Why would you want the private key to leave the token in clear anyway? If you need to performs RSA private keyops, then ask the device to sign/decrypt for you.
The CA3 FWIW will not even let you wrap a private key off under another key as this HSM is intended for use as a CA's HSM. If you need to backup the keys - there are other ways to do that using their utilities (AFAIK). Dave ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
