Hello Maxime,
You can find out more about the pkcs11 standard here:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
When Smart Card manufacturers say their cards are PKCS11 compliant, correct
me if I'm wrong, I take this to mean that the card is designed for x509
certificates and it has the ability to generate keys securely on the token.
There are ways you can call this function from Netscape and MSIE. After keys
are generated on the token the certificate request/public componant is sent
to the CA for signing. You can use openssl to sign the certificate request
and convert the signed request into a structure that can then be installed
back on to the smartcard - the signed certificate and root certificate etc.
You can also import pkcs12 files onto pkcs11 compliant smart cards using
Netscape.
On another note I am able to answer my own question on the ibutton. You
can't buy it, the token is licenced to you on an annual basis. Which to me
sounds problematic as I don't know what happens if you stop paying them.
Bye, Oliver
----- Original Message -----
From: "Maxime Dubois" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, April 07, 2001 8:06 PM
Subject: Re: Smart Card Readers
> Hi,
>
> How do you work with openssl and PKCS11 SmartCard readers?
> Can we export a a PKCS11 certificate with the command line tool?
> I can only see a pkcs12 command.
>
> Thanks
> Regards
>
> Maxime DUBOIS
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
