Richard Levitte - VMS Whacker wrote: [...]
Do I get it correctly, that this would be a MuscleCard-specific implementation of a PKCS#11 engine? We already have three other PKCS#11 engine contribution in our pipe, unfortunately specific to the hardware the authors were playing with instead of being a generic PKCS#11 one. I've refused to insert them all in OpenSSL for the specific reason that they're branded as "generic PKCS#11".
Well, I am not sure about the PKCS#11 because I have not worked on it yet. I guess that if you code an engin that uses a PKCS#11 interface any PKCS#11 library you link (or dinamically load) will work with that ENGINE implementation.
Another possibility would be to implement the ENGINE directly on top of the MuscleCard API and then you could code a PKCS#11 module using OpenSSL call with generic engine support.
If you make something specifically for MuscleCard and that's branded as such but happens to use PKCS#11 calls underneith, I've no problems...
It is a choice... I really don't know what's best... the first approach
will have the ENGINE to be dependant on the existance of a PKCS#11
external library, the second approach will require an OpenSSL's specific
PKCS#11 writing, I guess.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
