Nelson,
Ideally I would like to have my USB device generate an AES-256 session
key directly and make it available for TLS use. There would be devices
on both the client and the server to provide the hardware security.
This would greatly spead up the authentication process along with
increasing the security. Are you aware of any way in which I can get
the symmettric key loaded into the system? How would I instruct the
system to just use the supplied key and bypass the normal assymetric
validation process?
Jay
Nelson Bolyard wrote:
Jay Potter wrote:
Can a PKCS#11 module be proprietary? I would not want to publicize the
intricacies of the USB device, but rather provide a mechanism where
others could utilize its capabilities within their own projects.
Yes, the whole point of PKCS#11 is to allow makers of proprietary crypto
stuff to offer a standard interface to their stuff. PKCS#11 exists to
hide the proprietary stuff under a standard API (the PKCS#11 API).
Most vendors of crypto hardware offer a PKCS#11 module for for their
hardware. The module innards are proprietary. The interface is standard.
NSS-based applications (such as mozilla family clients and server products
from various companies) already work rather readily with PKCS#11 modules
(for public and private key operations and cert storage, mostly).
/Nelson
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
