e. Is that doing some
magic under the covers?
Thank you,
Sunjeet
On 2012-04-13, at 6:23 PM, Dr. Stephen Henson wrote:
> On Fri, Apr 13, 2012, Sunjeet Singh wrote:
>
>> Hi,
>>
>> Stupid question-
>>
>> If I use a HSM to store private key used for SSL
Hi,
Stupid question-
If I use a HSM to store private key used for SSL connections using the
CryptoAPI engine for OpenSSL, is all data to be encrypted/decrypted going
through my HSM? I'm-
1. Registering my HSM as a Cryptographic Service Provider, and
2. Setting my application code to initializ
Ah, I see. Many thanks for the explanation.
Sunjeet
On 2012-04-05, at 7:36 AM, Jakob Bohm wrote:
> On 4/5/2012 5:36 AM, Sunjeet Singh wrote:
>>> ENGINE_free all of the structural references you got, including the one
>>> for the ENGINE you're using
>> And so
> ENGINE_free all of the structural references you got, including the one for
> the ENGINE you're using
And so in order to free all structural references of an ENGINE * e, I could
just do this?-
while( e->struct_ref > 0 ) {
ENGINE_free( e );
}
And to keep all but one functional refer
Hi,
I'm working on an OpenSSL Engine implementation and I don't entirely get the
idea behind Structural and Functional references. So, I'd be very grateful if
someone could comment on my approach of handling references.
If I have multiple SSL connections using an engine at the same time, IS IT
> The it is probably DER format. Use d2i_X509_fp instead and make sure you open
> the fp in binary mode.
>
> Steve.
Yes, indeed. It worked! Thanks again for your quick reply.
Sunjeet
__
OpenSSL Project
>> 8. Now, I want to load the certificate into the same SSL Context.
>> At first I tried using the simple-
>> ENGINE_load_ssl_client_cert()
>> on the certificate file generated earlier, but that failed. I can
>> understand why- the certificate is encrypted (self-signed).
>
Hi,
In trying to implement integration of my application that uses OpenSSL with
nCipher HSM using CryptoAPI, I am stuck with a rather conceptual issue. First
let me explain the steps that I was able to do successfully (hopefully I'm
doing these right and this will be a helpful summarization for
> If the MS-CAPI Engine can generate keys, you might be able to use it through
> the nCipher CSP to generate hardware protected Signing and Exchange keypairs
> for your CAPI container.
I just accomplished this by making use of the nCipher CSP and their command
line utility "keytst" to generat
> None of the above ;-)
>
> If you have the CHIL ENGINE you load a private key using
> ENGINE_load_private_key() and pass the appropriate ENGINE pointer and the name
> of the key which will presumably be "rsa-test".
>
> That will get you an EVP_PKEY pointer which you can pass to
> SSL_CTX_use_Pr
Hi Sander,
Thank you for your elaborate response. It has helped me a great deal.
A follow-up question-
> fookey
> fookey_certreq
> fookey_selfcert
>
> The first one looks a lot like a private key, but it is a dummy key. This is
> the key file you pass to the OpenSSL library. It looks so muc
Greetings again, I'm back with another question. Any help will be much
appreciated-
My OpenSSL Application uses the OpenSSL C function call-
SSL_CTX_use_certificate_chain_file( sslCtx, keyFile );
where keyFile is the path to a .PEM file containing the private key and
certificate.
But no
Thank you for your response.
> I don't know if "outdated" is the word: perhaps there hasn't ever been much.
Some old blogs are referencing helpful blogs/tutorials that are now expired.
Searching online didn't help either.
> The CHIL Engine *only* registers for RSA exponentiation, and cannot b
Hi,
Most of the references on this forum on how to use nCipher HSM with OpenSSL
using the CHIL API (or CAPI) are outdated. I was wondering if anyone had any
pointers to helpful resources in this regard.
I've been reading up about it here and there and I'm aware of the commands to
use for engin
14 matches
Mail list logo