New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkeyutl: allow peer key to reside on a hardware token (pkcs11) Open ssl 1 0 2 stable #557
pkeyutl: allow peer key to reside on a hardware token (pkcs11) Open ssl 1 0 2 stable #557
Conversation
pinging @levitte :-) |
pinging @levitte - is there any reason this doesn't get merged, or at least commented on? |
Perhaps he's busy? |
No doubt. But in the meanwhile I'm afraid that as I'm updating my fork by pulling in the commits applied to master and OpenSSL_1_0_2-stable, it would be more and more complicated to apply this PR. And since I need a working version of OpenSSL, I can't just freeze my fork... :-( And this really is a small fix, and related to what's already been reviewed... |
Another illustration of how it works, as a part of my sample/demo script:
|
+1 Looking good |
Thank you! Let's merge? |
+1 from me if you want to merge it Richard |
Hmmm... it doesn't rebase cleanly. @mouse07410, would you mind rebasing on top of a fresh pull of |
Let me consult with those more fluent in Github than I am, and attempt to rebase. |
…ublic key for now)
@levitte Done!! Please feel free to merge now. :-) P.S. I've learned a lot doing this exercise, and wouldn't be able to complete it without my colleague who knows more about Git. ;) |
Adding @richsalz And I'd really appreciate if this could be merged before we need another rebase. :-) |
Awright, pushed! Closing. |
Thank you! :-) |
Enables
pkeyutl.c
to derive shared symmetric key (ECDH) with a public key on the PKCS11-accessible hardware token:The above example demonstrates that the derivation is correct - shared secret derived from ECDH private key in a file and ECDH public key on the card matches the one derived on the card from its ECDH private key and the given public key from a file.
t256-ec-priv.pem
is a file containing ECDH private key (in PEM format).t256-ec-pub.der
is a file containing ECDH public key (in DER format - need it for OpenSC tools).KEY MAN key
andKEY MAN pubkey
) containing ECDH derivation key pair.Oh, and of course the only commit in this PR that matters is 6fdd762
All the others are already merged (I think), but somehow Github does not show it. :-(