On Thu, 14 Aug 2008, Jan Pechanec wrote:
>> Thank you for your clarifications, which were pretty much as I expected. My
>> only question relates to your answer to the question about key management...
>> are you saying you believe in the future you can add use of an alternate key
>> store using the OpenSSL library? (That seems moderately surprising to me.
>> And
>> I recognize its "not this project".)
>
> there is a patch to our PKCS#11 engine code that adds support for
>accessing RSA keys by reference (label). I think we need to contact OpenSSL
>team about extending the ENGINE API before we could start using it from
>other applications, and integrate that new engine code into Solaris.
forgot to mention that there is also "6479874 OpenSSL should support
key by reference/hardware keystores" that discusses the issue. J.
--
Jan Pechanec
