Some folks here might be interested in http://webservices.xml.com/pub/a/ws/2003/12/09/salz.html which walks through a secure, auditable root keygen and signing ceremony. The context is using OpenSSL to build a PKI so that we can write an XKMS server, building up to secure Web Services messages using XML DSIG and Encryption.
But hey, ya gotta start somewhere. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]