> In the full-blown PKI, you will also have things > like "fetch me the cert corresponding to this name" and "fetch me the > key (or a handle to the key) with this fingerprint".
Remember that there are actually two independent pieces of code here - a "tab A" independent shared library and a "slot B" library that loads it. The latter can provide convenience wrappers to functions in the former, avoiding the need to duplicate code in the independent part. We all agree that the db API part needs to fall somewhere between generic data store and full cryptoki implementation. I just wanted to point out that it's actually two pieces, and the interface provided to the users will almost certainly be far more PKI-aware than the interface provided by the independent part alone. > From a storage > point of view, a smart card (or an nCipher box!) can very well be > viewed as a limited database. That it also has functionality like > symmetric ciphers, digests and pkc is beside the point and outside > this discussion. Precisely. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
