Engine keys are an openssl concept for a key file which can only be
understood by an engine (usually because it's been wrapped by the
engine itself). We use this for TPM engine keys, so you can either
generate them within your TPM or wrap them from existing private keys.
Once wrapped, the keys
As well as doing crypto acceleration, engines can also be used to load
key files. If the engine is set, and the private key loading fails
for bio methods, this patch makes openvpn try to get the engine to
load the key. If that succeeds, we end up using an engine based key.
This can be used with
