Aslam, I had the same problem. I solved it in the following way: I got the certificate from CryptoAPI and created a X509 struct from it. For the privatekey, I created a RSA struct and filled it with as much data as I could from CryptoAPI. I couldn't get the private key, of course, so I got only the key length... I used the app_data field of the RSA struct to point to a struct that contains extra info about the key (e.g. an indication that this is a CryptoAPI key, and the key's HCRYPTPROV and HCRYPTKEY). After that, the key should be wrapped as a EVP_PKEY. In order for the extra information to be actually used, I created a new RSA_METHOD with functions that call CryptoAPI to do the work. I had to implement the rsa_sign function too, in order to be able to call the CryptoAPI SignHash function with CALG_SSL3_SHAMD5.
So when OpenSSL wants to use the private key associated with a connection, my rsa_method functions are being called, they determine if the key is an OpenSSL key (and if so - the original rsa_meth is used) or a CryptoAPI key (and then CryptoAPI is used with the extra info saved in the struct pointed by the app_data field). This works for RSA keys only (As far as I know there is no EVP_PKEY_METHOD so you can't hook your code to the EVP level), but you can do the same for DSA keys too, if your application uses them. Home this helps. Tal > -----Original Message----- > From: Aslam [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, November 13, 2001 6:50 PM > To: '[EMAIL PROTECTED]' > Subject: how to setup SSL_CTX to use private keys from smartcards.. > ?? > > Hi, > > I'm using openssl-0.9.6b for performing ssl/tls client and server stuff... > I'm able to do it when I export my private keys in some file (PEM or pkcs8 > format) and call appropriate API for SSL_CTX to set the private key. All > this thing work good.. But how to setup the SSL_CTX to use private keys > from some smartcard or say from key container in microsost crypto stuff ?? > > Thanks ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]