> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Andy Green
> Sent: Monday, December 19, 2016 19:03
>
> On Mon, 2016-12-19 at 10:21 -0800, Kyle Hamilton wrote:
>
> > There exists what is called an ENGINE interface to offload
> > cryptographic operations to a
On Mon, 2016-12-19 at 10:21 -0800, Kyle Hamilton wrote:
> You cannot keep the certificate from OpenSSL, as that's the piece
> that you share with the remote side. This contains the public key,
> and the information bound to that public key by the CA.
Right.
> However, you can keep the private
You cannot keep the certificate from OpenSSL, as that's the piece that you
share with the remote side. This contains the public key, and the
information bound to that public key by the CA.
However, you can keep the private key from being seen by OpenSSL. There
exists what is called an ENGINE
Hi -
I have a situation coming up that is similar to a client cert being
held on a secure key store, like a key vault.
We need to be able to perform TLS communication with a remote server
using the key, but without giving the key to OpenSSL.
The "other side" of the "key vault" is smart, and we
