On Thu, 2016-11-17 at 09:33 +0200, Roumen Petrov wrote: > David Woodhouse wrote: > > > The assumption in all the current engine code is that key_id can be > > > passed as something like a file name. > > This is mostly documentation issue. > Usually OpenSSL man pages use filename for <KEY>, but actually it is > just a string and engine is responsible how to process
Right. In engine_pkcs11 it's a RFC7512 PKCS#11 URI and not a filename. > > > There are some new users that > > > actually want to pass a BIO, so add a new load_key method for > > > engines > > > that takes a flag value. > > Engine could use some URN formats for <KEY>. For instance if <KEY> > starts with file:/ engile could try to load from filesystem. Note that GnuTLS has a URN format for keys stored in the TPM. See output of 'tpmtool --list' for example. The TPM engine should probably accept those. But this doesn't help with the case where we *have* the actual (wrapped) key data in memory already — unless you pass in a string which is a base64-encoded form of that, which is kind of horrid. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev