Am Donnerstag 04 März 2010 16:20:15 schrieb Douglas E. Engert: > The other questions to ask, are what features from OpenSSL > are being used, and could these be easily replaced. > I know the PIV uses BIO, PEM and RSA functions to read > and write public keys to files, mostly to make them text files. > But it also use the EVP_encrypt and EVP_decrypt to use > with the public keys, as the card can not do these.
maybe padding routines? not sure if we use some, but we could support more padding mechanism, if we add padding in software and use rsa decrypt for signing. needs to be done for cardos at least anyway (for keys that are signing & decryption). > > so I wonder if we should simply require openssl for trunk. > > I don't know a single user that does not compile opensc with > > openssl, or what use opensc would be in such a situation. > > > > what do you think? > > So I would say to require OpenSSL. > > If on the other hand are looking at using gnutls to replace > OpenSSL? I haven't had a look at any other crypto/ssl implementation, as only OpenSSL has an engine support, so only with openssl we can use it's ssl code with smart cards. but in general I'm open to other crypto/ssl libraries, and feedback which ones might be interesting, is very welcome. I know openssl, gnutls, mozilla/netscape nss, libcrypto++, and - forgot the name - the commercial crypto routines by peter gutmann from auckland.nz. some of them should implement pkcs#11 interface and thus be able to use SSL and other interfaces with a smart card. but I haven't tried so far. Regards, Andreas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
