Hi,
I am finishing my USB hardware token with ECC support. It is integrated
with OpenSSL by the engine interface. I have also integrated it with OpenVPN
software. My version works with two new options:
(1) --ecdh file - file with ECDH domain parameters to support Elliptic Curve
Diffie-Hellman algorithm,
(2) --engkey - bool option to indicate that private key is on hardware device
and can be read only by engine interface.
What do you think about adding this options to standard distribution of OpenVPN
source code. Today ECC Cipher Suite is official standard described in RFC 4492
and its algorithms are implemented in OpenSSL (turn off by default in version
0.9.8, but will be on in version 0.9.9).
Best Regards,
Andrzej Chmielowiec,
CMM Sigma (www.cmmsigma.eu)
