Why would you believe that ENGINE_register / ENGINE_unregister are the
calls to load/unload an engine? These calls are for _after_ the engine
has been loaded:
/*- Manage registration of ENGINEs per "table". For each type, there
are 3
* functions;
* ENGINE_regi
Hi All,
Could someone please help with this query?
Thanks
Mahendra
On Thu, Apr 29, 2021 at 5:20 PM Mahendra SP wrote:
> Hi All,
>
> We have crypto engines for offloading operations like RSA, digests and
> ciphers, hmac etc. We are looking at a way to load and unload engines a
Hi All,
We have crypto engines for offloading operations like RSA, digests and
ciphers, hmac etc. We are looking at a way to load and unload engines at
run time. This is needed as we need to use the engine when needed for
crypto operations. Else we plan to use openssl for the same.
We tried
On 31/07/2020 16:57, Emeric Brun wrote:
>
> Thanks! A lot to read!
>
> I have few questions:
>
> Do those changes have an impact on the external engine side API, specially
> for Async engines? The most used engine with my application is the Intel
> Quick Assist,
506beb87b3).
>>
>> Is-there any documentation on a new API/functions to handle external
>> crypto engines?
>
> As noted in the CHANGES file the preferred alternative is to use the new
> "provider" APIs. Providers are fundamental to OpenSSL 3.0. You can read
tions to handle external
> crypto engines?
As noted in the CHANGES file the preferred alternative is to use the new
"provider" APIs. Providers are fundamental to OpenSSL 3.0. You can read
about how they're used and configured in 3.0 on this wiki page:
https://wiki.openssl.org/in
Trying to compile my soft using openssl-3.0.0alpha5, I notice a lot of warnings
about deprecated ENGINE_* functions (since commit
8dab4de53887639abc1152288fac76506beb87b3).
Is-there any documentation on a new API/functions to handle external crypto
engines?
R,
Emeric
Ouch... Spelling Corrector doing is best. The text below should've been:
"... spitting out a pile of error..."
Oh well. Hard to admit, but sometimes automatic correctors are even more
eloquent than me, and seem freeer in their choice of words too. ;-)
Regards,
Uri
Sent from my iPhone
> On Sep
If it builds a dummy engine - then shouldn't a dummy engine respond gracefully
to requests with something like "sorry I can't do anything useful", instead of
spitting outa puke of error messages in response to "openssl engine -t capi"?
Regards,
Uri
Sent from my iPhone
> On Sep 3, 2018, at 12:2
In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep 2018
13:56:41 +, "Salz, Rich" said:
> > Gotcha. In that case why does it get built on Mac? I.e., why
> > doesn’t the build process exclude it automatically?
>
> Beats me. It ends up being a zero-length object file, m
On 03/09/18 14:56, Salz, Rich via openssl-users wrote:
> *>*Gotcha. In that case why does it get built on Mac? I.e., why doesn’t
> the build process exclude it automatically?
>
>
>
> Beats me. It ends up being a zero-length object file, more or less.
> Perhaps Richard Levitte knows.
It ski
>Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build
>process exclude it automatically?
Beats me. It ends up being a zero-length object file, more or less. Perhaps
Richard Levitte knows.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/l
What's Windows? Why doesn't it work like my Mac?
(I wasnt serious but thanks for being a sport)
On Sep 2, 2018 5:02 PM, "Salz, Rich" wrote:
- Gotcha. But why doesn't it work on Mac?
The CAPI engine uses Microsoft libraries that are part of windows.
--
openssl-users mailing list
To unsu
On Sep 2, 2018, at 20:02, Salz, Rich via openssl-users
wrote:
> Gotcha. But why doesn't it work on Mac?
>
> The CAPI engine uses Microsoft libraries that are part of windows.
Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build
process exclude it automatically?
--
* Gotcha. But why doesn't it work on Mac?
