Smart card support with Openssl

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Smart card support with Openssl

Rajeswari K
Hello Users/dev Team,
 
Need some urgent help to program openssl for smart card/HSM.
 
Our smart card never shares private keys. All crypto operations such as encryption,decryption will be performed by smart card. And any such actions from openssl needs to be redirected to smart card. Only certicate is left open.
 
Have read about pkcs11 crypto engine support at openssl. Currently we are using openssl 0.9.8q. Does this version supports pkcs11 engine support?
If supports, can you provide which part of the code needs to be changed to have successful handshake using smart card.
 
Currently our openssl code is expecting a private key to perform handshake. When smart card is used, private_key is updated with NULL at SSL_ACCEPT(). Hence, its throwing as no shard cipher during handshake.
 
Please provide a sample application how to program openssl for smart card  where private key is not known.
 
Thanks in advance.
 
Rajeswari.
 
Reply | Threaded
Open this post in threaded view
|

Re: Smart card support with Openssl

Douglas E. Engert


On 5/18/2013 2:09 PM, Rajeswari K wrote:

> Hello Users/dev Team,
> Need some urgent help to program openssl for smart card/HSM.
> Our smart card never shares private keys. All crypto operations such as encryption,decryption will be performed by smart card. And any such actions from openssl needs to be redirected to smart card.
> Only certicate is left open.
> Have read about pkcs11 crypto engine support at openssl. Currently we are using openssl 0.9.8q. Does this version supports pkcs11 engine support?
> If supports, can you provide which part of the code needs to be changed to have successful handshake using smart card.
> Currently our openssl code is expecting a private key to perform handshake. When smart card is used, private_key is updated with NULL at SSL_ACCEPT(). Hence, its throwing as no shard cipher during
> handshake.
> Please provide a sample application how to program openssl for smart card  where private key is not known.
> Thanks in advance.

Have a look at
https://www.opensc-project.org/opensc/wiki/engine_pkcs11

This is an engine that can call pkcs11, either the OpenSC
or some other PKCS#11 implementation.



> Rajeswari.

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]