Hi, > To let you know about the privacy focus, i am using a HSM under > OpenSSL so the key generation process will in any case be hidden to > the Operator.
Yes, but only the generation if you export the keys. I divide the answer in two parts - part 1 "Token request", part 2 "basic request" and part 3 "smartcards on client". Part 1 Token request The token request was designed for users who ask for a certificate but the smartcard will be initialized from the RA Operator. The token request creates only a header not a real request. The real request and key will be created on the client of the RA Operator. Part 2 Basic request The basic request generates the key and the request on the server. If OPENCADIR/etc/servers/pub.conf includes an activated engine then the key will be generated by the HSM and stored on the RA. After the issuing of the certificate you can download a PKCS#12-file or a PEM-file which inlcudes the key and cert. Part 3 Smartcards on client If you want to generate the key directly on your smartcard then you must install the PKCS#11-module in your netscape or you must install the CSP in Windows. After this the browsers can use your smartcard directly for keygeneration too. Regards, Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
