Mansour Dagher wrote:
Hi all,
if certificates and associated keys are stored on HW (Sun crypto card for
example), is there a way in openssl to specify the card as the location of
these certificates/kets?
It appears from the methods below, the openSSL only takes filesystem directory
paths and file names as input for certificate/key locations:
X509_STORE_load_locations()
SSL_CTX_use_certificate_chain_file()
SSL_CTX_use_PrivateKey_file()
Any suggestions/thought?
if the hardware has PKCS#11 support (typically a
lib-something-pkcs11.so), you can in theory use the engine_pkcs11 module
from the openSC project to accomplish this.
http://www.opensc-project.org/engine_pkcs11/
the APIs are complex, and the documentation is virtually nonexistent
other than alphabetic lists of 100s of API calls. When I asked this
and the opensc lists for pointers to tutorials or other reference
sources, I got very little back. I eventually will have to get back to
that project and figure out how to make it play, but I'm not looking
forrward to it.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
