-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello Alon,
>> Using (--)askpass works fine too when connecting with openvpn but > Does it also popup PIN dialog? No, it reads from stdin which makes it impossible to run openvpn as a MSWindows service. I was hoping the pkcs11 code would be helpful in that department as using the cryptoapi and running as a service won't work. Probably because the service runs as System and tries to retrieve it from the wrong cert store. Running the service as another user won't help either ?! :-( Anyone who has an idea how to tackle this ? Basically I want to store the certificate on a smartcard and be able to run openvpn as a service (e.g. start/stopping it through net start/stop openvpnservice). > PKCS#11 protected authentication is not implemented by most of PKCS#11 > providers, it is used in biometric environment or when external keypad > is available. Are you sure your provider support protected authentication? I haven't got a clue as of yet. I'm not really a Windows user myself so it took me quite a while to figure out what to supply as a provider. In the end I looked in the firefox preferences :) but there's probably a win32 CLI tool somewhere that can list the various pkcs11 resources and info. Cheers, Albert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDZzmiKltZixSsH2QRAz6IAJ41gKLFO0K7YQTK3VyZLWBXxleHfgCeP/eS BPzRYQr2muYQnZQjE7FwBTo= =B992 -----END PGP SIGNATURE-----
