Re: Smart Card Readers

Kenneth R. Robinette Tue, 24 Apr 2001 09:23:20 -0700
From:                   "Oliver Bode" <[EMAIL PROTECTED]>
To:                     <[EMAIL PROTECTED]>
Subject:                Re: Smart Card Readers
Date sent:              Wed, 25 Apr 2001 01:17:18 +1000
Send reply to:          [EMAIL PROTECTED]

Oliver

You should forget that the Java iButton even exists.  I wish I had.  It 
has a lot of problems, such as a very slow transfer rate (about 150-
300 characters per second), has serious problems with USB 
delivery, is very slow (takes about 7 minutes to generate a 1024 bit 
RSA key onboard), is only about 2% PKCS-11 compliant, and on 
and on and on.  I would only recommend the Java iButton  to my 
worst enemies, and even then I would think long and hard before 
doing so.

Ken


Hello Maxime,

You can find out more about the pkcs11 standard here:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/

When Smart Card manufacturers say their cards are PKCS11 compliant, correct
me if I'm wrong, I take this to mean that the card is designed for x509
certificates and it has the ability to generate keys securely on the token.
There are ways you can call this function from Netscape and MSIE. After keys
are generated on the token the certificate request/public componant is sent
to the CA for signing. You can use openssl to sign the certificate request
and convert the signed request into a structure that can then be installed
back on to the smartcard - the signed certificate and root certificate etc.
You can also import pkcs12 files onto pkcs11 compliant smart cards using
Netscape.

On another note I am able to answer my own question on the ibutton. You
can't buy it, the token is licenced to you on an annual basis. Which to me
sounds problematic as I don't know what happens if you stop paying them.

Bye, Oliver



----- Original Message -----
From: "Maxime Dubois" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, April 07, 2001 8:06 PM
Subject: Re: Smart Card Readers


> Hi,
>
> How do you work with openssl and PKCS11 SmartCard readers?
> Can we export a a PKCS11 certificate with the command line tool?
> I can only see a pkcs12 command.
>
> Thanks
> Regards
>
> Maxime DUBOIS
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Smart Card Readers

Reply via email to