The CAPI engine uses Microsoft libraries that are part of windows.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Gotcha. But why doesn't it work on Mac?
On Sun, Sep 2, 2018, 2:22 PM Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
> *>*The capi engine is still broken, however
>
>
>
> That is windows-only, using the MSFT CryptoAPI.
> --
> openssl-users mailing list
> To unsubscribe: https://m
>The capi engine is still broken, however
That is windows-only, using the MSFT CryptoAPI.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Never mind. My binding entry point was misbehaving.
The capi engine is still broken, however.
On Sun, Sep 2, 2018 at 1:51 AM Thomás Inskip wrote:
> Hi.
>
> I am trying to develop an engine for OpenSSL. To this effect I have built
> OpenSSL 1.1.0i for Darwin. However, when I try to load any e
Hi.
I am trying to develop an engine for OpenSSL. To this effect I have built
OpenSSL 1.1.0i for Darwin. However, when I try to load any engine,
including capi, which is installed as part of OpenSSL, I get the following:
*openssl* engine -t -c capi
140735831704448:error:260B606D:engine routines
Hi
On the eve of the first sitting of the Australian Parliament for the
calendar year 2018, FooCrypt, A Tale of Cynical Cyclical Encryption :
FooCrypt,0.0.1,Core,10.11.0,Darwin
https://www.fookey.net/store/p881/FooCrypt_0.0.1_Core_10.11.0_Darwin has
been published in accordance with the crimi
aries or `dlopen()` them. Or something
like that. I think I get the idea now.
>
>
>>
>> 2. engine3 would export/provide all the methods from engine1
>> and engine2 by forwarding or reexporting the calls.
>>
>> 3. OpenSSL itself is
2. engine3 would export/provide all the methods from engine1
and engine2 by forwarding or reexporting the calls.
3. OpenSSL itself is instructed to use only your engine3
wrapper.
4. As a more ambitious project, someone could write a generic
"engine3" wh
gine3 would export/provide all the methods from engine1
> and engine2 by forwarding or reexporting the calls.
>
> 3. OpenSSL itself is instructed to use only your engine3
> wrapper.
>
> 4. As a more ambitious project, someone could write a generic
> "engine3"
On 08/08/2016 13:39, Krzysztof Konopko wrote:
Hi,
TL;DR;
Is it allowed to initialise engines recursively, ie. call
`engine2->init` from `engine1->init`?
--
I have a solution in a consumer product based on OpenSSL 1.0.2 series
that uses two engines: one (engine1) for selecting
Hi,
TL;DR;
Is it allowed to initialise engines recursively, ie. call `engine2->init`
from `engine1->init`?
--
I have a solution in a consumer product based on OpenSSL 1.0.2 series that
uses two engines: one (engine1) for selecting client certificate chain (TLS
client auth) and anoth
All,
I toyed over the weekend with resurrecting CHIL: intermediate result here
https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT PROUD OF THIS
but have no cycles to clean it up for at least a couple of days to come. It
builds now but doesn't work: my privkey loading routine doesn
In message
<347004c001fd430aadadceac908e6...@ustx2ex-dag1mb1.msg.corp.akamai.com> on Mon,
22 Feb 2016 14:46:28 +, "Salz, Rich" said:
rsalz> > If we integrate the support natively into OpenSSL, then PKCS#11 URIs
(see
rsalz> > RFC7512) can be first-class citizens throughout the crypto and SS
> If we integrate the support natively into OpenSSL, then PKCS#11 URIs (see
> RFC7512) can be first-class citizens throughout the crypto and SSL APIs. Any
> function which takes a filename for a cert or key should also accept¹ a
> PKCS#11 URI.
