Hi,
Just checked in this work. I cannot test it by myself since I do neither own a
hardware accelerator nor a smartcard and reader, I bet that
"AutoEnableBuiltinEngines" will work, however won't bet on the
"private key from a smartcard" stuff:
Apr 24, 2009 V7.23 A. Garrels added *experimental* OpenSSL engine support which
is not compiled in by default. You have to uncomment conditional
define OPENSSL_NO_ENGINE in OverbyteIcsSslDefs.inc and rebuild your
packages to get it included. With engine support included a new
published property AutoEnableBuiltinEngines of TSslContext has to
be set to TRUE in order to enable OpenSSL's built-in hardware
accelerators support, that's all.
******************************************************************
* Due to the lack of hardware this feature is completely untested*
******************************************************************
Any feedback and fixes are welcome, please contact the ICS mailing
list. The OpenSSL engine documentation can be found here:
http://openssl.org/docs/crypto/engine.html
Additionally a new component TSslEngine is installed on the
palette.
Its purpose is to control (dynamic) engines.
Typically control commands of an OpenSC dynamic pkcs11 engine
(SmartCard) are :
Cmds.Add('SO_PATH=d:\opensc\bin\engine_pkcs11.dll');
Cmds.Add('ID=pkcs11');
Cmds.Add('LIST_ADD=1');
Cmds.Add('LOAD=');
Cmds.Add('MODULE_PATH=d:\opensc\bin\opensc-pkcs11.dll');
Cmds.Add('INIT='); <= Special ICS-control command to initialize
the engine
Sample test code (Dod couldn't get it working :(
It assumes that the X509 certificate has been exported from
the SmartCard to PEM file that is available in property
SslCertFile. It's also assumed that SslEngine1 is created
dynamically at run-time in this sample.
We are in new event TSslContext.OnBeforeInit:
if not Assigned(SslEngine1) then
begin
SslEngine1 := TSslEngine.Create(Self);
try
SslEngine1.NameID := 'dynamic';
// The SmartCard holds the private key.
// Next two lines advise SslContext to load the key
// from the engine instead from PEM file.
TSslContext(Sender).CtxEngine := SslEngine1;
SslEngine1.CtxCapabilities := [eccLoadPrivKey];
// The PIN code is expected in property SslPassPhrase
TSslContext(Sender).SslPassPhrase := 'ics';
// Tell the engine which key to use.
SslEngine1.KeyID := KeyIdEdit.Text;
// At first open the engine
if not SslEngine1.Open then
raise Exception.Create(FEngine.LastErrorMsg);
// Now send our vendor specific control commands
for I := 0 to Cmds.Count -1 do
begin
if not SslEngine1.Control(Cmds.Names[I],
Cmds.ValueFromIndex[I]) then
raise Exception.Create(SslEngine1.LastErrorMsg);
end;
Display('Engine set up and loaded successfully');
except
FreeAndNil(SslEngine1);
raise;
end;
end;
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
