How to use openssl providers? #12525
Comments
|
We don't have any API for using an openssl provider
…On Thu, Feb 27, 2025, 9:33 AM David White ***@***.***> wrote:
Hi there,
I have a pkcs11 provider set up for openssl. This connects to a yubihsm.
***@***.***:~$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.3.1
status: active
pkcs11
name: PKCS#11 Provider
version: 3.3.1
status: active
I am able to create a certificate like so:
openssl req -new -x509 -days 3650 -subj '/CN=Test Signature Key/' -sha256
-key 'pkcs11:token=YubiHSM;object=Signing%20Key;pin-value=0001example' -out
signing.crt
I would like to do this programatically. How can I sign the cert with
pyca/cryptography using the openssl provider?
Thanks
—
Reply to this email directly, view it on GitHub
<#12525>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBEA5GGI5PMHOTHJH4D2R4O5NAVCNFSM6AAAAABX77QWEGVHI2DSMVQWIX3LMV43ASLTON2WKOZSHA4DINZQGQ3DOOI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
[image: MorningLightMountain713]*MorningLightMountain713* created an
issue (pyca/cryptography#12525)
<#12525>
Hi there,
I have a pkcs11 provider set up for openssl. This connects to a yubihsm.
***@***.***:~$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.3.1
status: active
pkcs11
name: PKCS#11 Provider
version: 3.3.1
status: active
I am able to create a certificate like so:
openssl req -new -x509 -days 3650 -subj '/CN=Test Signature Key/' -sha256
-key 'pkcs11:token=YubiHSM;object=Signing%20Key;pin-value=0001example' -out
signing.crt
I would like to do this programatically. How can I sign the cert with
pyca/cryptography using the openssl provider?
Thanks
—
Reply to this email directly, view it on GitHub
<#12525>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBEA5GGI5PMHOTHJH4D2R4O5NAVCNFSM6AAAAABX77QWEGVHI2DSMVQWIX3LMV43ASLTON2WKOZSHA4DINZQGQ3DOOI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I have a pkcs11 provider set up for openssl. This connects to a yubihsm.
davew@hsm:~$ openssl list -providers Providers: default name: OpenSSL Default Provider version: 3.3.1 status: active pkcs11 name: PKCS#11 Provider version: 3.3.1 status: activeI am able to create a certificate like so:
openssl req -new -x509 -days 3650 -subj '/CN=Test Signature Key/' -sha256 -key 'pkcs11:token=YubiHSM;object=Signing%20Key;pin-value=0001example' -out signing.crt
I would like to do this programatically. How can I sign the cert with pyca/cryptography using the openssl provider?
Thanks
The text was updated successfully, but these errors were encountered: