Carl Youngblood wrote:
I tried QSign but had some problems building it. I don't remember
what they were exactly right now, but I will go back to it and try
again and report my difficulties.
I'm curious, would you say that your PKCS11 library is more complete
than the muscle one?
I would never dare saying something that is not true. The muscle lib
has been tested on a set of different platforms and with a set of
different browsers. I cannot say the same of my Smart Sign P#11
library, which I just developed on Linux and tested with Netscape 4.x.
I'm just reporting how my library works. It does not require further
things on the smart-card than a private cryptographic key and a
DER-encoded X.509 certificate into a MuscleCard object. The drawback
is I do not store any additional P#11 attributes which are passed to
the module by an application during the device formatting phase, so,
basically, what I made is to "cheat" around those attribute values,
whenever I'm not able to recover them from the MuscleCard key descriptor
and the public key certificate on the device.
Any case, it would be easy to discuss about the value an application
should give to such attributes, as it would be easy to tweak the
attribute objects and change their contents. An application should
only trust what is written on the public key certificate, which is
signed by a CA, and nothing else, shouldn't it ?
Of course, this applies only to CA-oriented secure apps.
T.
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
