Hi all, I am developing the PKCS#11 driver for LibPKI and I am playing around with some other code - especially the libp11 which is used by many software: - OpenSSL's ENGINE for PKCS#11 - OpenSC
When creating the key, the behaviour a user would expect from these driver is to generate the keypair in the device and then, eventually, export the public part. However, the libp11 behaves differently. What it really does is generating the key is software and then import it into the device - which totally invalidates the assumptions made when using a PKCS#11 device! Therefore, my advice is: do not use OpenSC + libp11 (for PKCS#11 access) if you are concerned about the security of your private key! I will develop an application that will print out the "properties" of public/private keys in a PKCS#11 device so that you can check out what the status of your generated keys is - the tool will probably be part of the LibPKI package. Later, Max
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
