From 01c644bbfbc3ac88d45ce5f77a35de9e82067009 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 15 Dec 2017 14:59:03 +0100 Subject: ssl: Add engine use case to Users Guide --- lib/ssl/doc/src/using_ssl.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'lib') diff --git a/lib/ssl/doc/src/using_ssl.xml b/lib/ssl/doc/src/using_ssl.xml index f84cd6e391..61918a346d 100644 --- a/lib/ssl/doc/src/using_ssl.xml +++ b/lib/ssl/doc/src/using_ssl.xml @@ -152,4 +152,41 @@ Shell got {ssl,{sslsocket,[...]},"foo"} ok + +
+ Using an Engine Stored Key + +

Erlang ssl application is able to use private keys provided + by OpenSSL engines using the following mechanism:

+ + 1> ssl:start(). +ok + +

Load a crypto engine, should be done once per engine used. For example + dynamically load the engine called MyEngine: +

+ 2> {ok, EngineRef} = +crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, "/tmp/user/engines/MyEngine"},<<"LOAD">>],[]). +{ok,#Ref<0.2399045421.3028942852.173962>} + + +

Create a map with the engine information and the algorithm used by the engine:

+ 3> PrivKey = + #{algorithm => rsa, + engine => EngineRef, + key_id => "id of the private key in Engine"}. + +

Use the map in the ssl key option:

+ 4> {ok, SSLSocket} = +ssl:connect("localhost", 9999, + [{cacertfile, "cacerts.pem"}, + {certfile, "cert.pem"}, + {key, PrivKey}], infinity). + + +

See also crypto documentation

+ +
+ -- cgit v1.2.3