From 13d0f55865f8b1b851ce1e84597b144c5fd41662 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 13 Sep 2020 23:15:43 +0000
Subject: GC

---
 ...itRepositories%2Fuser%2Fsra%2Fopenssl-engine.md | 85 ----------------------
 1 file changed, 85 deletions(-)
 delete mode 100644 raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine.md

(limited to 'raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine.md')

diff --git a/raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine.md b/raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine.md
deleted file mode 100644
index 5cfe3bb..0000000
--- a/raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine.md
+++ /dev/null
@@ -1,85 +0,0 @@
-```
-#!htmlcomment
-
-This page is maintained automatically by a script.  Don't modify this page by hand,
-your changes will just be overwritten the next time the script runs.  Talk to your
-Friendly Neighborhood Repository Maintainer if you need to change something here.
-
-```
-
-```
-#!html
-<h1>Toys to test Cryptech Alpha HSM with OpenSSL engine API</h1>
-
-<p>Packages you need (on Debian Jessie, anyway):</p>
-
-<pre><code>sudo apt-get install opensc cryptech-alpha stunnel micro-httpd w3m
-sudo apt-get install -t jessie-backports libengine-pkcs11-openssl
-</code></pre>
-
-<p>We're using the backported version of libengine-pkcs11-openssl because
-we want ECDSA support -- the ancient version that originally shipped
-with Jessie only supported RSA.</p>
-
-<p>General plan here is to use pkcs11-tool to create keys, then use the
-pkcs11 OpenSSL engine and OpenSSL command line tool to do vaguely
-useful things with those keys.</p>
-
-<h2>Configuration</h2>
-
-<ul>
-<li><p><code>openssl.conf</code> contains two different kinds of OpenSSL voodoo: the
-bits needed to configure the engine, and the bits needed to
-construct X.509 certificates.  The engine configuration uses
-environment variables to minimize the number of places where the
-same information needs to be configured.</p></li>
-<li><p><code>environment.sh</code> is where environment variables are configured,
-including the PKCS #11 PIN: you would not want to handle the PIN
-this way in production!  But it's convenient for a test script.</p></li>
-</ul>
-
-<h2>Scripts</h2>
-
-<ul>
-<li><p><code>create-keys.sh</code> uses <code>pkcs11-tool</code> to create several test keys.</p></li>
-<li><p><code>list-keys.sh</code> uses <code>pkcs11-tool</code> to list keys known to the HSM.</p></li>
-<li><p><code>delete-keys.sh</code> uses <code>pkcs11-tool</code> to delete the keys which
-<code>create-keys.sh</code> created.</p></li>
-<li><p><code>issue-certificates.sh</code> generates a small X.509v3 certificate tree.
-As a sanity check, it also verifies the issued certificates.
-This depends on the keys created by <code>create-keys.sh</code>.</p></li>
-<li><p><code>basic-signature.sh</code> performs a basic hash-and-sign of a data file
-using the <code>openssl dgst</code> command, writing a detached signature out
-as a binary file.  As a sanity check, it also verifies the resulting
-signature using the public key extracted from the corresponding
-certificate (so this depends on <code>issue-certificates.sh</code>).</p></li>
-<li><p><code>smime-signature.sh</code> generates and verifies a signed S/MIME message;
-this also depends on <code>issue-certificates.sh</code>.</p></li>
-<li><p><code>https-server.sh</code> runs a toy https server, using keys and certificates
-generated by <code>create-keys.sh</code> and <code>issue-certificates.sh</code>.</p></li>
-<li><p><code>https-client.sh</code> uses w3m as a client to talk to the toy server
-run by <code>https-server.sh</code> (and therefore has the same dependencies).</p></li>
-</ul>
-
-<h2>References and notes</h2>
-
-<ul>
-<li><a href="https://www.nlnetlabs.nl/downloads/publications/hsm/">https://www.nlnetlabs.nl/downloads/publications/hsm/</a></li>
-<li><a href="https://github.com/OpenSC/OpenSC/wiki">https://github.com/OpenSC/OpenSC/wiki</a></li>
-<li><a href="https://wiki.openssl.org/index.php/Command_Line_Utilities">https://wiki.openssl.org/index.php/Command_Line_Utilities</a></li>
-<li><a href="https://www.openssl.org/docs/man1.0.2/apps/">https://www.openssl.org/docs/man1.0.2/apps/</a></li>
-</ul>
-
-<p>Given the overall state of OpenSSL's documentation, it also helps to
-be able to read the OpenSSL source code: in this particular case, the
-<code>apps/</code> directory is most likely to be useful.  It turns out that many
-(not all) places where one of the OpenSSL command line functions allow
-one to specify a key format other than <code>PEM</code>, one of the supported
-formats is <code>ENGINE</code>, in which case the "filename" is interpreted as a
-key selector.</p>
-```
-
-[[RepositoryIndex(format=table,glob=user/sra/openssl-engine)]]
-
-| Clone `https://git.cryptech.is/user/sra/openssl-engine.git` |
-|---|
-- 
cgit v1.2.3