Re: OpenSSL provider replacement for ENGINE_load_private_key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 13 Dec 2021, at 12:15, Tomas Mraz <tomas@xxxxxxxxxxx> wrote:

> One option would be for a provider to provide provider-storemgmt
> implementation to load a key from its special URI. You'd then use
> OSSL_STORE from the application to load a private key from that special
> URI.
> 
> Another, rather simplistic, approach would be to use the
> EVP_PKEY_fromdata() function. In that case you'd have to know what the
> key algorithm are you using. You'd then use EVP_PKEY_CTX_new_from_name
> with query properties to include "provider=your_provider" and the
> params used with EVP_PKEY_fromdata() would contain just the special id
> parameter that the provider would use to identify the private key from
> the device.

The specific example is for PKCS11.

Is there a PKCS11 provider available to be used?

Regards,
Graham
—





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux