On 04/10/2017 10:44, Jan Just Keijser wrote:
Hi,
On 04/10/17 10:17, lists wrote:
On 09/27/2017 11:13 PM, Ken Goldman wrote:
On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else an
Hi,
On 04/10/17 10:17, lists wrote:
On 09/27/2017 11:13 PM, Ken Goldman wrote:
On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doin
On 09/27/2017 11:13 PM, Ken Goldman wrote:
On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doing the key
generation locally. That is,
On 9/27/2017 2:19 PM, Dirk-Willem van Gulik wrote:
On 27 Sep 2017, at 20:02, Michael Wojcik
The tokens / HSMs I've used don't let you generate a key somewhere
else and install it on the token. They insist on doing the key
generation locally. That is, after all, part of the point of using
a tok
> On 27 Sep 2017, at 20:02, Michael Wojcik
> wrote:
>
>> What is the most natural way to generate private keys using openssl but
>> store them on a specific hardware tokens?
>> Reading/writing is implemented via engine mechanism.
>
> The tokens / HSMs I've used don't let you generate a key s
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Dmitry Belyavsky
> Sent: Wednesday, September 27, 2017 06:22
> To: openssl-users@openssl.org
> Subject: [openssl-users] Storing private key on tokens
> What is the most natural way to generate
On 27 Sep 2017, at 14:22, Dmitry Belyavsky wrote:
> What is the most natural way to generate private keys using openssl but store
> them on a specific hardware tokens? Reading/writing is implemented via engine
> mechanism.
>
> I suppose that it should be added support of -outform ENGINE to the
AFAIK, at this point pkcs11 engine doesn't support key generation.
The only viable options AFAIK are OpenSC (pkcs11-tool) and vendor-specific
applications like yubico-piv-tool.
Regards,
Uri
Sent from my iPhone
> On Sep 27, 2017, at 08:23, Dmitry Belyavsky wrote:
>
> Hello,
>
> What is the
Hello,
What is the most natural way to generate private keys using openssl but
store them on a specific hardware tokens? Reading/writing is implemented
via engine mechanism.
I suppose that it should be added support of -outform ENGINE to the genpkey
command, but do not understatnd how to deal wit
