AFAIK, at this point pkcs11 engine doesn't support key generation. The only viable options AFAIK are OpenSC (pkcs11-tool) and vendor-specific applications like yubico-piv-tool.
Regards, Uri Sent from my iPhone > On Sep 27, 2017, at 08:23, Dmitry Belyavsky <beld...@gmail.com> wrote: > > Hello, > > What is the most natural way to generate private keys using openssl but store > them on a specific hardware tokens? Reading/writing is implemented via engine > mechanism. > > I suppose that it should be added support of -outform ENGINE to the genpkey > command, but do not understatnd how to deal with it after that. > > Thank you! > > -- > SY, Dmitry Belyavsky > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
