> > anyone has used the ssleay/openssl certificates with smartcards
> > (tokens) 1024bits key enabled, inside the browsers like Netscape or
> > IE/Outlook ?
>
> We work with Gemplus, who sells crypto smartcards to be used
> with IE4 and Netscape 4.04+. (I previously was a Gemplus developper)
>
> I have such cards, and I quickly developped a certificate server, and it
> works. The private key and the corresponding certificate is stored on the
> GemSAFE card, and all the private crypto operations are well performed by
> the card.
Erwann, do you actually say that using the GemSAFE card will 'upgrade'
the crypto in your crypto-disabled browser? That is, you can create 1024bit
keys and use them in your browser to do SSL/SMIME? I've got the same
package (in fact we've got lots of them ;-) ) and to my knowledge
they are also limited in crypto. (Even when we patched our Netscape with
Fortify, it didn't worked! :-( )
IE4 in fact will NEVER allow strong crypto as they use CSP
(Cryptographic Server Providers) which have to be signed by
Microsoft. Thereby all strong crypto CSPs developped outside the
US must go back in for the signing by Microsoft and can't get out
anymore in their strong crypto form.
IMO the best solution for a 'general' IE4/Netscape solution would
be to use personal strong proxy's (Celocom web, C2Net SafePassage,
etc.) based on SSLeay/OpenSSL or the commercial RSA derivative and
which include sometimes smartcard support (Celocom has it available,
I've heard rumours also about C2Net having such versions).
--
ir. Christian Buysschaert - Technical Manager
GlobalSign nv-sa - http://www.globalsign.net
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
