« Return to Thread: How to make OpenCA use OpenSSL engine?
Re: How to make OpenCA use OpenSSL engine?
by Massimiliano Pala-3
::
Rate this Message:
Hi Allen,
as Ralf said, check the OpenSC token in the tokens.xml configuration - it is
quite easy to setup the Engine.
One small warning: if you are using the engine for accessing a P11 device, be
careful that when you generate keys with that, the key is actually generated
in software and then stored on the device (instead of using the PKCS11 key
generation on hardware directly...).
Later,
Max
On 09/03/2009 08:39 PM, Allen Liu wrote:
> No, it's not.
>
> OpenSSL ENGINE is a loadable module for talking to HSM (hardware Secure
> Module) or smart card through PKCS 11 in order to utilize keys stored inside
> as well as hardware-implementated algorithms.
>
> I know how to use OpenSSL ENGINE to talk to HSM but don't know to make
> OpenCA use ENGINE.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] openca@...
project.manager@...
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Openca-Users mailing list
Openca-Users@...
https://lists.sourceforge.net/lists/listinfo/openca-users
as Ralf said, check the OpenSC token in the tokens.xml configuration - it is
quite easy to setup the Engine.
One small warning: if you are using the engine for accessing a P11 device, be
careful that when you generate keys with that, the key is actually generated
in software and then stored on the device (instead of using the PKCS11 key
generation on hardware directly...).
Later,
Max
On 09/03/2009 08:39 PM, Allen Liu wrote:
> No, it's not.
>
> OpenSSL ENGINE is a loadable module for talking to HSM (hardware Secure
> Module) or smart card through PKCS 11 in order to utilize keys stored inside
> as well as hardware-implementated algorithms.
>
> I know how to use OpenSSL ENGINE to talk to HSM but don't know to make
> OpenCA use ENGINE.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] openca@...
project.manager@...
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Openca-Users mailing list
Openca-Users@...
https://lists.sourceforge.net/lists/listinfo/openca-users
smime.p7s (4K) « Return to Thread: How to make OpenCA use OpenSSL engine?
| Free embeddable forum powered by Nabble | Forum Help |
