From: "Alexander Kuit" <[EMAIL PROTECTED]>
AKuit> On 13.12.2001 16:45:15 Richard Levitte - VMS Whacker wrote:
AKuit>
[...]
AKuit> >AKuit> I don't have and need access to the private key in the card, I only
AKuit> >AKuit> have to make sure the right key is used during the SSL handshake,
AKuit> >AKuit> but that's easy also without a dummy/proxy/shadow (whatever one
AKuit> >AKuit> could call it) EVP_PKEY.
AKuit> >
AKuit> >Let's see, you need the private key to sign certain things with, so I
AKuit> >fail to see in what way you don't need it.
AKuit>
AKuit> What I meant is that I don't have *direct* access to the
AKuit> private key. Only the card has direct access to "sign certain
AKuit> things". I tell the card which key to use.
Exactly. That's what a reference in RSA structure (in the ex_data
member) is mean to do. That's exactly what the code in hw_ncipher
does.
AKuit> >"What data do I put into the RSA struct?"
AKuit> >
AKuit> >The public components of the key, which I'm sure can be extracted from
AKuit> >your card, no?
AKuit>
AKuit> This is exactly the point. When during the handshake does the client
AKuit> need its own public key (other than sending it to the server) ??
If nothing else then *exactly* to send it to the server :-). However,
the client would actually send a complete certificate...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
