Hello, I write an engine which shifts private key operations to a hardware security module. I face a problem concerning the key generation process. The keys are stored in the hsm but there exists an external reference file, like an keystore, which is used to address the key in conjunction with an alias name. If I invoke the key generation then a certain key_id is not available within the key generation function. Furthermore openssl saves the key and not the engine. Therefore I can't create a certain reference keystore and an alias for a key. Is there a possibility to allow the engine to save the key?
Here is an example of the problem. The execution of openssl req -newkey rsa:1024 -keyout <key_id> -engine <engine> leads to the function call of rsa_keygen(RSA *rsa, BIGNUM *e, BN_GENCB *cb). But within this function and in no other function, which is called before or after rsa_keygen, the key_id string is available to the engine. But if the load_key function of an engine is called, an key_id, to specify the key, is available. Thank you for your help. Kind regards. Andreas Grüner -- Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.deutsche-bank.de/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet. Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.