It'd be great to see a crypto/pkcs11 directory with fu
In message <1456140741.4735.272.ca...@infradead.org> on Mon, 22 Feb 2016
11:32:21 +, David Woodhouse said:
dwmw2> On Sat, 2016-02-20 at 22:55 +0100, Richard Levitte wrote:
dwmw2> >
dwmw2> > sander> What I would like to see though is for such a PKCS#11 Engine
dwmw2> > sander> to be part of O
On 20 February 2016 at 21:40, Sander Temme wrote:
> However, I’m intrigued by the notion of a PKCS#11 Engine in OpenSSL: it’s
> a standard (an OASIS standard now); it’s fairly fully featured; everyone in
> the industry supports it including Thales; and you can build a program that
> calls it with
In message <5b8f45ea-5867-4832-916a-6b31a323a...@temme.net> on Sat, 20 Feb 2016
12:40:38 -0800, Sander Temme said:
sander>
sander> > On Feb 19, 2016, at 3:31 AM, Matt Caswell wrote:
sander>
sander> OK that made our support lines blow up so yes there is interest.
sander>
sander> Disclaimer: I
uld like to remove these engines from 1.1.0. I'd like
> to hear from the community if there is any active use of these. One
> option if there is found to be some small scale use is to spin out the
> engine into a separately managed repo (as has happened recently with the
> GOST engine).
> In both cases I would like to remove these engines from 1.1.0. I'd like to
> hear
> from the community if there is any active use of these. One option if there is
> found to be some small scale use is to spin out the engine into a separately
> managed repo (as has happen
Hello Matt,
If I don't hear from anyone I will remove these.
>
I can confirm that CHIL engine is actively used with OpenSSL 1.0.* by the
owners of nCipher/THALES nShield HSMs.
I have notified vendor support about this thread.
Regards, Jaroslav
--
openssl-users mailing list
To unsubscribe: http
Hi all
The ubsec and chil engines are currently disabled in 1.1.0 and do not build.
As far as ubsec is concerned I understand that this is an engine for
broadcom cards. There has been very little activity with this engine
since it was first introduced. Google brings up some very old historic
Hello,
Could you explain the engine management in the openssl 1.0.2e?
I load an engine via openssl config specifying the path using the
dynamic_path directive and provide some engine-specific directives.
When I call the dgst command
dgst -sha1 -engine myengine -keyform engine -sign mykey -out s
I'm concluding something in the sign() is causing this but have no clue. I
do set fips off too.
openssl version -> OpenSSL 1.0.1e-fips 11 Feb 2013
--
View this message in context:
http://openssl.6102.n7.nabble.com/How-to-swap-engines-register-functionality-on-the-fly-tp48982p49159.h
:
http://openssl.6102.n7.nabble.com/How-to-swap-engines-register-functionality-on-the-fly-tp48982p49000.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http
2.n7.nabble.com/How-to-swap-engines-register-functionality-on-the-fly-tp48982p48991.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Sup
On Thu, Mar 27, 2014, axisofevil wrote:
> I would like to use default implementations for some ECC operations but the
> OpenSC pkcs11 engine for other ECDSA operations.
>
> At a high level I have a Sign() & a Verify() in one app on a server - the
> Sign() needs to be done via a HSM using PKCS11
e in context:
http://openssl.6102.n7.nabble.com/How-to-swap-engines-register-functionality-on-the-fly-tp48982.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
On Thu, Jan 23, 2014, Russell Leake wrote:
> Dr. Henson,
>
>I'm trying to understand the status of a thread (noted at the bottom of
> this e-mail) in which you recommend a patch to fix an issue that various
> people (including myself) incur with using openssl dgst with an external
> engine.
Dr. Henson,
I'm trying to understand the status of a thread (noted at the bottom of
this e-mail) in which you recommend a patch to fix an issue that various
people (including myself) incur with using openssl dgst with an external
engine. It seems that the patch has been applied to certain bran
Following up with myself:
1. I was using the ENGINE_get_cipher_engine function to tell if a
particular cipher was implemented in an engine, but I was not calling
ENGINE_finish after each call, which is probably bad.
