Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-15 Thread Emmanuel Deloget
Hi James, On Tue, Jan 16, 2018 at 12:18 AM, James Bottomley < james.bottom...@hansenpartnership.com> wrote: > On Tue, 2018-01-16 at 00:07 +0100, Emmanuel Deloget wrote: > > While the number of required changes were quite small (and have no > > impact on openvpn), this was quite a journey. I guess

Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-15 Thread James Bottomley
On Tue, 2018-01-16 at 00:07 +0100, Emmanuel Deloget wrote: > While the number of required changes were quite small (and have no > impact on openvpn), this was quite a journey. I guess some of the > merits should go to RSA, Microsoft and Intel, for their incredible > effort in building comprehensive

Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-15 Thread Emmanuel Deloget
Hello Steffan, ​​Sorry fo​r the delay - I was busy doing "things​" :) On Sat, Jan 6, 2018 at 12:11 AM, Steffan Karger wrote: > Hi Emmanuel, > > On 03-01-18 18:13, Emmanuel Deloget wrote: > > Hello Steffan, > > > > On Mon, Jan 1, 2018 at 4:36 PM, Steffan Karger > > wr

Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-05 Thread Steffan Karger
Hi Emmanuel, On 03-01-18 18:13, Emmanuel Deloget wrote: > Hello Steffan,  > > On Mon, Jan 1, 2018 at 4:36 PM, Steffan Karger > wrote: > > Hi, > > On 01-01-18 14:57, Emmanuel Deloget wrote: > > I'm trying to get openvpn read my certificates from a TPM2 usin

Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-03 Thread Emmanuel Deloget
Hello Steffan, On Mon, Jan 1, 2018 at 4:36 PM, Steffan Karger wrote: > Hi, > > On 01-01-18 14:57, Emmanuel Deloget wrote: > > I'm trying to get openvpn read my certificates from a TPM2 using a > > specially crafted PKCS#11 provider (the existing tpm2-pk11 is quite > > limited for now but I might

Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-01 Thread Steffan Karger
Hi, On 01-01-18 14:57, Emmanuel Deloget wrote: > I'm trying to get openvpn read my certificates from a TPM2 using a > specially crafted PKCS#11 provider (the existing tpm2-pk11 is quite > limited for now but I might be able to extend it).  > > However, the PKCS#11 API is not something I'm comfort

[Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-01 Thread Emmanuel Deloget
Hello everybody, I'm trying to get openvpn read my certificates from a TPM2 using a specially crafted PKCS#11 provider (the existing tpm2-pk11 is quite limited for now but I might be able to extend it). However, the PKCS#11 API is not something I'm comfortable with, and I'd like to know if there

Re: [Openvpn-devel] AW: Re: [Openvpn-devel] PKCS#11 and easy-rsa

2006-01-03 Thread Alon Bar-Lev
Götz Babin-Ebell wrote: In my view it lacks the following features: 1. Allow the user to specify his own PKCS#11 library. 2. Generate a new key. This is wide outside of the OpenVPN usage. Is is to be implemented in an PKCS#11 (key) managemement tool but NOT in an VPN daemon. The update is for

Re: [Openvpn-devel] AW: Re: [Openvpn-devel] PKCS#11 and easy-rsa

2006-01-03 Thread Ondra Medek
Hi, > >> I've made easy-rsa 2.0 support for PKCS#11 (it makes a certificate from a > >> token). If you are interested, then it is at > >> > > In my view it lacks the following features: > > 1. Allow the user to specify his own PKCS#11 library. > > 2. Generate a new key. > > This is wide outside

[Openvpn-devel] AW: Re: [Openvpn-devel] PKCS#11 and easy-rsa

2006-01-03 Thread Götz Babin-Ebell
> Ondra Medek wrote: >> Hi, >> >> I've made easy-rsa 2.0 support for PKCS#11 (it makes a certificate from a >> token). If you are interested, then it is at >> > > Hello, > > Thank you for your patch. > > In my view it lacks the following features: > 1. Allow the user to specify his own PKCS#11

Re: [Openvpn-devel] PKCS#11 and easy-rsa

2005-12-30 Thread Ondra Medek
Hi, > In my view it lacks the following features: > 1. Allow the user to specify his own PKCS#11 library. > 2. Generate a new key. > 3. Load the X.509 certificate into the token. > > Now when I think of it, issue#1 can be solved by a symbolic > link, you can have the configuration point to a lo

Re: [Openvpn-devel] PKCS#11 and easy-rsa

2005-12-30 Thread Alon Bar-Lev
Ondra Medek wrote: Hi, I've made easy-rsa 2.0 support for PKCS#11 (it makes a certificate from a token). If you are interested, then it is at Hello, Thank you for your patch. In my view it lacks the following features: 1. Allow the user to specify his own PKCS#11 library. 2. Generate a new

[Openvpn-devel] PKCS#11 and easy-rsa

2005-12-30 Thread Ondra Medek
Hi, I've made easy-rsa 2.0 support for PKCS#11 (it makes a certificate from a token). If you are interested, then it is at http://sourceforge.net/tracker/index.php?func=detail&aid=1357950&group_id=48978&atid=454721

RE: [Openvpn-devel] PKCS#11

2005-10-03 Thread James Yonan
riginal- > De: openvpn-devel-ad...@lists.sourceforge.net > [mailto:openvpn-devel-ad...@lists.sourceforge.net]En nombre de Alon Bar-Lev > Enviado el: viernes, 30 de septiembre de 2005 12:08 > Para: openvpn-devel@lists.sourceforge.net > Asunto: [Openvpn-devel] PKCS#11 >

RE: [Openvpn-devel] PKCS#11

2005-10-02 Thread C. Ruiz, Ivan
://www.sadiel.es -Mensaje original- De: openvpn-devel-ad...@lists.sourceforge.net [mailto:openvpn-devel-ad...@lists.sourceforge.net]En nombre de Alon Bar-Lev Enviado el: viernes, 30 de septiembre de 2005 12:08 Para: openvpn-devel@lists.sourceforge.net Asunto: [Openvpn-devel] PKCS#11

[Openvpn-devel] PKCS#11

2005-09-30 Thread Alon Bar-Lev
Hello James, Is there anything missing from the PKCS#11 integration implementation that I should complete? Best Regards, Alon Bar-Lev. From: Alon Bar-Lev RE: openvpn-2.0.2-pkcs11-20050916.patch 2005-09-19 11:05 James Yonan wrote: > Something that would in