On 03/18/10 01:38 PM, Matt Ball wrote: <snip>
> I've got a port of OpenSC's libpkcs11_spy that works well in getting > traces of pkcs11 traffic on a Solaris box. Only caveat is that it's not > signed as part of the make process. Let me know if you're interested The real crypto-with-a-hole problem for pkcs11_tracer.so (dunno about libpkcs11_spy) lies elsewhere I think - it does not verify the signatures of libraries it is loading. In fact, it's actually good thing it's not signed. > and I can make that available. Yep, that would be useful. Minimally worth a blog entry. v.