2. As best as I can tell, it doesn't make sense to call get_cipher_engine
for thi
I'd like to know if the engine I've loaded supports certain algorithms.
I'm using ENGINE_get_cipher_engine(int nid) with various ciphers and that
is working great.
Now, I'd like to test if the engine supports ECDH and/or ECDSA. But, I'd
like to test for specific curve support. I see the get_def
Hi,
This is Rajesh Kumar from CISCO. We are using the Openssl libraries in our
project in the Win 32 enviroment.
We were using 0.9.8l version of the library earlier. We are now trying to
migrate to 1.0.0a version.
While building the 1.0.0a version we found that few crypto-engines are not
Hello -
I have been reading the openssl engine documentation -->
http://www.openssl.org/docs/crypto/engine.html but am still unclear on some
things.
I am not using openssl directly, but rather using M2Crypto which wraps openssl.
So here is the flow of things with the corresponding openssl c
/usr/lib/libcrypto.1.0.0.dylib
/usr/lib/libssl.1.0.0.dylib
What about engines? Are engines compiled in one specific OpenSSL
version guaranteed to work with all other OpenSSL versions? If not, I
could manually install them to different directories (e.g. /usr/lib/
openssl098-engines and /usr/lib/
doesn't work
(and seg faults on top of that).
Happy 4th to all . . .
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Russell Leake
(leaker)
Sent: Thursday, July 02, 2009 11:13 AM
To: openssl-users@openssl.org
Subject: RE:
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor B. Wagner
Sent: Wednesday, July 01, 2009 9:59 AM
To: openssl-users@openssl.org
Subject: Re: -inkey and engines
On 2009.07.01 at 09:02:38 -0400, Russell Leake (leaker) wrote:
> Hello all,
> I'm trying to create an e
_METHOD *ui_method, void *callback_data)
and calls function with same prototype from your engine.
String you are specifying as argument to -inkey option is passed to this
function as key_id parameter, if you specify that key format is ENGINE.
How this string is formatted and what information it
Hello all,
I'm trying to create an engine which interfaces to an HSM. I
have successfully created a skeleton for my engine but I'm running into
a fundamental problem with the argument "privkey." An example might
help tee up the question. The command "rsautl -sign" requires the
argument "
Lets try again... ;)
I'm looking into the sources and I don't believe I need the engines or apps
libs.
Can someone clarify engines (or point me to the proper documentation)? I'm
under the impression that it's for HW support.
I'm mainly interested in SSL and some cry
--
View this message in context:
http://www.nabble.com/Engines-compilation.-tp16421932p16421932.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http
Hi All,
Please provide the links/docs/papers/tutorials about how things can be
done with OpenSSL. Though API's docs are there but I am not able to find a
learning tutorial.
Thanks in advance,
Navin
lf Of Christopher Friedt
Sent: Sunday, May 20, 2007 4:00 AM
To: openssl-users@openssl.org
Subject: engines on an embedded device
Hello everyone,
This is my first post to the list here, so please bear with me.
I'm building OpenSSL for an embedded device that has no hardware crypto
devices.
A
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Christopher Friedt
Sent: Sunday, May 20, 2007 4:00 AM
To: openssl-users@openssl.org
Subject: engines on an embedded device
Hello everyone,
This is my first post to the list here, so please bear with me.
I'm building Op
Hello everyone,
This is my first post to the list here, so please bear with me.
I'm building OpenSSL for an embedded device that has no hardware crypto
devices.
As far as I understand, that means I don't need any of the 'engine'
libraries, is that true? I'm assuming that the default 'openssl
I am trying to get OpenSSH working with hardware SSL accelleration.
There is still a lot I don't understand about how the whole setup is
intended to work, and I am hoping some folks on this list will be able
to answer some of my questions and help me get further down the path.
Basically, I have O
Hello,
I have installed OpenSSL 0.9.8a and have been trying to get it to work
with an nCipher nShield HSM.
I get the following error when running various openssl commands, e.g.
