How does openssl ca command get hsm password to use a private key?
hi friends of openssl,
first of all excuse me if my question is out of the
here is my situation:
i work in a project that use a cryptographic device,
especifically a nCipher to store private keys. i read
that openssl use engine objects to manage
cryptographics devices such nShield HSM through CHIL
openssl ca command takes some arguments like:
$ openssl ca xxx xxxx xxx -engine chil -passin env:pwd
in the previous line the source of the password is the
enviromental variable pwd.
i could see that in ca command source
openssl-0.9.7e/src/app/apps.c there are a couple of
int app_passwd(BIO *err, char *arg1, char *arg2, char
**pass1, char **pass2);
static char *app_get_pass(BIO *err, char *arg, int
the first function calls the second. the app_get_pass
function returns the password to use the engine.
what i really need is to know how openssl ca command
get the password (from an enviromental variable such
env:pwd) to sign a CSR through ENGINE engine.
i need to get the engine password to perform
cryptographics operations with my hsm like signing
the following is a piece of the code of
openssl-0.9.7e/src/app/ca.c where the private key
stored in hsm is loaded to sign a CSR: