Re: Using pkcs11 instead of plaintext certificates

2022-02-04 Thread Tobias Meyer
On Fri, Feb 4, 2022 at 4:57 PM Viktor Dukhovni wrote: > On Fri, Feb 04, 2022 at 04:06:10PM +0100, Tobias Meyer wrote: > > > Since OpenSSL already supports PKCS#11 and Postfix uses OpenSSL, do > > you think adding support might be a task someone with a little C/C++ > > bac

Re: Using pkcs11 instead of plaintext certificates

2022-02-04 Thread Tobias Meyer
> > Sorry, only PEM files are supported (for SNI the base64 encoded content > the file may need to be copied into a database table via "postmap -F"). > > Support for PKCS#11 is not presently available. > > Hello Viktor, Thanks for your prompt reply. Since openssl already supports pkcs#11 and postf

Using pkcs11 instead of plaintext certificates

2022-02-04 Thread Tobias Meyer
Hello list, Would anyone know if it is possible to configure pkcs11 as a signature source for TLS encryption in postfix? My concrete use-case would be to enable the use of Nitro Enclaves and native certificate management in AWS, but it would apply to just about any hardware security module as well