On Thu, Jun 03, 2010, Martin Gwerder wrote: > > This modification of the OpenSSL library would allow to make the > certificates more secure and allow applications without (!) any code > modification (just by linking against the CSP capable OpenSSL library) to > support the CSP. >
I'm more than a little confused by this description. The use of "CSP" is unfortunate as it is used on Windows to be a Cryptographic Service Provider this seems to be something entirely different. I'm not clear about talk of making certificates more secure. Certificates are often public or publicly available. If you mean private key security then this makes more sense. OpenSSL includes means to secure private keys through the ENGINE interface. There are some built in which can use external private keys (e.g. Windows CSPs or Chil HSMs). It only requires a few calls to make use of a private key in an ENGINE after that usage is almost transparent. However at present very applications support that. We could (and indeed I've planned for a while) make that easier to do without needing application modification. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
