Eric Laroche wrote: > > Hi, > > > Yes, I am aware of the OpenSSL engine interface. Our code applies > quite similar mechanisms of feeding 'configuration' information (name/ > value pairs) from application code. However, the engine command > definitions affect the whole engine setting, whereas our configuration > affects an abstraction called (key) 'object specification'. Each key > or certificate may have quite different settings concerning where to > accomplish encryption and which password callbacks to be applied, etc. > > The PKCS#11 object specification / configuration seems to me to be a > different concept compared to the engine configuration. However, the > PKCS#11 interface may be seen as a 'PKCS#11' engine. >
How could crypto acceleration or querying capabilities be handled in this model? I was thinking that a possible way to handle this is to map a specific PKCS#11 library+token to an ENGINE. This would behave a bit like the dynamic ENGINE in that the PKCS#11 ENGINE would be called with a set of init commands which would then produce a second ENGINE which would refer to the actual PKCS#11 implementation. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
