Hello, I think I'm in the same situation as Mark and I have a question about how can I handle private keys in opnessl if I can' retrieve them from the HSM. I hope you are willing to help me. Here is my situation:
I'm working on my own pkcs11 engine to support RSA operations. I have a pkcs11 provider which allows me to access the HSM for key operation. The private keys are stored outside the HSM but are ciphered by one master key of the HSM. So if I do a private key operation, I have to load the key to the HSM with and I get back the handle to this key but that's all. I store this handle to the ex_data of RSA. This is a part of the load priv key function .... pkey = EVP_PKEY_new(); rsa = RSA_new(); EVP_PKEY_assign_RSA(pkey, rsa); RSA_set_ex_data(rsa, -1, (char *)hPrivateKey); // the handle comes from the HSM return pkey; .... The problem is that it seems like openssl needs to know at least the public modulus r->n and that's where I'm stuck. Is the RSA_FLAG_EXT_PKEY a possible solution ? Thanks in advance for your help, Tex. This message posted from opensolaris.org
