]>
Commit | Line | Data |
---|---|---|
b22bda21 RL |
1 | |
2 | ENGINE | |
3 | ====== | |
4 | ||
5 | With OpenSSL 0.9.6, a new component has been added to support external | |
6 | crypto devices, for example accelerator cards. The component is called | |
7 | ENGINE, and has still a pretty experimental status and almost no | |
8 | documentation. It's designed to be faily easily extensible by the | |
9 | calling programs. | |
10 | ||
11 | There's currently built-in support for the following crypto devices: | |
12 | ||
13 | o CryptoSwift | |
14 | o Compaq Atalla | |
15 | o nCipher CHIL | |
16 | ||
17 | A number of things are still needed and are being worked on: | |
18 | ||
19 | o An openssl utility command to handle or at least check available | |
20 | engines. | |
21 | o A better way of handling the methods that are handled by the | |
22 | engines. | |
23 | o Documentation! | |
24 | ||
25 | What already exists is fairly stable as far as it has been tested, but | |
26 | the test base has been a bit small most of the time. | |
27 | ||
28 | Because of this experimental status and what's lacking, the ENGINE | |
29 | component is not yet part of the default OpenSSL distribution. However, | |
30 | we have made a separate kit for those who want to try this out, to be | |
31 | found in the same places as the default OpenSSL distribution, but with | |
32 | "-engine-" being part of the kit file name. For example, version 0.9.6 | |
33 | is distributed in the following two files: | |
34 | ||
35 | openssl-0.9.6.tar.gz | |
36 | openssl-engine-0.9.6.tar.gz | |
37 | ||
38 | NOTES | |
39 | ===== | |
40 | ||
41 | openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do | |
42 | not need to download both. | |
43 | ||
44 | openssl-engine-0.9.6.tar.gz is usable even if you don't have an external | |
45 | crypto device. The internal OpenSSL functions are contained in the | |
46 | engine "openssl", and will be used by default. | |
47 | ||
48 | No external crypto device is chosen unless you say so. You have actively | |
49 | tell the openssl utility commands to use it through a new command line | |
50 | switch called "-engine". And if you want to use the ENGINE library to | |
51 | do something similar, you must also explicitely choose an external crypto | |
52 | device, or the built-in crypto routines will be used, just as in the | |
53 | default OpenSSL distribution. | |
54 |