On Fri, Mar 09, 2012, Nou Dadoun wrote:
> I think I'll probably have to jump off that bridge when I get to it, but to
> make progress I'm going to try to get something going in the interim. I
> think I'll post some code (I suspect that the padding provided by the capi
> encrypt/decrypt is somehow different than what openssl is doing - the ms
> docs are woefully inadequate) but if anyone has pointers on information on
> how to use the capi engine, I'd greatly appreciate it, thanks! ... N
>
You can actually use the capi ENGINE from the command line to perform private
key operations. You specify -engine capi -inform/-keyform engine and the input
key parameter can take several forms. The default is a string from the
corresponding certificate DN so if it has "CN=steve" then "steve" would do.
At an API level you use ENGINE_load_private_key("steve") which returns an
EVP_PKEY structure which can then be used like any other private key.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
