I have pkcs11-dump at [1]. [1] http://alon.barlev.googlepages.com/pkcs11-utilities
On 2/3/09, Douglas E. Engert <[email protected]> wrote: > OpenSC is getting some bad press. (See below) > The line in libp11 p11_key.c says: > 111 * FIXME: We should check first whether the token supports > 112 * on-board key generation, and if it does, use its own algorithm > > Thats a pretty major "FIXME", if the caller is expecting the card to do > key generation, then it should be doing it! > > > > -------- Original Message -------- > Subject: [OpenCA-Devel] PKCS11 - The disturbing Truth about libp11 and > OpenSC! > Date: Tue, 27 Jan 2009 13:13:54 -0600 > From: Massimiliano Pala <[email protected]> > Reply-To: OpenCA Developers <[email protected]> > Organization: Dartmouth College - Computer Science Department > To: LibPKI Users <[email protected]> > CC: OpenCA Devel <[email protected]>, LibPKI Devel > <[email protected]>, Openca Users > <[email protected]> > > Hi all, > > I am developing the PKCS#11 driver for LibPKI and I am playing around with > some other code - especially the libp11 which is used by many software: > - OpenSSL's ENGINE for PKCS#11 > - OpenSC > > When creating the key, the behaviour a user would expect from these driver > is to generate the keypair in the device and then, eventually, export the > public part. However, the libp11 behaves differently. What it really does > is generating the key is software and then import it into the device - which > totally invalidates the assumptions made when using a PKCS#11 device! > > Therefore, my advice is: do not use OpenSC + libp11 (for PKCS#11 access) if > you are concerned about the security of your private key! > > I will develop an application that will print out the "properties" of > public/private keys in a PKCS#11 device so that you can check out what > the status of your generated keys is - the tool will probably be part > of the LibPKI package. > > Later, > Max > > > > > -- > > Douglas E. Engert <[email protected]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > _______________________________________________ > opensc-devel mailing list > [email protected] > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
