Re: [OpenCA-Devel] Question about OpenCA features

Mon, 20 Sep 2004 07:58:33 -0700 

Hi Michael:

I have a doubt about usign signed logs. I was analizing Log.pm module and I found that in "sub addMessage" this code (Log.pm - line 251):

   ## sign message if supported
   if ($self->{TOKEN}->keyOnline)
   {
       $msg->setSignature($self->{TOKEN}->sign(DATA => $msg->getXML));
   }

I need to know how can I configure OpenCA logs to allow the previous condition to be TRUE. I've already test that the signature works fine (passing the parameter PASSWD => "xxxx" to sign function) and skiping that evaluation.

A few lines below, in the same function, I found this code (Log.pm - line 266):

       ## get digest from log if supported and
       ## sign digest from log if supported
       if ($self->{SLOT}->{$slot}->getFeatures()->{"LogDigest"} and
           $self->{SLOT}->{$slot}->getFeatures()->{"LogSignature"})
       {
           my $digest    = $self->{SLOT}->{$slot}->getLogDigest();
           my $signature = $self->{TOKEN}->sign(DATA => $digest);
           $self->{SLOT}->{$slot}->addLogSignature($signature);
       }

I don't understand which is the purpose of this code ?

Julio


Michael Bell wrote:

Julio D'Angelo wrote:

Automatic issue on the CA of all pending certificates,
Automatic CRL generation and publication, and
Digitally signed logs.


Actually these features are not implemented. This sounds like from SET. If you need special features then please add it to the RFEs at our project page on sourceforge. We will discuss all these requested features and their priorization at the workshop in Munich.

BTW we tested signed logs already and they are only really usable if you have an accelerator for the crypto operations.

Michael 


--
--------------------------------------------------------
Lic. Julio C. D'Angelo
Oficina Nacional de Tecnologías de Información
Subsecretaría de la Gestión Pública
TE: (+54 11) 4343 9001 int 538  Fax: (+54 11) 4343 7458
eMail: [EMAIL PROTECTED]        http://www.pki.gov.ar
--------------------------------------------------------



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to