I’m pretty new to openssl. So far I’ve gone through tutorials offered by IBM and HP and got some practices about how to use openssl APIs.
My project is about using a USB security memory token loaded with a digitial certificate to verify the identity of a client via an ActiveX control on the client’s browser. Now the problem is that the vendor-provided library for the token only support reading and writing strings from and to the token. However, I only know how to load a certificate from a file with SSL_CTX_load_verify_locations() or SSL_CTX_use_certificate_file() functions.
The only thing I can think of is writing the large chunk of encrypted stuff between BEGIN X509 CERTIFICATE and END X509 CERTIFICATE to the token and read it out as a string. Now I really need some help to load this string into SSL_CTX object ctx in openssl.
BTW, does the long stuff between BEGIN X509 CERTIFICATE and END X509 CERTIFICATE contain the so-called public key and other info (such as expiration date) except private key? Please correct me if I’m wrong 🙂
Any help will be much appreciated!
Z.Zen
If you can read and write arbitrary binary blobs to the token, then you can just store the certificate and private key in ASN1 format, then load them with
SSL_CTX_use_certificate_ASN1()andSSL_CTX_use_PrivateKey_ASN1()(in that order). Note that you need to do both, because a certificate does not store the private key; it must be stored separately.