> in order for the application to have access to the keys in > the crypto hardware upon an unattended reboot, the PINs to the hardware > must be accessible to the application.
The cards that I know about work differently -- you configure them to allow unattended reboot, and then no PIN is involved. This is a little more secure, in that it requires a conscious decision to do this, as opposed to sticking the PIN somewhere on the filesystem. /r$ -- STSM, DataPower CTO WebSphere Appliance Architect http://www.ibm.com/software/integration/datapower/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com