Re: iKey and OpenSSL

From: Michael Amling (nospam@nospam.com)
Date: 03/21/03 

From: Michael Amling <nospam@nospam.com>
Date: Fri, 21 Mar 2003 14:50:11 GMT

Mike Gagnon wrote:
> I'd like to use an iKey (hardware USB device that stores a certificate and
> private key) for encryption with OpenSSL. Can anyone provide a helpful link
> to information on how to write the hooks that would need to go into OpenSSL
> for OpenSSL to know how to use the private key and certificate on this
> token?

   Rainbow supplies a PKCS#11 interface for Windows (only, AFAIK). But
they didn't write it. The software is from another company whose name
escapes me, but which may offer a wider availability of software.
   I don't know if OpenSSL can be made to use a supplied PKCS#11 interface.

--Mike Amling

Relevant Pages

  • OPpenSSL and CryptAPI for Microsoft
    ... I want to implement EAP-TLS by OPenSSL in Windows environemnt. ... SSL_CTX_use_PrivateKey) to set Certificate and private key. ... Do any one known how to use CrptoAPI to get PrivateKey and transfer format ...
    (microsoft.public.platformsdk.security)
  • E2k7 Zertifikate (CSR mit openSSL signieren)
    ... Auf diesem habe ich eine RootCA und eine ServerCA etabliert. ... Mit New-ExchangeCertificate erzeuge ich jetzt ein Zertifikatsrequest (CSR) und stelle diesen der openSSL Server CA zum signieren bereit. ... certificate = $dir/ServerCA.cert.pem ...
    (microsoft.public.de.exchange)
  • Re: guidance on SSL certs and Apache2
    ... including the fact that the setup is neither automated nor documented ... > it has Kleopatra for certificate management. ... openssl req -new -key server.key -out newreq.pem ... /etc/init.d/apache2 restart ...
    (Debian-User)
  • Re: Pine and CA certificates
    ... Pine is installed in a shared file system; it would have been nice for the CA certificate that signed the IMAP server's certificate to have been there too. ... So, instead of reconfiguring OpenSSL once and being done with it, you instead want to reconfigure every application program that uses OpenSSL? ... You don't want the SSLKEYS directory to be the same as the CA certificate directory, since only a file protection stands between that key and a hacker who could do bad things with it. ... Most people just use the OpenSSL standard CA certificate directory, or they rebuild OpenSSL so that its standard CA certificate directory is what they want it to be. ...
    (comp.mail.pine)
  • Re: Help with issuing self signed certificates
    ... I generate a RSA key using openSSL. ... How do I make the clients trust my CA? ... OpenSSL comes with a simplistic script CA.sh (there's also a perl ... You also need a CA certificate, and a few files here and there for the ...
    (comp.security.misc)
Quantcast