Hi, I am working with a PIV card and integrating it into openssl using the opensc engine.
For example I can encrypt some data with: OPENSSL_CONF=piv.conf ./openssl smime -encrypt -outform smime -out /tmp/test.encrypt /tmp/encrypt.pem and then decrypt it with: OPENSSL_CONF=piv.conf ./openssl smime -decrypt -recip /tmp/encrypt.pem -engine pkcs11 -inkey slot_0 -keyform engine -in /tmp/test.encrypt In that example the cert used to do encryption is stored on the harddrive. Now I do have the certs stored on the PIV card and I can access the cert with a command like: pkcs11-tool -p <pin> -r --type cert --label <label> --module /usr/lib64/opensc-pkcs11.so >> /tmp/encrypt.der and then use the cert to perform the encryption. I am wondering if there is a way to get openssl to pull the cert off the card and use it? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
