vix> By the way, can someone explain me, how should one use those
vix> "embed" type keys? I've read all the documentation, searched
vix> mailing lists and Internet, experimented quite a lot, but no
vix> success. I get some strange error (invalid param or smth)
vix> from HWCryptoHook library whenever I try to load a key of
vix> type "embed". with-nfast -k <keyname> can load this key, but
vix> openssl fails. Right now I'm using hwcrhk keys.
openssl loads *embed* keys using the PEM keys. An embed key is encrypted private key
material. The encryption key (simplification) is either on the smartcard (when the key
is card protected) or on the hardware module (for module protected keys). Instead of
loading them directly into OpenSSL you load the .pem key that is generated by KeySafe
when you create an nCipher key. This .pem key is in fact an alias to the key, it is
not key material itself. With OpenSSL apps you use the nCipher app with-nfast to load
the embed keys and then execute your openssl application. e.g.
with-nfast ./yourapp
(prompts for passphrases follow)
At least, this is what we do.
Andy S.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
