On Mar 6, 2012, at 10:45 AM, Sunjeet Singh wrote: > Hi, > > Most of the references on this forum on how to use nCipher HSM with OpenSSL > using the CHIL API (or CAPI) are outdated. I was wondering if anyone had any > pointers to helpful resources in this regard.
I don't know if "outdated" is the word: perhaps there hasn't ever been much. > I've been reading up about it here and there and I'm aware of the commands to > use for engine selection and usage etc. but I think I am lacking some basic > conceptual knowledge. I've gotten only as far as generating the keys using > the CHIL engine, but don't know how to use the key and certificate for crypto > operations. The CHIL Engine *only* registers for RSA exponentiation, and cannot be used to generate keys. You generate HSM protected keys of 'embed' application type using the Thales/nCipher 'generatekey' utility (invoke with --help to see what options are available), and use the embedsavefile as key for your openssl program with the CHIL engine registered. S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org