On Sun, 27 Jan 2002, Andy Schneider wrote: > > openssl loads *embed* keys using the PEM keys. An embed key is encrypted private key >material. The encryption key (simplification) is either on the smartcard (when the >key is card protected) or on the hardware module (for module protected keys). Instead >of loading them directly into OpenSSL you load the .pem key that is generated by >KeySafe when you create an nCipher key. This .pem key is in fact an alias to the key, >it is not key material itself. With OpenSSL apps you use the nCipher app with-nfast >to load the embed keys and then execute your openssl application. e.g. > > with-nfast ./yourapp > (prompts for passphrases follow) >
This is what documentation says, but I still need to pass something for key ID to HWCryptoHook_RSALoadKey(). Say, I create key as follows: $ generatekey --module 1 --slot 0 embed plainname=foo protect=token recovery=1 size=1024 type=rsa now I have files foo.pem, foo_selfcert.pem and foo_req.pem and nfkminfo -k shows something like that: $ nfkminfo -k [vix@eebik vix]$ nfkminfo -k Key summary - 1 keys: AppName embed Ident b6621954138bf0e41553115f2c402ed802c1bdb1 How do I load this key with openssl? Operator card does not have a passphrase. -v -- Has anyone ever tasted an "end"? Are they really bitter? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
