> On Jun 2, 2019, at 9:47 PM, Erik Madsen <emadsen@xxxxxxxxxxxxxxx> wrote: > > It is TLS and we want Root Of Trust from a non exportable, non readable Private key on the Hardware Security Module. > > By explicitly adding "-keyform ENG" s_client works perfectly. > > And with cURL "--key-type ENG" also works > > NodeJs crypto module has setEngine but there's no option for passing keyform. > > I requested from NodeJs team as well, but if we can do something to tell openssl "keyform is always ENG" I think maybe that would work. If nobody on the list finds something I missed, a feature request on Github is the next step, or you could do that right away. [ Some on the team prefer to track issues on Github from the outset, I prefer to resolve routine questions on the list, and move to Github when it is clear that developer action will be needed to resolve the issue. The workflow preference is matter of taste... ] -- Viktor.
