Trevor Dimond wrote:
>
> OK.....
>
> a) this was not meant to be a trick question! OpenSSL has a CA function that
> signs certificates and CRL's with a soft token typically held on the host
> where OpenSSL is running. What I would like to do is to secure the token on
> a Hardware Security Module (HSM) such that the signing key never leaves the
> HSM and that the signing operation takes place on the HSM. Ideally, this
> would be done by OpenSSL being configurable to point to an HSM for signing
> purposes and then use the PKCS#11 CRYPTOKI API to initiate the signing
> operation on the HSM.
>
> Am I missing something here or was it a trick answer!!!!
Acronym overload ... HSM -> Hierarchical Storage Management!
>
> b) As far as the mailing list goes...given a) above I suspect I have it
> right.
>
> Constructive answers always appreciated!
Ah ... well there's work afoot to better support HSMs - but I'm not
driving it!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
