On Thu, 3 May 2001, Reddie, Steven wrote:
> Zoran, I'd be happy to test your implementation. The PKCS#11 devices that I
> have at my disposal are:
> Eracom CSA7001/7002
> nCipher nFast SCSI HSM
> GemPlus PC410 smartcard reader
> Litronic Netsignia 210 smartcard reader
Please don't say that a smartcard reader is a PKCS#11 token... The token
is the smartcard, not the reader. I think you're talking about a GemSAFE
card accessed with a PC410 reader, right? You could use the same card with
the Litronic reader, as soon as you splitted the code between
reader-dependant and card-dependant. The best way to do this is to use the
PC/SC API.
> and I think there may be a Rainbow HSM and Rainbow iKey's floating around
> somewhere.
> I was gearing up to submit the OpenSSL/PKCS#11 integration that I've
> been developing/using for the last 18 months. It works with the
> devices listed above, and the Rainbow CryptoSwift 300. It's taken me
> this long to get approval from above. I've only implemented RSA
> operations though, so perhaps yours is more complete. Mine is
> implemented using the RSA_METHOD hook rather than as an ENGINE
> component, so yours may be more relevant.
>
> Regards,
>
> Steven
>
> > -----Original Message-----
> > From: Zoran Radenkovic [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, May 03, 2001 11:42 AM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: PKCS#11 engine support
> >
> > Hi,
> >
> > We are currently producing an OpenSSL/mod_ssl/Apache solution that uses
> > our
> > new h/w accelerator
> > card CSA8000. This card talks to the host using PKCS#11 interface and it
> > plugs-in to OpenSSL
> > via engine API. Currently it supports 0.9.6 version (in next few days we
> > will look
> > in 0.9.6a as well). Engine support is completely PKCS#11 based (it's not
> > h/w specific as other engines)
> > and should work with any cryptoki implementation. We tested it with
> > cryptoki for CSA7000, CSA8000
> > adapters and s/w based cryptoki. We don't have available any non-Eracom
> > cryptoki.
> >
> > We got approval from management to opensource this patch for openssl if
> > there is an interest. It would
> > be great if we can catch the train for 0.9.7. How far is it?
> >
> > I have few questions if we go further:
> > a) How much is engine API changed in 0.9.7. Will 0.9.6a port will work
> > or
> > is demanding significant
> > change?
> >
> > b) Does openssl development team have any means to test it with criptoki
> > implementation.
> > Because CSA8000 will be released in next few weeks it will be very hard to
> > get handle to one adapter.
> > We can maybe provide Eracom's s/w criptoki implementation for
> > openssl-development team.
> >
> > c) Is it sufficient to give you a patch for 0.9.6a or we need to port it
> > on 0.9.7 shapshot first.
> >
> >
> > Cheers,
> > Zoran Radenkovic
> >
> >
> >
> > ERACOM Products meeting today's security needs.
> > Visit our Website at: http://www.eracom.com.au
> > Or call ERACOM Pty. Ltd. on: +61 7 5593 4911
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-----
When uncertain, or in doubt, run in circles and scream.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
