Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-17 Thread Peter Stuge
On Thu, Nov 16, 2006 at 01:32:43PM +0100, Jesus Luna wrote: > This HSM in particular (RealSec's CryptoSec at > http://www.realsec.com/esp/servicios/cifrado.html) does not store > private keys, it's only a crypto-accelerator. I don't speak spanish but from the datasheet it looks to me like a tamper

Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-17 Thread Nils Larsch
Jesus Luna wrote: ... This HSM in particular (RealSec's CryptoSec at http://www.realsec.com/esp/servicios/cifrado.html) does not store private keys, it's only a crypto-accelerator. how is this supposed to work ? pkcs11 expects the keys to be present on token (or within the library) when a sign

RE: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-16 Thread Jesus Luna
> > The private key used to sign the OCSP Request > > did you read the quickstart section in [1] ? The value for > the key argument should contain the slodId + key Id. > > Cheers, > Nils > > [1] http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart > This HSM in particular (RealSec's Cr

RE: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-16 Thread Jesus Luna
De: Eddy Nigg (StartCom Ltd.) [mailto:[EMAIL PROTECTED] Enviado el: miƩrcoles, 15 de noviembre de 2006 21:49 Para: Jesus Luna CC: 'Nils Larsch'; opensc-devel@lists.opensc-project.org; 'Oscar Manso' Asunto: Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP Where

Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-15 Thread Nils Larsch
Jesus Luna wrote: -Mensaje original- De: Nils Larsch [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 21:02 Para: Jesus Luna CC: opensc-devel@lists.opensc-project.org; 'Oscar Manso' Asunto: Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP S

Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-15 Thread Eddy Nigg (StartCom Ltd.)
ensc-devel] Using engine_pkcs11 with openssl for OCSP Server when sending a signed Response): ocsp -host ocsp.camerfirma.com:80 -path http://ocsp.camerfirma.com/ocsp -issuer Camerfirma-RootSinPoderes.pem -serial 0x00C20FA62E42F03643257115AED64

RE: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-15 Thread Jesus Luna
> -Mensaje original- > De: Nils Larsch [mailto:[EMAIL PROTECTED] > Enviado el: lunes, 13 de noviembre de 2006 21:02 > Para: Jesus Luna > CC: opensc-devel@lists.opensc-project.org; 'Oscar Manso' > Asunto: Re: [opensc-devel] Using engine_pkcs11 with openssl for

Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-13 Thread Nils Larsch
Jesus Luna wrote: Hello, Our OCSP Responder is based on Apache's mod_ssl and uses openssl libraries to perform crypto operations (i.e. signing the Responses). These days I've been trying to implement HSM support with the PKCS11 DLL provided by the crypto device manufacturer (Spain's RealSec). Wh

RE: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-13 Thread Jesus Luna
De: Nils Larsch [mailto:[EMAIL PROTECTED] > Enviado el: viernes, 10 de noviembre de 2006 21:59 > Para: Jesus Luna > CC: opensc-devel@lists.opensc-project.org; 'Oscar Manso' > Asunto: Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP > > Jesus Luna wrote: >

Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP

2006-11-10 Thread Nils Larsch
Jesus Luna wrote: Dear all, I'm trying to add HSM support to our OCSP Responder by integrating engine_pkcs11 with openssl to it, however in our tests we have found that RSA Signature operations are not implemented Do you mean: signing ocsp responses with openssl (the command line tool ?) doesn