From: Martin B. <vc...@cy...> - 2005-05-10 09:00:20
|
Hi, >> Does anybody know how to use engine support in 0.9.8? I did not >> find anything useful in the docs or in the OpenSSL mailing list >> archives. with Michael's help and the OpenSC module I figured out how to use the nCipher module with OpenSSL 0.9.8. For anyone with the same problem here is what I had to do. I first had some problems until I realized that the THREAD_LOCKING option must be set, otherwise the nCipher engine lib complains that the dynamic lock callbacks are not set by the hwcrhk support library. I will update the OpenCA nCipher Token module soon to include support for dynamic engine. My idea is to retain the original behaviour if the original configuration is used. Only if the token configuration includes PRE_ENGINE settings, the dynamic engine will be used. cheers Martin # /usr/local/openssl-snap/bin/openssl OpenSSL> engine -vvvv dynamic -pre ID:chil -pre SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so -pre LIST_ADD:1 -pre LOAD -pre THREAD_LOCKING:1 -tt (dynamic) Dynamic engine loading support [Success]: ID:chil [Success]: SO_PATH:/usr/local/openssl-snap/lib/engines/libncipher.so [Success]: LIST_ADD:1 [Success]: LOAD [Success]: THREAD_LOCKING:1 Loaded: (chil) nCipher hardware engine support [ available ] SO_PATH: Specifies the path to the 'hwcrhk' shared library (input flags): STRING FORK_CHECK: Turns fork() checking on or off (boolean) (input flags): NUMERIC THREAD_LOCKING: Turns thread-safe locking on or off (boolean) (input flags): NUMERIC SET_USER_INTERFACE: Set the global user interface (internal) (input flags): [Internal] SET_CALLBACK_DATA: Set the global user interface extra data (interna= l) (input flags): [Internal] OpenSSL> genrsa -engine chil 1024 engine "chil" set. Generating RSA private key, 1024 bit long modulus ........................................++++++ ......................++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- ... |