On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote: > On 12/10/15, 16:56 , "openssl-dev on behalf of Dr. Stephen Henson" > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: > > > > >As I indicated the fix I suggested it temporary. Sometimes a user will > >want > >that behaviour so we'd need a new command line option indicating the > >private > >key engine only. > > Ideally engine_pkcs11 should do it automatically, but I see your point. > Perhaps the code in pkeyutl.c could check if (a) engine is set, and (b) > the engine is PKCS11? And if so - automatically do the right thing? Do you > envision other engines with similar needs? My assumption was that the only > engine that talks to smart cards is pkcs11...
The CryptoAPI ENGINE can also talk to smart cards. > > In the meanwhile, in your opinion should rsautl need a similar patch, or > would it work out of box, like dgst did? > It should yes: rsautl uses the lower level RSA functions only. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
