Diego, > We are using openca-0.9.2.2 with a patched openssl 0.9.7g that > support Luna CA3. The HSM is working fine using ca3util (multitoken > doen't exists because we are using CA3 model of HSM) and it works fine > with OpenSSL if we use it to perform operations that doesn't require > the private key contained on the token (for example the random number > generation). The private key has been generated on the token and we > have the "false key" on the file system. This key is a PEM file with > the false key.
So can you use OpenSSL with the -engine switch to perform a function using the private key ? e.g. /usr/local/ssl/bin/openssl rsa -engine LunaCA3 -in /root/test/test.key -text -noout or /usr/local/ssl/bin/openssl dgst -engine LunaCA3 -sign /root/test/test.key -out /root/test/data-sign /root/test/data I am just trying to work out if this is an OpenCA problem or a CA3/OpenSSL problem. Chris... ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
