Hi folks, a bit late, but as promised please find attached my preliminary nCipher token module that works for us together quite neatly with 0.9.2RC5. Feedback is welcome.
This is really no big deal, I simply had to set the OpenSSL engine to "chil" to make use of the HSM, the rest is basically a work of cut and paste and finding out how stuff works (TM). I included some documentation and a quick guide for a rudimentary key ceremony within the attached archive. I will be working on improving the module further, in particular adding a check to determine if the private key is online and usable by the caller. This can not easily be done using the command line tools provided by nCipher, but will very likely require programming against the nCipher API. A quick hack would be to perform a dummy private key operation and verify if it yields an error, but I am reluctant to have the HSM perform private key operations with the CA root key without good reason... Cheers, Martin
OpenCA-nCipher.tar.gz
Description: GNU Zip compressed data
