{{{ #!htmlcomment This page is maintained automatically by a script. Don't modify this page by hand, your changes will just be overwritten the next time the script runs. Talk to your Friendly Neighborhood Repository Maintainer if you need to change something here. }}} {{{ #!html

Toys to test Cryptech Alpha HSM with OpenSSL engine API

Packages you need (on Debian Jessie, anyway):

sudo apt-get install opensc cryptech-alpha stunnel micro-httpd w3m
sudo apt-get install -t jessie-backports libengine-pkcs11-openssl

We're using the backported version of libengine-pkcs11-openssl because we want ECDSA support -- the ancient version that originally shipped with Jessie only supported RSA.

General plan here is to use pkcs11-tool to create keys, then use the pkcs11 OpenSSL engine and OpenSSL command line tool to do vaguely useful things with those keys.

Configuration

Scripts

References and notes

Given the overall state of OpenSSL's documentation, it also helps to be able to read the OpenSSL source code: in this particular case, the apps/ directory is most likely to be useful. It turns out that many (not all) places where one of the OpenSSL command line functions allow one to specify a key format other than PEM, one of the supported formats is ENGINE, in which case the "filename" is interpreted as a key selector.

}}} [[RepositoryIndex(format=table,glob=user/sra/openssl-engine)]] || Clone `https://git.cryptech.is/user/sra/openssl-engine.git` ||