On Fri, Feb 06, 2004 at 15:49:37 +0100, "Hatas, Zdenek" <[EMAIL PROTECTED]> wrote:
> Yes,
>
> it does work.
>
> If you'll use Rainbow iKey3000 and PKCS#11 plugin for NS/Mozilla there
> is no problem with storing keys on token.
> The only trouble is, there are no tools for initialization and
> personalization of the token for linux yet.
>
> If you're using M$ Win as a client, there is a strange problem with a
> MSCAPI provider for token.
> It doesn't work with a framesets and mutual authentication on TLS well.
> We had problems with a OpenCA Web.
>
> If Client authentication was required on mod_ssl (apache v2.0x), the
> only center frame was correctly sent.
> Other frames (navbar and header) was not displayed in M$IE. M$IE
> presumed, it was sent cleartext.
>
> PKCS#11 module for Mozilla was no problem both on Linux and M$ Win.
>
>
> Zdenek
I optained an iKey3000 directly from Rainbow (www.fr.rainbow.com): they
cost about 60Euro each (but are sold in couples).
I started testing it in linux I found a large number of problems:
1) I'd like to use openct/opensc support which seems more mature than
pcsc, since the firse has the utility to initialize a token, to
generate RSA keys onbard. The iKey3k token is said to be fully supported
from the opensc page, but pkcs15-init fails and there is no way to
store a certificate/RSA key.
2) I stared using pcsc with the proprietary library from rainbow
(librnboifd.so I downloaded from the rainbow ftp area). With this
library the token is found; unfortunatelly I do not find any utility
to make RSA key generation or to copy a cert.
I've not tested the mozilla plugin, a first try segfaulted my mozilla.
Pleas Zdenek can you give me some more details on your usage of this
token?
Else I'd like to know where I can find console utilities to manage
pcsc tokens, since on the muscle page I only found smarttools-rsa
which seems not to support this token.
I'd very apreciate feedback.
Regards
Alessandro Razeto
>
>
>
> -----Original Message-----
> From: Alexei Chetroi [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 06, 2004 3:19 PM
> To: [EMAIL PROTECTED]
> Subject: [Openca-Users] USB hardware tokens
>
>
> Hi,
>
> Does anybody use USB tokens for storing Certificate or private keys?
> Does it work with Mozilla, Netscape?
>
> Thanks everybody for the answers.
>
> --
> Alexei Chetroi
>
>
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration See the
> breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Openca-Users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-users
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
