I'm posting this in case it might be interesting to someone. I wanted to
see if I could cause some software that uses openssl to use keys which
are accessible through CSSM (specifically, making openssh work with
Apple's Keychain utility). The cleanest way I saw was to map CSSM modules
to OpenSSL ENGINEs, and provide {RSA,DSA}_METHODs which pass the
private-key operations through to CSSM. This seems to work reasonably well
and I am able to make ssh identities out of keys which are stored in (and
not extractable from) a Keychain file.
The OpenSSL part of this code is available here:
http://www.hhhh.org/src/hg/shims/There are a number of rough spots and a number of places where the code
assumes Apple's implementation of CDSA, but it at least proves the
concept.
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
openssl-users@...
Automated List Manager
majordomo@...
