Richard Levitte - VMS Whacker wrote:
> From: James Dabbs <[EMAIL PROTECTED]>
>
> JDabbs> Does OpenSSL presently support hardware tokens for client-side
> JDabbs> authentication, such as Aladdin "eToken" or Rainbow "iKey
> JDabbs> 2000"? If not, is there any activity in this direction?
>
> I've been thinking about it. What's needed is the following:
>
> - a .so/.dll to use as an interface to the token
> - programming documentation
>
> However, it may be that they all support PKCS#11, so perhaps it would
> be a good thing to build a PKCS#11 engine...
A number of people have made PKCS#11 patch against the software
implementation, that could be reused ...
The trouble with PKCS#11 is that in most cases the implementation is very
bad.
It's hard to have an implementation that can adapt to whatever set of
functions is implemented or not, and many implementation will simply not
work if anything in the call parameters doesn't look like what they like
or if you don't call the function in the order they expect.
So having one implementation of pkcs#11 that will just compile and run
with any pkcs#11 token is really very hard, because you would have to go
around every implementation bug of every token.
One solution is to have an engine that does things _exactly_ the same way
as Netscape (I mean same functions call, same functions call order, same
parameter value), and you will be able to use it with every token that is
compatible with Netscape.
That the way I was finally able to make some use of the iButton pkcs#11
library ().
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
