Hey there,
On Mon, 23 Apr 2001, Bade wrote:
> On Mon, Apr 23, 2001 at 07:17:13AM -0700, Geoff Thorpe wrote:
> >
> > Although support for symmetric ciphers and digests is obviously the next major
> > goal of the ENGINE work - IMHO it's not an urgent priority just yet. Anyway a
> > few things still stand in the way that we're trying to take care of one by one.
> > If you want to dig in and help, please let me know and I'll try and hook you up
> > with some things to look at. :-)
>
> Any looks at extensions for key storage on HSM's ???
Um, could you be more specific, because in various ways and forms this already
*does* exist and is being used by a number of people. In fact, this doesn't even
have much to do with the ENGINE API (although the engine code provides some
extra specifics) ... the RSA, DSA, and DH code all directly support the ability
to provide alternative "methods" with external implementations of these
algorithms - and they do so in such a way that allow the keys to be opaque. That
is, if the "method" can work with private keys inside HSMs rather than in
memory, then OpenSSL doesn't mind.
ENGINE just provides a way to group these alternative implementations into
logical units (eg. representing a hardware device that performs one or more of
those algorithms) and provide some reliable form of reference management (eg.
knowing if the ENGINE can safely unload handles, drivers, etc - something not
possible just with RSA_METHODs and friends).
Regards,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
