From b092ffbcbe2c9398494f7dc9db6f0796971633e0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 13 Sep 2020 23:04:30 +0000 Subject: Import Cryptech wiki dump --- .../GitRepositories%2Fuser%2Fsra%2Fopenssl-engine | 84 ++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine (limited to 'raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine') diff --git a/raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine b/raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine new file mode 100644 index 0000000..b9e5d13 --- /dev/null +++ b/raw-wiki-dump/GitRepositories%2Fuser%2Fsra%2Fopenssl-engine @@ -0,0 +1,84 @@ +{{{ +#!htmlcomment + +This page is maintained automatically by a script. Don't modify this page by hand, +your changes will just be overwritten the next time the script runs. Talk to your +Friendly Neighborhood Repository Maintainer if you need to change something here. + +}}} + +{{{ +#!html +

Toys to test Cryptech Alpha HSM with OpenSSL engine API

+ +

Packages you need (on Debian Jessie, anyway):

+ +
sudo apt-get install opensc cryptech-alpha stunnel micro-httpd w3m
+sudo apt-get install -t jessie-backports libengine-pkcs11-openssl
+
+ +

We're using the backported version of libengine-pkcs11-openssl because +we want ECDSA support -- the ancient version that originally shipped +with Jessie only supported RSA.

+ +

General plan here is to use pkcs11-tool to create keys, then use the +pkcs11 OpenSSL engine and OpenSSL command line tool to do vaguely +useful things with those keys.

+ +

Configuration

+ + + +

Scripts

+ + + +

References and notes

+ + + +

Given the overall state of OpenSSL's documentation, it also helps to +be able to read the OpenSSL source code: in this particular case, the +apps/ directory is most likely to be useful. It turns out that many +(not all) places where one of the OpenSSL command line functions allow +one to specify a key format other than PEM, one of the supported +formats is ENGINE, in which case the "filename" is interpreted as a +key selector.

+}}} + +[[RepositoryIndex(format=table,glob=user/sra/openssl-engine)]] + +|| Clone `https://git.cryptech.is/user/sra/openssl-engine.git` || -- cgit v1.2.3