$ openssl genrsa -engine chil 512
can't use that engine
2258:error:84067072:CHIL engine:HWCRHK_INIT:locking
missing
:HOME/.oid
oid_section = new_oids
engines = engine_section
# Load 'zencod' ENGINE
[ engine_section ]
zencod = zencod_section
[ zencod_section ]
# classic 'dynamic' ENGINE ctrl commands
Cornelius Koelbel wrote:
...
But I'd like to load the engine from the config file, so that I can add
the openssl command to a script.
--snip--
[ openssl_init ]
engines = engine_section
[ engine_section ]
pkcs11 = pkcs11_engine_section
[ pkcs11_engine_section ]
init
to a script.
--snip--
[ openssl_init ]
engines = engine_section
[ engine_section ]
pkcs11 = pkcs11_engine_section
[ pkcs11_engine_section ]
init= 1
engine_id = pkcs11
dynamic_path= /usr/lib/opensc/engine_pkcs11.so
module_path = /usr/local/lib/libetpkcs11.so
--snip--
Any
: Thu 10/6/2005 8:30 PM
To: openssl-users@openssl.org
Cc:
Subject:RE: question on linking dynamic engines
What about the name of the library is it specified using the SO_PATH control
command?
THanks,
-Anil
Frédéric Donnat <[EMAIL PROTECTED]> wrote:
Hi,
OpenSSL has a specifi
e (LD_LIBRARY_PATH on linux for example).If you are using another engines not included in openssl engines libraries you could load it with the "dynamic" engine spefying the library just as it is exlains in the openssl engine -h online help.Have a look at the man ssl/man/man5/config.5 for more
Hi,
OpenSSL has a specific path for dynamic ENGINE libraries.
If you use the --prefix="/path_to_openssl" option when building openssl, then
- the openssl libraries are in /path_to_ossl/lib
- the openssl ENGINE libraries are in /path_to_ossl/lib/engines
So it's easy t
How does it know the location of the library at runtime? Do I need to bundle the it engine library?
Thanks,
-AnilRichard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
In message <[EMAIL PROTECTED]> on Wed, 5 Oct 2005 21:25:34 -0700 (PDT), Anil Gunturu <[EMAIL PROTECTED]>said:anil_gunturu> How do
In message <[EMAIL PROTECTED]> on Wed, 5 Oct 2005 21:25:34 -0700 (PDT), Anil
Gunturu <[EMAIL PROTECTED]> said:
anil_gunturu> How do I link the dynamic engine "so" and the library
anil_gunturu> that the hardware vendor provides? For example, if I am
anil_gunturu> using the ibmca engine in the demo
How do I link the dynamic engine "so" and the library that the hardware vendor provides? For example, if I am using the ibmca engine in the demos directory it seem to generate the libibmca.so. Looks like this path needs to be provided to the engine as SO_PATH. But, how I actually link to the hardwa
have the exact name of the method and
see how ENGINE is handle.
Fred
-Original Message-
From: Anil Gunturu [mailto:[EMAIL PROTECTED]
Sent: Wed 10/5/2005 7:30 AM
To: openssl-users@openssl.org
Cc:
Subject:Couple of questions regrading openssl engines
Do we have support
Do we have support for dynamic engines in 0.9.7c? Also, I was looking at the demo engines and they don't seem to specify all the methods. For example:
static RSA_METHOD ibmca_rsa = { "Ibmca RSA method", NULL, NULL, NULL,
also tried
using one of the engines that comes with openssl, so I could exclude the
possibility of doing something wrong in the opensc build process. I run the
following command from the install directory, /usr/local/ssl/:
bin/openssl engine - dynamic -pre
SO_PATH:/usr/local/ssl/lib/engine
ress a function callback for a
cmd of type ENGINE_CMD_FLAG_INTERNAL?
