Vlasta Joskova wrote:
>
> Hi all,
>
> Are there any plans to support PKCS#11 tokens in OpenSSL? Has someone
> done something in this field? Any practical experience?
>
Yes, as part of the Globus Project, www.globus.org we added modifications
to sc_rsa_eay.c to have it use the private key on a smartcard. In addition
there is a scutils.h, scutils.c and a scload.c These all work with SSLeay-0.9.0
and should work with OpenSSL.
We have run this under Windows and Solaris using the Litronic and Datakey
implementations of PKCS#11 with their cards.
After downloading the Globus source, from http://www.globus.org. The above
files can be found in the src/Security/gssapi_ssleay.
The same routines can also be found with the SSLK5 (used to authenticate
to Kerberos using a X509 certificate chain with SSLv3) at
ftp://achilles.ctd.anl.gov/pub/kerberos.v5
Practical experience shows the smartcards are very slow to sign. But it does
work.
> Regards,
>
> --
> Vlasta Joskova <[EMAIL PROTECTED]>
> ICZ a.s.
> Zirovnicka 6/3133
> 106 00 Praha 10, Czech Republic
> Tel.: +420(2)7276 0326
> Fax : +420(2)7276 0322
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
