hello,
this question is somehow related to openssl, i'm guessing openssl users
community might point me in the right direction.
Today i'm generating digital identities (key + cert) using openssl and CA
key/cert files.
basically it boils down to a classic : (1) rsa key generation, (2) csr
generation and (3) certificate signature.
I
am fine with my generated identities stored on files or file keystores.
However, for some reason we want to stop using CA key files stored on
hard drive to start using a thrid party dongle (chipset on a card or usb
dongle) to make that 3rd operation.
And no : using a keystore to store CA key does not seem to be enough, even if
stored on USB pen drive :)
I
have used in the past the openssl -e <engine> to interact with
some cards issued by french public institution by using a Gemalto USB
PC/SC reader along with a proprietary lib in ordet to digitally sign
documents (not certificates). At the time i never needed to dwelve into
openssl source.
I have seen in openssl sources (engine folder) references to
* Broadcom uBSec SDK
* Baltimore Technologie SureWare
* Rainbow CryptoSwift
* nCipher CryptoHook
* Atalla cards
that i am currently digging further
Do
you guys have an idea of a -- preferably european -- provider that
would sell a hardware/software solution so that I can use it with
openssl -e in order to sign CSRs ?
Any hint is appreciated
thanks
alx
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