Dr. Stephen Henson wrote:
You might want to look into the use of the auto config mechanism. This will
allow simple use of ENGINEs (and possibly more advanced in future) by placing
appropriate parameters in openssl.cnf or some other c
On Fri, Apr 08, 2005, Edward Chan wrote:
> So what are the purpose of the ENGINE_ctrl_* functions? Assuming I don't
> use the auto-config file, what steps would I need to do to get the crypto
> card working? I already have a configuration file so I don't want to have
> another one. I'd like to
that I can use
whatever crypt accelerator card the user has.
Thanks for all the help.
Ed
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Friday, April 08, 2005 4:23 AM
> To: openssl-users@openssl.org
> Subject: Re: Use of Engines
>
nd that is the way it looks in most other examples I've seen. Apache,
> Stunnel, etc. If someone could point me to some decent docs and examples,
> I'll be forever in your debt.
>
You might want to look into the use of the auto config mechanism. This will
allow simple use
enssl-users@openssl.org
Subject: Re: Use of Engines
Hi Edward,
I am guesing that you need to call ENGINE_ctrl() to set the
right parameters. These are control commands and each engine
has a set of these; to see what control commands are
available for the ubsec engine:
$ openssl engine ubs
@openssl.org
Cc:
Subject:RE: Use of Engines
Hi nCipher ENGINE is called chill. ;))
openssl engine -t chil
(chil) nCipher hardware engine support
[RSA, DH, RAND]
Maybe nCipher a board based on a bcm582x chip (which allows ubsec ENGINE use).
Hope it could help.
Regards
Fred
of Edward Chan
Sent: Thu 4/7/2005 11:42 PM
To: openssl-users@openssl.org
Cc:
Subject:Use of Engines
Is it required to call ENGINE_init()?
Or is this sufficient
ENGINE* e = ENGINE_by_id(id);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
I have looked in various code, and I mostly
On Thursday 07 of April 2005 23:42, Edward Chan wrote:
> I have looked in various code, and I mostly see the latter. But in the
> stunnel code, I see them doing
>
> ENGINE* e = ENGINE_by_id(id);
> ENGINE_init(e);
> ENGINE_set_default(e, ENGINE_METHOD_ALL);
That's exactly what engine(3) manual rec
l, etc. If someone could point me to some decent docs and examples,
I'll be forever in your debt.
Thanks,
Ed
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 07, 2005 5:42 PM
> To: openssl-users@openssl.org
> Subje
Hi Edward,
I am guesing that you need to call ENGINE_ctrl() to set the right
parameters. These are control commands and each engine has a set of
these; to see what control commands are available for the ubsec engine:
$ openssl engine ubsec -
Or you could just look into the ubsec engi
Title: Use of Engines
Is it required to call ENGINE_init()?
Or is this sufficient
ENGINE* e = ENGINE_by_id(id);
ENGINE_set_default(e, ENGINE_METHOD_ALL);
I have looked in various code, and I mostly see the latter. But in the stunnel code, I see them doing
ENGINE* e = ENGINE_by_id
In message <[EMAIL PROTECTED]> on Tue, 10 Aug 2004 22:32:14 +0200 (CEST), Juan Segarra
<[EMAIL PROTECTED]> said:
juan> man 3 engine
Heh, I had forgotten...
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte
information about the API?
I'm afraid it's "read the source, Luke!"...
robertogallofilho> Where should I start?
Look in demos/engines/rsaref/. I wrote that demo in a specific
attempt to make it a fairly comprehensive example and possible
template.
I just found thre
Roberto Gallo wrote:
Hi,
I would like to develop a new
engine with some crypto functions to with OpenSSL. Where can I
get information about the API?
Where should I start?
Thank you,
Roberto Gallo
look at crypto/engine directory . there several engines in there
man 3 engine
---
Juan Segarra Montesinos
http://spisa.act.uji.es/~juan/
On Tue, 10 Aug 2004, Roberto Gallo wrote:
> Hi,
>
> I would like to develop a new engine with some crypto functions to with OpenSSL.
