On Thu, Mar 15, 2001 at 10:43:54AM -0500, Ranga wrote:
> Hi,
>
> I am trying to find out if OpenSSL supports CryptoHardwares that perform
>cryptographic operations, stores private keys etc
>
> like IBM 4758? Can different CSPs (Cryptographic Service Providers) plug and play
>into OpenSSL?
>
At this time there is no support for the IBM 4758 card.... It is possible,
however there are some issues with dealing with the key storage and
key representations. I've been toying with actualy working on enabling
openSSL to use PKCS#11 hardware tokens to be able to access other crypto
hardware besides the 4758 (which supports PKCS#11)... PKCS#11 is NOT necessarily
the best API, but it is commonly offered by Crypto hardware vendors....
My initial take would be to create an engine architecture module, which would
have to do some things with managing the keys etc, taking them from
the openSSL calls and caching them as PKCS#11 objects, the first time that
a key was used would incur the overhead of creating the object, but subsequent
uses of the same key would only have to do the PKCS#11 calls...
> Next question is : Is OpenSSL integrated with directory (LDAP) services like
>getting the CRLs, Certificates, etc from a directory?
>
> Would appreciate any kind of input on the above two issues.
>
> Thanks,
>
> Ranga.
>
--
Steven A. Bade
AIX E-Commerce/Network Security Cryptographic Strategy and Development Architecture
[EMAIL PROTECTED]
T/L 678-4799
(512)-838-4799
--
To convert from Hogsheads to Cubic Feet - Multiply by 8.4219
"Two-way communication is necessary to proactively facilitate acceptance
and involvement and to get insights about the journey it takes to get where
we want"
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
