Huie-Ying Lee wrote: > >> >> These are pretty limited forms of use, and not suitable for commercial >> users who need to manage their key material securely (e.g. government >> users that need to comply with FIPS 140-2.) >> >> The Venus board (vca driver) under Solaris 9 supports secure key >> management (I've not looked at it since Solaris 10), and it would be >> nice if products like this could interact with the common Solaris tools >> in a "standard" way. >> > > I'm not familiar with the secure key management for Venus board on > Solaris9. > So I consulted with the engineer who did the VCR driver for Solaris10 > today. > She mentioned that there is a tool called "pk11export" which can export > a certificate and the associated private key from a Venus card.
No, what I'm talking about it is decrypting a wrapped key received directly into a token's key store. This would allow applications to make use of a wrapped key at the command line. Using this you could use encrypt/decrypt with public keys, which could be nice. But in retrospect, almost all the uses of these features are probably more sophisticated tools, which provide their own UIs for accessing PKCS#11, so its probably not as big a deal as I at first imagined. (I didn't understand at first that the underlying pkcs11 library supported the needs, and that all that was being done was some enhancement to encrypt(1) and decrypt(1). Given this is just for CLI use, I guess this is good enough. :-) -- Garrett D'Amore, Principal Software Engineer Tadpole Computer / Computing Technologies Division, General Dynamics C4 Systems http://www.tadpolecomputer.com/ Phone: 951 325-2134 Fax: 951 325-2191
