull Trustway CC2000).
We would like to access our C_GenerateKeyPair PKCS11 function through the
openssl RSA_generate_key.
So we are adding a new entry gen_key in
23 matches
Mail list logo