Hi Doug, John and I implemented an ECDSA/ECDH/ECDHE engine. We are in the process of final testing and cleaning up. Changes to OpenSSL were pretty minor. Would you like to review this code? We are planing to publish it on github in a week or so.
Regards. Alex Sent from my iPhone > On Dec 10, 2015, at 2:47 PM, Douglas E Engert <deeng...@gmail.com> wrote: > > The OpenSC engine code does not support ECDH. It is on the TODO list. > It took forever to get the ECDSA changes needed into OpenSSL to work with > engines, that I never > got to doing the ECDH in engine and libp11. > >> On 12/10/2015 10:59 AM, Blumenthal, Uri - 0553 - MITLL wrote: >> I want to add that apparently some openssl commands work OK with this >> token and pkcs11 engine: >> >> $ openssl version >> OpenSSL 1.0.2e 3 Dec 2015 >> $ openssl dgst -engine pkcs11 -keyform engine -sign >> "pkcs11:object=SIGN%20key;object-type=private;pin-value=123456" -sha256 >> -out t.sig < config.h >> engine "pkcs11" set. >> $ ll t.sig >> -rw-r--r-- 1 ur20980 MITLL\Domain Users 256 Dec 10 11:52 t.sig >> $ openssl dgst -verify pub.key -keyform PEM -signature t.sig -sha256 < >> config.h >> Verified OK >> $ >> >> >> >> >> But I need to also be able to use “encrypt” (well, “decrypt” to be precise >> :) and “derive” (for ECDH key)… >> >> Thanks! >> >> >> _______________________________________________ >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > -- > > Douglas E. Engert <deeng...@gmail.com> > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
