PKCS#11 stuff: "sign-only" vs "crypto-accelerator"
Francis Dupont
Francis.Dupont at fdupont.fr
Mon Feb 15 14:16:28 UTC 2010
In your previous mail you wrote:
Here I was using softhsm.
=> it should work (i.e., I tested it with success).
You should try the openssl command:
- "openssl engine" shows the compiled-on engines
- "openssl engine -t" loads the engines too (so the "pkcs11" engine must be available)
- "openssl rsa" has a poorly documented way to load keys from engine,
needed parameters are:
-engine pkcs11
-inform engine
-in pkcs11:johani.se-zsk
after you can play with -pubin, -pubout, -text. Of course don't expect to get
private parameters this way (you get only the public part).
I didn't try with the PIN in the openssl.cnf file but it should work (through
the OPENSSL_CONF environment variable).
Of course you get only the OpenSSL errors, not the PKCS 11 one, but they should
be a bit better than the BIND one (not found).
Regards
Francis.Dupont at fdupont.fr
PS: usually I forgot to set correctly SOFTHSM_CONF so try it first.
More information about the bind-workers
mailing list