On 7/1/07, Roumen Petrov <[EMAIL PROTECTED]> wrote:
> This is nice, although I don't see any real use case for this engine, > as you require the user to manually export information from CryptoAPI > store into files before the engine could be used. There isn't such requirement.
Where? I guess you have someone who like to use CryptoAPI with OpenSSL... Can you give a test case of real usage? I am just interested.
> I think OpenSSL engine (generic) should allow to expose certificate > store, this will allow engines such as this one or PKCS#11 to expose > the complete object list and references. Engine control function can do this.
But then you must write specific engine code in the application... I don't think this is wise.
> There is not much point in holding certificates in files while they > exists in CryptoAPI or smartcard... If I can export a certificate with matching private key I will not write engine.
OK. Waiting for use case.
> There is also an issue of resources prompt (passphrase, token) and a > small issue of object serialization in engine interface. If I remember well, smart card proprietary software will ask for password when is necessary.
This should be part of engine API as well... So application may construct proper dialogs. Be aware that if you use "Protected storage" or "Smartcard" based you will get Windows UI GUI activated automatically. So, for example, you will not be able to use this solution for server application. Best Regards, Alon Bar-Lev. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
