Hello, > > In SSL/TLS you encrypt pre_master_secret with server certificate. > > For that, you do not need smartcard, TLS server will send you certificate > > and (after verification) you (client) encrypt generated pre_master_secret > > with server public key send to you by server with certificate. > > You may use smartcard if TLS server requires client verification, then > > your (client) private key from smartcard is used to prove your identity. > > > > Best regards, > > -- > > Marek Marcola <[EMAIL PROTECTED]> > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > Here the server is using the smart card and the smart card holds the server > certificate and the private key. So the server got the server cert from the > smart card and sends it to the client. The client encrypts the > pre_master_secret with the public key and sends it to the server. Now the > server must use the smart card because the servers private key is only on the > smart card. Ok, misunderstanding :-) You may use for that OpenSSL ENGINE interface ( $ man engine ).
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
