Hi,
I'm looking for a way to use a nCipher crypto box or HSM ("Hardware Security
Modul") to keep the private key used for the client authentication in cURL;
I would prefer to keep using cURL in a shell script instead of using
libcurl.

I found a not well documented "engine" parameter and I only guess it's the
right way to achieve my goal; crypto engines are mentioned in the online
help ("curl --help" : "--engine <eng> Crypto engine to use (SSL)") and as
error messages in curl --manual:

     53 SSL crypto engine not found
     54 Cannot set SSL crypto engine as default

The priv. key is already in nCipher "embed" stored; its certificate is in a
pem file; so my first unsuccessfull try looks like this:

# /usr/local/bin/curl --engine embed --ciphers DES-CBC3-SHA --cert cert.pem
--cacert ca.pem --random-file random.dat --sslv3 --verbose --fail ... etc

* About to connect() to proxy:80
* Connected to proxy port 80
* Establish HTTP proxy tunnel to target.url:443
< HTTP/1.0 200 Connection established
< Proxy-Agent: NetCache
* Proxy replied OK to CONNECT request
* unable to set certificate file (wrong password?)
* Closing connection #0
curl: (58) unable to set certificate file (wrong password?)
#

does anybody know how should the parameters --cert --engine be given? is
there something that I ignored before? I wonder how to specify the right key
from the key set stored in the crypto engine

I would appreciate any feedback!
Thanks
Juan-Carlos Manzano
Received on 2004-11-19