Jesus Luna wrote:
Hello,
Our OCSP Responder is based on Apache's mod_ssl and uses openssl libraries
to perform crypto operations (i.e. signing the Responses). These days I've
been trying to implement HSM support with the PKCS11 DLL provided by the
crypto device manufacturer (Spain's RealSec).
When searching PKCS11 engine's implementations for openssl I found OpenSC
project and their engine_pkcs11 libraries, so I began testing with the
OpenSSL's command line like this:
*Engine preparation (form openssl environment):
engine -t dynamic -pre SO_PATH:D:\openssl-0.9.8c\out32dll\engine_pkcs11.dll
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:D:\openssl-0.9.8c\out32dll\rsecpk11.dll
*OCSP client with signed Request (same mechanism is used by the OCSP Server
when sending a signed Response):
ocsp -host ocsp.camerfirma.com:80 -path http://ocsp.camerfirma.com/ocsp
-issuer Camerfirma-RootSinPoderes.pem -serial
0x00C20FA62E42F03643257115AED64383 -nonce -CAfile VA-root.pem -VAfile
CACamerfirma-ocspSign.pem -signkey jluna.cve -signer jluna.cer -reqout
what is "jluna.cve" ?
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
