[thirdparty/openssl.git] / README.ENGINE


  ENGINE
  ======

  With OpenSSL 0.9.6, a new component has been added to support external 
  crypto devices, for example accelerator cards.  The component is called
  ENGINE, and has still a pretty experimental status and almost no
  documentation.  It's designed to be faily easily extensible by the
  calling programs.

  There's currently built-in support for the following crypto devices:

      o CryptoSwift
      o Compaq Atalla
      o nCipher CHIL

  A number of things are still needed and are being worked on:

      o An openssl utility command to handle or at least check available
        engines.
      o A better way of handling the methods that are handled by the
        engines.
      o Documentation!

  What already exists is fairly stable as far as it has been tested, but
  the test base has been a bit small most of the time.

  Because of this experimental status and what's lacking, the ENGINE
  component is not yet part of the default OpenSSL distribution.  However,
  we have made a separate kit for those who want to try this out, to be
  found in the same places as the default OpenSSL distribution, but with
  "-engine-" being part of the kit file name.  For example, version 0.9.6
  is distributed in the following two files:

      openssl-0.9.6.tar.gz
      openssl-engine-0.9.6.tar.gz

  NOTES
  =====

  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
  not need to download both.

  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
  crypto device.  The internal OpenSSL functions are contained in the
  engine "openssl", and will be used by default.

  No external crypto device is chosen unless you say so.  You have actively
  tell the openssl utility commands to use it through a new command line
  switch called "-engine".  And if you want to use the ENGINE library to
  do something similar, you must also explicitely choose an external crypto
  device, or the built-in crypto routines will be used, just as in the
  default OpenSSL distribution.
Commit	Line	Data
b22bda21 RL	1
	2	ENGINE
	3	======
	4
	5	With OpenSSL 0.9.6, a new component has been added to support external
	6	crypto devices, for example accelerator cards. The component is called
	7	ENGINE, and has still a pretty experimental status and almost no
	8	documentation. It's designed to be faily easily extensible by the
	9	calling programs.
	10
	11	There's currently built-in support for the following crypto devices:
	12
	13	o CryptoSwift
	14	o Compaq Atalla
	15	o nCipher CHIL
	16
	17	A number of things are still needed and are being worked on:
	18
	19	o An openssl utility command to handle or at least check available
	20	engines.
	21	o A better way of handling the methods that are handled by the
	22	engines.
	23	o Documentation!
	24
	25	What already exists is fairly stable as far as it has been tested, but
	26	the test base has been a bit small most of the time.
	27
	28	Because of this experimental status and what's lacking, the ENGINE
	29	component is not yet part of the default OpenSSL distribution. However,
	30	we have made a separate kit for those who want to try this out, to be
	31	found in the same places as the default OpenSSL distribution, but with
	32	"-engine-" being part of the kit file name. For example, version 0.9.6
	33	is distributed in the following two files:
	34
	35	openssl-0.9.6.tar.gz
	36	openssl-engine-0.9.6.tar.gz
	37
	38	NOTES
	39	=====
	40
	41	openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
	42	not need to download both.
	43
	44	openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
	45	crypto device. The internal OpenSSL functions are contained in the
	46	engine "openssl", and will be used by default.
	47
	48	No external crypto device is chosen unless you say so. You have actively
	49	tell the openssl utility commands to use it through a new command line
	50	switch called "-engine". And if you want to use the ENGINE library to
	51	do something similar, you must also explicitely choose an external crypto
	52	device, or the built-in crypto routines will be used, just as in the
	53	default OpenSSL distribution.
	54