Hi folks,
a bit late, but as promised please find attached my preliminary nCipher token module that works for us together quite neatly with 0.9.2RC5. Feedback is welcome.
This is really no big deal, I simply had to set the OpenSSL engine to "chil" to make use of the HSM, the rest is basically a work of cut and paste and finding out how stuff works (TM). I included some documentation and a quick guide for a rudimentary key ceremony within the attached archive.
I will be working on improving the module further, in particular adding a check to determine if the private key is online and usable by the caller. This can not easily be done using the command line tools provided by nCipher, but will very likely require programming against the nCipher API.
A quick hack would be to perform a dummy private key operation and verify if it yields an error, but I am reluctant to have the HSM perform private key operations with the CA root key without good reason...
I commited the stuff to CVS and integrated the readme into docs/guide/admin/token.xml.
Thanks Michael
P.S. I was on holidays - so I need some time to read all my mails. -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
