Paolo Rossi wrote: > > finally I get into Your Patched version (Adnovum Patch of 15.06.01) > > The problems are two : > > 1) Using the 15.06.01 patch (pkcs11 + "diff patch") I can only do the > following command : openssl pkcs11 -l "c:\gclib.dll" -out dumpfile > > Answer : are available other commands (in order to sign, encrypt, write > ecc.)
The supported RSA signing/encryption and verifying/decryption are invoked implicitly, by specifying an appropriate PKCS#11-config-strings instead of filenames, for use with e.g. SSL_CTX_use_PrivateKey_file: >> The token object specification format has been widened. It is now >> more powerful and more intuitive, using name/value pairs, e.g.: >> "pkcs11:library=cryptoki&tokenlabel=eric&objectlabel=two&dologin=true" documentation is not yet available, since this is not the final version. however, 'token label' and 'object (key) label' should be intuitive, if you have already worked with the PKCS#11 API and/or cryptoki devices. The 'openssl pkcs11' command line interface so far implements only PKCS#11 information dumping. Expect more to come in later versions, e.g. such things as hardware key generation, maybe generating proxy key PEMs (containing information on how to locate hardware based keys, suitable for OpenSSL clients such as Apache). > 2) Do you have the "diff patch" for the 13.12.01 patch version (the second > you sent)? The affected source file ssl_rsa.c is almost the same, only two lines changed between the two snapshots. so the old patch should apply readily. however, some more source files have been added to the pkcs11/ directory, which is easy to spot and correct in the affected makefile. I haven't really done new patch files since the PKCS#11 thing is currently on the move; there are efforts ongoing to merge some of the PKCS#11 code done so far. maybe you'll wait some time and test that version, which will include documentation, and proper diffs, and samples, etc... Eric ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
