When I was discussing various methods of handling OpenSSL key databases
the issue of PIN handling came up and in more general UI handling wrt
"PIN like operations".
The problem is that OpenSSL PIN handling is all over the place. The PEM
stuff has PIN callbacks applicable on a per call basis even for things
that you'd never use a PIN for. The SSL library has them per SSL and per
SSL_CTX.
In addition the PIN handling is inadequate for some tasks. An example of
this is the nFast HWCryptoHook code currently being added. This needs an
additional callback which doesn't ask for a PIN but asks the user to do
something, typically "Insert Steve's Ultra Secure Card #1".
Whats needed is a general and consistent way that can handle UI
interactions like this. It would include PIN entry, PIN entry with
confirmation, non PIN user actions and some other things.
Default handling would be console based (as at present) but a GUI
application would supply its own callbacks and typically use a dialog
box.
So, any thoughts on the matter?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
