> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > tobias.w...@t-systems.com > Sent: Tuesday, October 22, 2019 07:03
> I need to implement support for the external authentication of a card reader > within a > TLS handshake. We did this already with PKCS11 using the C_Sign function and > it is > working fine. > Now I need to implement the same functionality in another use case with > openssl for > TLS handshake. > My Question is there a callback I can use or do I need to implement my own > ENGINE? OpenSSL includes a PKCS#11 engine. I've used it in the past to interact with some HSMs for cryptographic operations such as code signing. While some research and additional software may be required to get all the PKCS#11 ducks in a row, it sounds like you've already successfully used PKCS#11 with your device, so I'd expect using it with OpenSSL will be fairly straightforward. You can find examples of using the openssl command-line utility with the PKCS#11 engine online. That's a good way to get started; it will let you confirm what settings and commands you need. -- Michael Wojcik Distinguished Engineer, Micro Focus
