Victor B. Wagner wrote: > On 2007.11.19 at 14:51:16 -0600, Steven Bade wrote: > >> OpenCryptoki's Soft token based on openssl, was never intended to be a >> FIPS capable function, its simply intended to be an example for those >> who might wish to >> a) test PKCS#11 applications without having to have a card > > It is what I need. Really there is just two applications I really want > to test - Firefox and Thunderbird.
We have successfuly used it with Firefox and Thunderbird. We also tested (LONG time ago) with Netscape Web Server. > > But it is interesting to know how fully PKCS#11 specification is > implemented in OpenCryptoki. How much effort would be needed to add new > profile for new cryptography algorithms, which are supported by recent > OpenSSL, but, probably, never taken into account by authors of > OpenCryptoki. Adding new Mechanisms is pretty straight foward. Corhent added the DH mechanisms, and their developer was able to do it in about 1 month time. Some mechanisms maybe more difficult than others to integrate. We tried to make the code modular and be extensible for new mechanisms and new crypto providers, but that said, nothing is perfect. We implement the full spec of API's, we don't implement all mechanisms, that is not required of Tokens (I've never seen a token which implements all the mechanisms). Any questions etc, should be addressed to the opencryptoki mailing list, which is linked to off the sourceforge project page. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
