Hello,
I have been talking with Markus Friedl
<[EMAIL PROTECTED]> in the OpenSSH developers
group about possible smartcard integration to OpenSSH. That is, to
store an RSA key pair on a smartcard and carry out RSA operation
there. He came up with an idea of integrating smartcards into further
down to OpenSSL, instead of into OpenSSH. This way, not only OpenSSH,
but also other applications that rely on OpenSSL for RSA operations,
can take advantage of smartcards' security features. At the bottom is
what I try to do in more details.
So here I have two questions. First, would you like this kind of
addition to OpenSSL? Second, if yes, which code base would you like
me to start from? This,
2086131 Sep 24 17:46:22 2000 openssl-0.9.6.tar.gz [LATEST]
or one of the snapshots?
Thank you very much,
--
Concentration .. Naomaru Itoi
http://www.citi.umich.edu
http://www-personal.engin.umich.edu/~itoi
- Create a RSA_METHOD entry for RSA in smartcard.
static RSA_METHOD rsa_pkcs1_eay_smartcard_meth={
"Eric Young's PKCS#1 RSA, smartcard integrated",
RSA_eay_public_encrypt_sc,
NULL,
NULL,
RSA_eay_private_decrypt_sc,
NULL,
BN_mod_exp_mont,
RSA_eay_init_sc,
RSA_eay_finish_sc,
0,
NULL,
};
- Write RSA_eay_public_encrypt_sc, RSA_eay_private_decrypt_sc,
RSA_eay_init_sc, and RSA_eay_finish_sc.
- In rsa_lib.c, write RSA_set_smartcard_method() which sets this method
to *rsa.
- Modify OpenSSH to call RSA_set_smartcard_method() when a key is in a
smartcard.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
