Paolo Rossi wrote:
>
> finally I get into Your Patched version (Adnovum Patch of 15.06.01)
>
> The problems are two :
>
> 1) Using the 15.06.01 patch  (pkcs11 + "diff patch") I can only do the
> following command : openssl pkcs11 -l "c:\gclib.dll" -out dumpfile
>
> Answer : are available other commands (in order to sign, encrypt, write
> ecc.)

The supported RSA signing/encryption and verifying/decryption are
invoked implicitly, by specifying an appropriate PKCS#11-config-strings
instead of filenames, for use with e.g. SSL_CTX_use_PrivateKey_file:

>> The token object specification format has been widened.  It is now
>> more powerful and more intuitive, using name/value pairs, e.g.:
>> "pkcs11:library=cryptoki&tokenlabel=eric&objectlabel=two&dologin=true"

documentation is not yet available, since this is not the final version.
however, 'token label' and 'object (key) label' should be intuitive, if
you have already worked with the PKCS#11 API and/or cryptoki devices.

The 'openssl pkcs11' command line interface so far implements only
PKCS#11 information dumping.  Expect more to come in later versions,
e.g. such things as hardware key generation, maybe generating proxy key
PEMs (containing information on how to locate hardware based keys,
suitable for OpenSSL clients such as Apache).

> 2) Do you have the "diff patch" for the 13.12.01 patch version (the second
> you sent)?

The affected source file ssl_rsa.c is almost the same, only two lines
changed between the two snapshots.  so the old patch should apply
readily.  however, some more source files have been added to the pkcs11/
directory, which is easy to spot and correct in the affected makefile.

I haven't really done new patch files since the PKCS#11 thing is
currently on the move; there are efforts ongoing to merge some of the
PKCS#11 code done so far.  maybe you'll wait some time and test that
version, which will include documentation, and proper diffs, and
samples, etc...

Eric
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to