Hi Goetz, Thanks a lot for your help. I've looked at the web sites for Eracom and Bull and I've found their PCI cards, which do indeed provide key storage. I will contact them to get more details.
Thanks again! Francisco ----- Original Message ----- From: "Goetz Babin-Ebell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 10, 2003 8:38 AM Subject: Re: Providers of hardware key storage > Hello Francisco, > > Francisco Corella wrote: > > Hi Goetz, > > >>OpenSSL comes with build in support for different > >>crypto hardware (called ENGINE, in crypto/engine/). > >>But support for additional crypto engines may be added on run time. > >> > >>Please search the OpenSSL web pages. > > > > I think I understand, at least in principle, how to use hardware crypto with > > mod_ssl. But there are two ways of doing it, depending of where you keep > > the server key: > > > > (a) You may keep the server key in a file specified by the directive > > SSLCertificateKeyFile, and send the key to the hardware for each operation > > that requires use of the key. Or, > > > > (b) You may keep the server key in the hardware, and tell the hardware what > > key to use for each operation in some ad-hoc fashion. > > > > My understanding is that most hardware crypto uses option (a). I know that > > nCipher lets you use option (a) or option (b), but using option (b) requires > > buying the tamperproof card called "nForce", which is very expensive, > > instead of the vanilla "nFast" card. > > > > What I was asking is whether there is other crypto hardware out there that > > lets you use option (b). I'm hoping to find something less expensive than > > nForce. > > Eracom has a crypto card. > It is accessed with a PKCS#11 interface. > > There are several PKCS#11 ENGINE implementations for OpenSSL > available. > (One from Bull, one from eracom, may be others) > > Have a look at one of these. > > > Bye > > Goetz > > -- > Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de > Sonninstr. 24-28, 20097 Hamburg, Germany > Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
