Hi, > OpenCA 0.9.2 includes a complete new implementation for the enginge stuff > to get a better encapsulation for proprietary details. Actually we (Martin > and I) try to get it working with nCipher. Martin knows all the details > about nCipher and codes the module. I try to fix all the bugs which Martin > found in the OpenCA stuff :) So it think we need some time too until this > stuff fully works. I think there is at minimum one open bug from Martin at > the BTS on SourceForge.
just for your information: I am determined to get 0.9.2 running for our preproduction with a nCipher nShield HSM till end of July at the latest. I have the feeling that most bugs concerning HSM integration have been identified in the CVS head code now, but I will not be able to continue testing the HSM stuff before Monday 14th of June because of some other tasks and (and some holidays of mine). Basic nCipher operations is working for me now. Last thing that was broken was sending signed mails (using openca-sv); Michael already fixed this in the CVS. Key generation has to be done manually, though (we do want a proper key ceremony...). When using key splitting, the nCipher key ceremony involves running a nCipher utility, swapping SmartCards and entering PINs for them - not a thing that can be nicely done via a web interface... We are also thinking about adding 'key online' checks for the nCipher module. nCipher does not allow to determine this status easily, so I think I will have to run a signature operation. > BTW I will change the compiling behaviour of openca-sv. Starting with > tomorrow all #ifdef OPENSSL_ENGINE will be replaced by #ifndef > OPENSSL_NO_ENGINE. The reason is simple - all modern OpenSSL 0.9.7 include > the engine stuff by default and OPENSSL_NO_ENGINE is the switch form > OpenSSL. Great idea! Can't wait to see it! :-) cheers Martin ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
