Menu
▾
▴
Re: [OpenCA-Devel] OpenSSL 0.9.8 (dev) and engine support?
|
From: Martin B. <vc...@cy...> - 2005-05-10 09:00:20
|
Hi,
>> Does anybody know how to use engine support in 0.9.8? I did not
>> find anything useful in the docs or in the OpenSSL mailing list
>> archives.
with Michael's help and the OpenSC module I figured out how to
use the nCipher module with OpenSSL 0.9.8. For anyone with the
same problem here is what I had to do.
I first had some problems until I realized that the THREAD_LOCKING
option must be set, otherwise the nCipher engine lib complains that
the dynamic lock callbacks are not set by the hwcrhk support library.
I will update the OpenCA nCipher Token module soon to include support
for dynamic engine. My idea is to retain the original behaviour
if the original configuration is used. Only if the token
configuration includes PRE_ENGINE settings, the dynamic engine
will be used.
cheers
Martin
# /usr/local/openssl-snap/bin/openssl
OpenSSL> engine -vvvv dynamic -pre ID:chil -pre
SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so -pre LIST_ADD:1
-pre LOAD -pre THREAD_LOCKING:1 -tt
(dynamic) Dynamic engine loading support
[Success]: ID:chil
[Success]: SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so
[Success]: LIST_ADD:1
[Success]: LOAD
[Success]: THREAD_LOCKING:1
Loaded: (chil) nCipher hardware engine support
[ available ]
SO_PATH: Specifies the path to the 'hwcrhk' shared library
(input flags): STRING
FORK_CHECK: Turns fork() checking on or off (boolean)
(input flags): NUMERIC
THREAD_LOCKING: Turns thread-safe locking on or off (boolean)
(input flags): NUMERIC
SET_USER_INTERFACE: Set the global user interface (internal)
(input flags): [Internal]
SET_CALLBACK_DATA: Set the global user interface extra data (interna=
l)
(input flags): [Internal]
OpenSSL> genrsa -engine chil 1024
engine "chil" set.
Generating RSA private key, 1024 bit long modulus
........................................++++++
......................++++++
e is 65537 (0x10001)
-----BEGIN RSA PRIVATE KEY-----
...
|