Question on ENGINE implementation.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on ENGINE implementation.

David Woodroffe
I am currently trying to use openSSL with an nCipher HSM for signing
and verfication. At the moment we are using the with-nfast predicate
for the application to access the keys and this works fine.
However this asks for a passphrase interactively which we do not want
rather we would pass it in at startup from an initialisation file
(encrypted). I also noticed ENGINE_load_private_key etc use a
UI_method prompting for passphrase. Is there any way of initialising
the engine and keys etc without any user interaction?

David
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Question on ENGINE implementation.

Richard Levitte - VMS Whacker
In message <[hidden email]> on Thu, 26 May 2005 11:34:20 +0100, David Woodroffe <[hidden email]> said:

dwoodroffe> I am currently trying to use openSSL with an nCipher HSM
dwoodroffe> for signing and verfication. At the moment we are using
dwoodroffe> the with-nfast predicate for the application to access the
dwoodroffe> keys and this works fine.  However this asks for a
dwoodroffe> passphrase interactively which we do not want rather we
dwoodroffe> would pass it in at startup from an initialisation file
dwoodroffe> (encrypted). I also noticed ENGINE_load_private_key etc
dwoodroffe> use a UI_method prompting for passphrase. Is there any way
dwoodroffe> of initialising the engine and keys etc without any user
dwoodroffe> interaction?

Look for struct pw_cb_data in apps/apps.h and the functions ui_open(),
ui_read(), ui_write(), ui_close(), setup_ui_method(),
destroy_ui_method() and password_callback() in apps/apps.c in the
OpenSSL source code and let yourself get inspired :-).

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]