I was asked by one user if we are planning to provide PKCS#11 module, based on OpenSSL (it was in the context of adding GOST algorithms support to the Mozilla-based software).
I doubt is this solution is technically feasable. As far as I know, most people do it other way around - write interfaces which allow to USE PKCS#11 modules from within OpenSSL. I've seen at least two engines which interface external PKCS#11 modules, and both are incomplete, so if there is a PKCS#11 module which implements new public key algorithm, they wouldn't allow to use it. But question is - is it a good idea to write PKCS#11 module which uses OpenSSL (with all its engine support) for cryptography and supports everything OpenSSL supports. I haven't studied PKCS#11 specification in great detail - it is very huge. From the first glance it looks like just a big enough coding effort - OpenSSL contains all neccessary cryptography routines and ASN.1 support to provide PKCS#11 interface. May be someone on this list hav dug a bit deeper in the PKCS#11 specification and can give more arguments pro or contra? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
