Re: EVP defines

Douglas E. Engert Thu, 28 Jan 1999 10:26:30 -0500
Check out  ftp://achilles.ctd.anl.gov/pub/kerberos.v5/README.sslk5
and sslk5.981208.tar.

Although this is primarily modifications to use SSL authentication
to get a Kerberos ticket, there is also PKCS#11 code which allows
one to use a Smart card with SSLeay, for authentication. 

The routines globus-proxy-init.c, scload.c, scutils.c and sslutils.c
the routines which deal with smartcards. 

This code was developed for the Globus project, http://www.globus.org
and was demonstrated at Super Computing 98 in Orlando last year.  

Thgis may not be what you are look for, as it is designed to allow
SSLeay to use Smartcards which have PKCS#11 

Lutz Behnke wrote:
> 
> Greetings,
> 
> I am trying to put pkcs11 support into openssl and would like
> to use the evp interface throughout the ssl code to make
> this and adding new async encryption in the future easier.
> Then add pkcs11 support to the evp interface.
> 
> Now I have two questions:
> 
> a) Would you consider the above a valid way of doing it.
> b) What are the meanings of the following defines in crypto/evp/evp.h:
> 
>         #define EVP_PK_RSA      0x0001
>         #define EVP_PK_DSA      0x0002
>         #define EVP_PK_DH       0x0004
>         #define EVP_PK_PKCS11   0x0008
>         #define EVP_PKT_SIGN    0x0010
>         #define EVP_PKT_ENC     0x0020
>         #define EVP_PKT_EXCH    0x0040
>         #define EVP_PKS_RSA     0x0100
>         #define EVP_PKS_DSA     0x0200
>         #define EVP_PKT_EXP     0x1000 /* Export: <= 512 bit key */
> 
>         #define EVP_PKEY_NONE   NID_undef
>         #define EVP_PKEY_RSA    NID_rsaEncryption
>         #define EVP_PKEY_RSA2   NID_rsa
>         #define EVP_PKEY_DSA    NID_dsa
>         #define EVP_PKEY_DSA1   NID_dsa_2
>         #define EVP_PKEY_DSA2   NID_dsaWithSHA
>         #define EVP_PKEY_DSA3   NID_dsaWithSHA1
>         #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
>         #define EVP_PKEY_DH     NID_dhKeyAgreement
> 
> PK: ?
> PKT: public/private key type (operations allowed)?
> PKS: sub-types? I am a bit confused what the difference between PK
>      and PKS is.
> PKEY: object IDs? Are they used for anything but asn1 en-/decoding?
> 
> Any help apreciated, including RTFMs with a filename as param B-)
> 
> mfg lutz
> --
> *******************************************************************
> Lutz Behnke                             Tel.:   040 / 766 29 1423
> TC TrustCenter for Security             Fax.:   040 / 766 29 577
> in Data Networks GmbH                   email: [EMAIL PROTECTED]
> Am Werder 1
> 21073 Hamburg, Germany

-- 

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: EVP defines

Reply via email to
