On Fri, 28 Sep 2007, Mark Andrews wrote:
> Before reinventing the wheel, by adding support to do this,
> I'd like to find out if anyone has code to do so.
Mark, I have a working code for this, I can update the patch (btw.
the last version is from 09/26). We expect that it's not a final version;
working with private/public RSA keys works now. I'm now using very simple
"pkcs11:LABEL" of filename overloading but it will be changed to a more
generic approach discussed in pkcs#11 mailing list.
> I'm looking for RSA support initially.
that's the one that's relatively easy since that's part of engine
API. Symetric keys and DSA might be possible, if at all, at cost of nasty
hacks.
> From what I can see you would use RSA_set_ex_data()/
> RSA_get_ex_data() to store the handle on the RSA key
> and set RSA_FLAG_EXT_PKEY to indicate that there is a
> private key rather than the presence of RSA->d.
you use the object handle anyway, you just fill the RSA structure
from what you get from the keystore.
Jan.
--
Jan Pechanec