> Where can I get information about the API?
> Where should I start?
>
> Thank you,
> Robe
Hi,
I would like to develop a new engine with some
crypto functions to with OpenSSL. Where can I get information about
the API?
Where should I start?
Thank you,
Roberto Gallo
BEGIN:VCARD
VERSION:2.1
N:Gallo;Roberto;;Msc
FN:Roberto Gallo
NICKNAME:Gallo
ORG:kryptus Tecnologias Ltda.
TITLE:Pr
> Now, for the separation between SSL and "signing", do you know that
> there's a little bit of signing going on in SSL as well?
Yes, and that's my problem ... what I want to do is a small certification
authority which accepts connections from client applications through SSL ,
and signs certificat
In message <[EMAIL PROTECTED]> on Tue, 2 Mar 2004 16:58:29 +0100, "Giovanni Calzuola"
<[EMAIL PROTECTED]> said:
giovanni.calzuola> I'd like to use 2 or more engines without using the
giovanni.calzuola> functions ENGINE_set_default, due to problems of
giovanni
The function PEM_read_PUBKEY used in the pkcs11 engine sets only the values
relative to the public key, and the data relative to the private are left
blank. The public key, as far as i can understand, is used to find the
corresponding private key. If pkcs11 is the default RSA engine, everything
wor
On March 2, 2004 11:40 am, Giovanni Calzuola wrote:
> > That depends rather heavily on what "hardware key" means. If the
> > corresponding ENGINE supports it, you should use
> > ENGINE_load_private_key().
>
> I'd like to use a software engine by default and occasionally get a key
> from a pkcs#11 e
> That depends rather heavily on what "hardware key" means. If the
> corresponding ENGINE supports it, you should use
> ENGINE_load_private_key().
I'd like to use a software engine by default and occasionally get a key from
a pkcs#11 engine.
Such a pkcs#11 engine, in order to reteive the private
On March 2, 2004 10:58 am, Giovanni Calzuola wrote:
> I'd like to use 2 or more engines without using the functions
> ENGINE_set_default, due to problems of concurrency. I want to sign with
> a hardware key, while using software keys for SSL.
> How can I do this?
That depends
I'd like to use 2 or more engines without using the functions
ENGINE_set_default, due to problems of concurrency. I want to sign with a
hardware key, while using software keys for SSL.
How can I do this?
Thanks
Giovanni Cal
Here is an email I sent to the list back in March regarding what I think is the
same issue (this was entered into the bug database though, I don't know the bug
number). Basically, I saw the same issue with the ESA Blinding patch when
using a Broadcom card (engine ubsec). If I backed out the patch
Aleix Conchillo Flaque <[EMAIL PROTECTED]> writes:
>
> ENGINE*
> setup(char const* engine)
> {
> if (::ENGINE_by_id(engine) == NULL)
> {
> return NULL;
> }
>
> ENGINE* e = ::ENGINE_by_id("dynamic");
> if (e)
> {
> if
hi,
i've just started testing an ncipher hardware module using openssl.
the "openssl" application seems to find the shared library
(libnfhwcrhk.so), with just specifying "-engine chil".
but my code, doesn't want to find the library. i get this error:
"error:25066067:DSO support routines:DLFCN_L
that handles processing. In the case of ENGINEs this is also pretty
> much necessary because the ENGINE may maintain state associated with a
> given key structure so you must map the structure to the ENGINE. This
> happens even in the acceleration-only case (cached values) but is
>
Has anyone used OpenSSL under Neutrino with a hardware accelerator? I would
appreciate any configuration details you can share.
Thanks,
James Dabbs
[EMAIL PROTECTED]
TGA Technologies, Inc.
Suite 140, 100 Pinnacle Way
Norcross, GA 30071
770-441-2100 ext 126
__
1 - 100 of 103 matches
Mail list logo
