Francois Guerry schrieb: > I do not think that you can use every nCipher key with OpenSSL. > You must build the key pair with a nCipher command (generatekey or keysafe) > with the option "application" = embed (see nCipher documentation).
For OpenSSL Engine the application is hwcrhk... > The private key is stored in the HSM module, but you will have : > - a private key file wich does not contain any key but a reference to the > key in the module > - a certificate request (pkcs#10) > - a self signed Certificate You generate the key with the ncipher command. you can generate a request with openssl: openssl req -new -engine chil -key rsa-testopenssl -keyform engine \ -out testopenssl_req.pem with: nfkminfo -k hwcrhk Key listing AppName hwcrhk (2 keys): AppName hwcrhk Ident rsa-testopenssl [...] You will have no pseudo key file. >>I've got a ncipher module in my box and I'd like to >>An other question is What should I put in my cnf file >>to access to my private key inside the module: >>field private_key = ?????? ??? What program / what config file ? The Program must load the key with ENGINE_load_privateKey... Bye Goetz -- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
smime.p7s
Description: S/MIME Cryptographic Signature
