Engine keys are an openssl concept for a key file which can only be understood by an engine (usually because it's been wrapped by the engine itself). We use this for TPM engine keys, so you can either generate them within your TPM or wrap them from existing private keys. Once wrapped, the keys will only function in the TPM that generated them, so it means the VPN keys are tied to the physical platform, which is very useful. Engine keys have to be loaded via a specific callback, so use this as a fallback in openvpn if an engine is specified and if the PEM read of the private key fails.
James Bottomley (1): openssl: add engine method for loading the key src/openvpn/crypto_openssl.c | 55 ++++++++++++++++++++++++++++++++++++++++++++ src/openvpn/crypto_openssl.h | 12 ++++++++++ src/openvpn/ssl_openssl.c | 6 ++++- 3 files changed, 72 insertions(+), 1 deletion(-) -- 2.12.3 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
