On March 2, 2004 11:40 am, Giovanni Calzuola wrote: > > That depends rather heavily on what "hardware key" means. If the > > corresponding ENGINE supports it, you should use > > ENGINE_load_private_key(). > > I'd like to use a software engine by default and occasionally get a key > from a pkcs#11 engine. > Such a pkcs#11 engine, in order to reteive the private key, makes a > call to PEM_read_PUBKEY(fp, .. .. ..), which, through several calls, > calls RSA_new_method(NULL), and consequently returns the method of the > default engine, which is the software one. > If I could pass an engine structure to the PEM_read_PUBKEY, and tell it > how to get the corresponding RSA, I think that I'll find the solution > to my problem. > Any idea about it?
Why is a pkcs11 engine calling PEM_read_***? The ENGINE_load_private_key() functionality was created to do precisely what you're asking for, and this hooks off a callback provided by the engine implementation that should allow it to provide hardware-specific key-loading support. If it only calls PEM functions, then it is not written to handle HSM keys. Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
