Douglas E. Engert wrote:
>
> Check out ftp://achilles.ctd.anl.gov/pub/kerberos.v5/README.sslk5
> and sslk5.981208.tar.
>
> Although this is primarily modifications to use SSL authentication
> to get a Kerberos ticket, there is also PKCS#11 code which allows
> one to use a Smart card with SSLeay, for authentication.
>
> The routines globus-proxy-init.c, scload.c, scutils.c and sslutils.c
> the routines which deal with smartcards.
>
> This code was developed for the Globus project, http://www.globus.org
> and was demonstrated at Super Computing 98 in Orlando last year.
>
> Thgis may not be what you are look for, as it is designed to allow
> SSLeay to use Smartcards which have PKCS#11
thank you for the post. There are some good idea in that code.
Unfortunately I cannot use it as intented, since it only patches
the RSA methods. This is the way to go if you only want to add rsa
support. We do this on a lower level to have our pkcs11 implementation
talk to the SC about rsa.
I plan to add PKCS11 directly to SSL, allowing any cryptographic
method availiabl on the token to be used by the library. This will
start with RSA, thus seem to make the point moot, but it allows
for much more flexible and clean insertion of PKCS in the code (IMO)
In order to do this I think, I need to remove all non-evp RSA/DSA/DH
calls
from the ssl code. I am wondering whether there is any reason why this
is not
a GoodThing.
mfg lutz
--
*******************************************************************
Lutz Behnke Tel.: 040 / 766 29 1423
TC TrustCenter for Security Fax.: 040 / 766 29 577
in Data Networks GmbH email: [EMAIL PROTECTED]
Am Werder 1
21073 Hamburg, Germany
S/MIME Cryptographic Signature
