On 10/9/07, Kent Yoder <[EMAIL PROTECTED]> wrote: > Hi Alon, > > > I will not rewrite low level PKCS#11 code outside the pkcs11-helper > > library, this will be unwise, unprofessional, unmaintainable and > > unsupported, especially if the reason is political one. > > As useful as pkcs11-helper may be, PKCS#11 is the industry standard > API and ecryptfs must support it eventually. Most importantly its the > interface through which the Java Cryptography Extension accesses the > hardware, which is for us the most important consumer.
Here you are wrong. pkcs11-helper provide the ability to access the PKCS#11 industry standard. Please try the patchset and see for yourself that the solution allows eCryptfs to access any PKCS#11 provider. All the other notes based on this assumption, I will be happy to explain more if you like. > But doing things like pulling an RSA modulus out of a pkcs11 data store > and encrypting with it using OpenSSL is not going to be acceptable for >some vendors. Why? It takes about 2 seconds to do this using most smartcard hardware... And less than 0.1 second to do this on main CPU... I already told Michael that if we want *ACCELERATION* we should divide private and public key operation, so that public key operation may go to the accelerator and private key operation go the the specific provider. The accelerator and provider may be the same module, but in most cases they should be different. But this improvement can be done later on. Transparent to application. Providing ability to use smartcards is important enough even if it is not super optimized at this point (although for most solution it is...). Best Regards, Alon Bar-Lev. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ eCryptfs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
