RE: [Muscle] [PATCH] MuscleCard engine for OpenSSL

Fri, 27 Aug 2004 15:03:04 -0700


Few patch feedback notes, from an XP Pro platform build, using ms/do_ms with cl (12.000.8804)compiler.

1. patch contains a diff of engine/crypto/Makefile. No such file exists in tarball. (Post ms/do_ms, no such file exists, also.)

2. running ms\do_ms indicated "Warning: ENGINE_load_musclecard does not have a number assigned" a few times.

3. compile of source using cl went fine until compiling crypto/engine/hw_musclecard.c.
- had to alter vendor_defs of musclecard.h to import musclecard.h from std windows install path for muscle libraries, rather than <PCSC/...>
- had to remove -WX compiler option, to allow some downcast warnings to be ignored.

4. the openssl library built.

More buldint/testing later.

Excellent work!

Now onto openvpn - over openssl - using muscle applet crypto - operating on a javacard.


From: Michael Gold <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED], MUSCLE  <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: [Muscle] [PATCH] MuscleCard engine for OpenSSL
Date: Fri, 27 Aug 2004 16:21:23 -0400

I've created a patch to add a MuscleCard engine to OpenSSL 0.9.7d,
allowing it to access smart cards using the MuscleCard API. It is
located at:
    http://www.scs.carleton.ca/~mgold/patches/openssl-add-mcard.patch

This engine implements RSA encryption (signing) and decryption using a
private key stored on a MuscleCard-compatible smart card. It has been
tested with a Cyberflex e-gate 32K Java Card running MUSCLE's
CardEdgeApplet (using the MCardPlugin service for PCSC Lite).

Usage example
-------------

This command will use the MuscleCard engine to create a self-signed
certificate:

openssl req -new -text -sha1 -x509 \
        -engine musclecard -keyform engine \
        -key "E-Gate 00 00:0:1:1111:/var/ssl/cflex_pub.key" \
        -out cacert.pem

The meaning of the key string is as follows:
  Use PCSC Lite reader "E-Gate 00 00"
  Private key 0
  Authenticate with PIN #1, value "1111"
  Public key is stored in /var/ssl/cflex_pub.key (to export public
    key 1 using muscleTool: "exportkey 1 /var/ssl/cflex_pub.key")

- Michael
<< attach4 >>
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle



_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to