The only problem you might have with opencryptoki is that it can be hard to
build, and it can be "interesting" to configure the first time - BUT it
matches hardware cards in that.
As far as extending the algorithms go - check the PKCS#11 specs, make sure
the algorithms you want are already present, you'd need to update the
opencryptoki headers to provide the new definitions if those aren't up to
date. If they aren't in the PKCS#11 specs you have a problem.
For hashes and symetric ciphers it should be trivial, asymetric is ugly,
but not necessarilly difficult. It's mainly a matter of mapping PKCS#11's
key representation to the underlying crypto's. Check how RSA/DSA/DH are
handled now.
Good luck.
Peter
From: "Victor B. Wagner" <[EMAIL PROTECTED]>
To: [email protected]
Date: 20/11/2007 16:45
Subject: Re: PKCS#11 wrapper around OpenSSL
On 2007.11.19 at 14:51:16 -0600, Steven Bade wrote:
> OpenCryptoki's Soft token based on openssl, was never intended to be a
> FIPS capable function, its simply intended to be an example for those
> who might wish to
> a) test PKCS#11 applications without having to have a card
It is what I need. Really there is just two applications I really want
to test - Firefox and Thunderbird.
But it is interesting to know how fully PKCS#11 specification is
implemented in OpenCryptoki. How much effort would be needed to add new
profile for new cryptography algorithms, which are supported by recent
OpenSSL, but, probably, never taken into account by authors of
OpenCryptoki.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
