|
So let's assume I have system A and B. System A has some store of certificates and keys. We'll assume they're in either PEM or DER format and OpenSSL generated them. System B is going to get passed one or both via a mechanism (e.g.
over a TLS connection that it has validated as being "ok" with
appropriate cipher and certificate chase, so it's reasonably
convinced it's talking to who it thinks it is), and then wishes to
install them into executing software so OpenSSL can use them for
THAT system to do something with (e.g. take connections from a
third machine, sign objects, etc.) I already know how do the "do
something" part with OpenSSL. System B does *NOT* want to store
these persistently on the disk somewhere (even transiently.) What I'm trying to figure out is the "best" way to handle this. SSL_CTX_use_PrivateKey accepts a EVP_PKEY pointer, SSL_CTX_use_PrivateKey_ASN1 takes an ASN1 structure of length len, but what is parameter "pk" (not explained in the man page) and this assumes I have an ASN.1..... I would assume that doing wonky things with EVP_PKEY (like
digging into the structure once loaded, grabbing it and
transmitting it) is a severely bad idea as the structure may
change (e.g. EVP_PKEY is intended to be an opaque structure from a
user code perspective.) So that leaves the obvious question as "is there a decent way to
convert a PEM or DER private key file into ASN.1" using OpenSSL
calls (from a "C" program, not from the command line; we'll assume
I have the key and cert files already.) TIA
The Market Ticker
[S/MIME encrypted email preferred] |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
