This patch implements a generic pkcs#11 engine in openssl-0.9.7. Applying this patch to openssl-0.9.7 allows applicatioto use the security functions provided by a cryptographic card supporting the PKCS#11 interface.
This release permits to use the key storage in secure memory and acceleration of RSA and random functions by the crypto hardware. (TODO: acceleration of DSA, DH & EVP functions by the hardware) The present architecture of openssl does not allow to create the RSA keys using an engine. The hypothesis adopted is that the RSA keys are introduced in the cryptographic card independently of openssl. By applying the attached patch, this operation can be realized using the PKCS#11 standard function : C_GenerateKeyPair. To be able to use the OpenSSL commands allowing to generate and handle the RSA keys, the PKCS#11 engine introduces an additional function : rsa_generate_key. The PKCS#11 openssl engine identifier is : pkcs11. This patch has been tested in linux & windows environment using the Bull Trustway cryptographic hardware. I have used openssl, apache-mod-ssl & openca applications to test and validate this patch. [EMAIL PROTECTED] Bull TrustWay R&D France
trustway-pkcs11-openssl-0.9.7.patch.gz
Description: GNU Zip compressed data