In message <CALq8RvLJVQtPhxtQuJzK5oWpb9w79u02FeW1ZoN636va6=F7NA@xxxxxxxxxxxxxx> on Wed, 25 Oct 2017 22:36:45 +0530, Jayalakshmi bhat <bhat.jayalakshmi@xxxxxxxxx> said: bhat.jayalakshmi> Our device uses TPM to protect certificate private bhat.jayalakshmi> keys. We have written engine interface to integrate bhat.jayalakshmi> TPM functionality into OpenSSL. Thus TPM gets loaded bhat.jayalakshmi> as an engine instance. Also we have mapped RSA bhat.jayalakshmi> operations to TPM APIS as like encryption/decryption bhat.jayalakshmi> etc. bhat.jayalakshmi> bhat.jayalakshmi> Now we are into few issues. there are few bhat.jayalakshmi> applications that wants to use application specific bhat.jayalakshmi> identity certificate. In such cases RSA APIs should bhat.jayalakshmi> not get mapped to TPM APIs. bhat.jayalakshmi> bhat.jayalakshmi> I wanted to know when we use engine instance for bhat.jayalakshmi> encyrption/decryption operation, can it be done bhat.jayalakshmi> selectively? Yes, it should be possible. However, this is up to the application, not to your engine. The engine simply offers methods, the application chooses to use some or all of them as default algo implementations through the diverse ENGINE_set_default* functions. For keys such as RSA ones, you can simply create the resulting fetched key with RSA_new_method(e), where |e| is your TPM engine, and your engine's RSA method will be attached to that key rather than the default. Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
