On Mon, 19 Nov 2007, Alon Bar-Lev wrote:
>On Nov 19, 2007 10:52 PM, Steven Bade <[EMAIL PROTECTED]> wrote:
>> I believe that Sun contributed a pretty robust PKCS#11 engine for openSSL.
>
>It support a single static (compile time) provider, and even does not
the idea is that if you have pkcs#11 engine then everything else you
get through Crypto Framework to which you can connect hw providers.
>login to the token...
there's a preliminary patch for that on blogs.sun.com/janp
>I don't understand why it is packed as a patch and not as separate
>shared library...
crypto with a hole problem. Some countries didn't allow delivery of
such systems. I'm not sure if that's still the case, at least Solaris
(s10u4) is now shipped with the "strong" crypto -- keys above 128 bits etc.
That was the same problem -- not US export but import in some coutries until
recently.
>Anyway, from reading the code this is not really usable.
correct, not with the current bits in Solaris (I guess we talk about
accesing tokens). We plan to work on that but it's not top priority for now.
cheers, Jan.
--
Jan Pechanec
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
