Thank you for your response. > I don't know if "outdated" is the word: perhaps there hasn't ever been much.
Some old blogs are referencing helpful blogs/tutorials that are now expired. Searching online didn't help either. > The CHIL Engine *only* registers for RSA exponentiation, and cannot be used > to generate keys. You generate HSM protected keys of 'embed' application > type using the Thales/nCipher 'generatekey' utility (invoke with --help to > see what options are available), and use the embedsavefile as key for your > openssl program with the CHIL engine registered. Pardon me. Indeed, I have been using the 'embed' application type for generating RSA keys using nCipher 'generatekey' utility. After grappling at little more with this, I have come down to three specific questions- 1. When you say 'embedsavefile' are you talking about the key blob that gets saved in the Key Management folder of nCipher as-it-is, or do I need to apply some padding/formatting to it first? 2. My private key is ultimately protected by a smart-card pass-phrase. At which step is the pass phrase supplied and how by an application that is making use of the OpenSSL (CHIL) engine API? 3. If I want to use CryptoAPI instead of CHIL, what changes? I gather that one immediate change would be that the private key will have to be imported onto the HSM (assuming that nCipher generatekey can not generate CryptoAPI keys). Other than that, CAPI engine for OpenSSL will have to be used. Any other major changes that come to mind? Thanks much, Sunjeet ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
