Zoran, I'd be happy to test your implementation. The PKCS#11 devices that I
have at my disposal are:
Eracom CSA7001/7002
nCipher nFast SCSI HSM
GemPlus PC410 smartcard reader
Litronic Netsignia 210 smartcard reader
and I think there may be a Rainbow HSM and Rainbow iKey's floating around
somewhere.
I was gearing up to submit the OpenSSL/PKCS#11 integration that I've been
developing/using for the last 18 months. It works with the devices listed
above, and the Rainbow CryptoSwift 300. It's taken me this long to get
approval from above. I've only implemented RSA operations though, so
perhaps yours is more complete. Mine is implemented using the RSA_METHOD
hook rather than as an ENGINE component, so yours may be more relevant.
Regards,
Steven
> -----Original Message-----
> From: Zoran Radenkovic [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, May 03, 2001 11:42 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: PKCS#11 engine support
>
> Hi,
>
> We are currently producing an OpenSSL/mod_ssl/Apache solution that uses
> our
> new h/w accelerator
> card CSA8000. This card talks to the host using PKCS#11 interface and it
> plugs-in to OpenSSL
> via engine API. Currently it supports 0.9.6 version (in next few days we
> will look
> in 0.9.6a as well). Engine support is completely PKCS#11 based (it's not
> h/w specific as other engines)
> and should work with any cryptoki implementation. We tested it with
> cryptoki for CSA7000, CSA8000
> adapters and s/w based cryptoki. We don't have available any non-Eracom
> cryptoki.
>
> We got approval from management to opensource this patch for openssl if
> there is an interest. It would
> be great if we can catch the train for 0.9.7. How far is it?
>
> I have few questions if we go further:
> a) How much is engine API changed in 0.9.7. Will 0.9.6a port will work
> or
> is demanding significant
> change?
>
> b) Does openssl development team have any means to test it with criptoki
> implementation.
> Because CSA8000 will be released in next few weeks it will be very hard to
> get handle to one adapter.
> We can maybe provide Eracom's s/w criptoki implementation for
> openssl-development team.
>
> c) Is it sufficient to give you a patch for 0.9.6a or we need to port it
> on 0.9.7 shapshot first.
>
>
> Cheers,
> Zoran Radenkovic
>
>
>
> ERACOM Products meeting today's security needs.
> Visit our Website at: http://www.eracom.com.au
> Or call ERACOM Pty. Ltd. on: +61 7 5593 4911
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
