From: "Oliver Bode" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: Smart Card Readers
Date sent: Wed, 25 Apr 2001 03:07:45 +1000
Send reply to: [EMAIL PROTECTED]
Oliver
Your concern on the license has been answered by DS on their
newsgroup. They switched policy some time ago and decided that
once you purchase the Java iButton, the license is good as long as
you want to use it. But no problem, if you order one, and try it out,
you will not have to worry about the license. You will have given it to
your kids to play with way before a year is up.
We still have several other tokens to test, but for now the Rainbow
remains the best. The GemSAFE package is not bad, but a little
expensive compared to the Rainbow and the Rainbow 2032 has
much more memory (32K). I guess if USB is not an option, then
perhaps I would consider the GemSAFE package.
Both the GemSAFE and Rainbow have very good PKCS-11 support
and everything works as advertised. I can import/export SSH
public/private keys and certs with no problem, and both work well
with OpenSSL (thanks to all the excellent help from Dr. Henson).
Ken
Hi Ken,
After testing a few products and looking into this area in more detail I do
think the IKey is the best value around. I'm still waiting to find out if
the towitoko sign and crypt pack will do the job
http://www.towitoko.com/deutsch/eng/prp.htm
I will take your word for it on the ibutton. It did strike me as odd a semi
conductor company was making this. The licence thing is really bizzare. What
happens to your private key when the licence runs out? I really liked the
jewlery concept though.
Thanks, Oliver
----- Original Message -----
From: "Kenneth R. Robinette" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 25, 2001 1:30 AM
Subject: Re: Smart Card Readers
> From: "Oliver Bode" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: Smart Card Readers
> Date sent: Wed, 25 Apr 2001 01:17:18 +1000
> Send reply to: [EMAIL PROTECTED]
>
> Oliver
>
> You should forget that the Java iButton even exists. I wish I had. It
> has a lot of problems, such as a very slow transfer rate (about 150-
> 300 characters per second), has serious problems with USB
> delivery, is very slow (takes about 7 minutes to generate a 1024 bit
> RSA key onboard), is only about 2% PKCS-11 compliant, and on
> and on and on. I would only recommend the Java iButton to my
> worst enemies, and even then I would think long and hard before
> doing so.
>
> Ken
>
>
> Hello Maxime,
>
> You can find out more about the pkcs11 standard here:
> http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
>
> When Smart Card manufacturers say their cards are PKCS11 compliant,
correct
> me if I'm wrong, I take this to mean that the card is designed for x509
> certificates and it has the ability to generate keys securely on the
token.
> There are ways you can call this function from Netscape and MSIE. After
keys
> are generated on the token the certificate request/public componant is
sent
> to the CA for signing. You can use openssl to sign the certificate request
> and convert the signed request into a structure that can then be installed
> back on to the smartcard - the signed certificate and root certificate
etc.
> You can also import pkcs12 files onto pkcs11 compliant smart cards using
> Netscape.
>
> On another note I am able to answer my own question on the ibutton. You
> can't buy it, the token is licenced to you on an annual basis. Which to me
> sounds problematic as I don't know what happens if you stop paying them.
>
> Bye, Oliver
>
>
>
> ----- Original Message -----
> From: "Maxime Dubois" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, April 07, 2001 8:06 PM
> Subject: Re: Smart Card Readers
>
>
> > Hi,
> >
> > How do you work with openssl and PKCS11 SmartCard readers?
> > Can we export a a PKCS11 certificate with the command line tool?
> > I can only see a pkcs12 command.
> >
> > Thanks
> > Regards
> >
> > Maxime DUBOIS
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
> __________________________________________________
> Support
> InterSoft International, Inc.
> Voice: 888-823-1541, International 281-398-7060
> Fax: 888-823-1542, International 281-560-9170
> [EMAIL PROTECTED]
> http://www.securenetterm.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
