I do not think that you can use every nCipher key with OpenSSL. You must build the key pair with a nCipher command (generatekey or keysafe) with the option "application" = embed (see nCipher documentation). The private key is stored in the HSM module, but you will have : - a private key file wich does not contain any key but a reference to the key in the module - a certificate request (pkcs#10) - a self signed Certificate
Then, in the config file : private_key = name of the pseudo private key file engine = chil Francois ----- Original Message ----- From: "Guillaume Coue" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, June 25, 2002 9:53 AM Subject: Howto use a pivrate key contained inside a ncipher module ?? > Hi all, > > I've got a ncipher module in my box and I'd like to > know how I can use keys inside to generate a request > and a certificate. > > I tried this : > C:\>openssl req -engine chil -keyform engine -text > -key dsa:test -config c:/templates/user.cnf -out > cr.pem > engine "chil" set. > unable to load Private Key > 1108:error:81069066:hwcrhk > engine:HWCRHK_LOAD_PRIVKEY:chil error:./crypto/engine > /hw_ncipher.c:755:NFKM_findkey failed: > InvalidParameter > 1108:error:26096080:engine > routines:ENGINE_load_private_key:failed loading priva > te key:./crypto/engine/eng_pkey.c:117: > > * test is the name of my private key (inside the > ncipher module) > > An other question is What should I put in my cnf file > to access to my private key inside the module: > field private_key = ?????? > > Thanks, > > -- > Guillaume > > ___________________________________________________________ > Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! > Yahoo! Mail : http://fr.mail.yahoo.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
