Hi Martin,
>All PKI realms on the OpenXPKI installation are using the unmodified nCipher
>driver that is included in the >public OpenXPKI repository. Our issuing CAs
>use the HSMs for protecting all infrastructure keys (e.g.CA >keys) and also
>sensitive information used by the PKI application.The latter is implemented
>via the >"PasswordSafe" Workflow that is shipped with OpenXPKI. It uses an
>encryption certificate and a private key >that is protected by the HSM. The
>HSMs are used in an "always active" scenario: the HSM keys are enabled >by the
>operator and even after he logs out the keys stay available until explicitly
>deactivated or system reboot. >HSM key activation is done remotely via the
>"Remote Operator Card Set" feature of nCipher nShield.
Well, its great that you guys have done it with nCipher nShield . EJBCA
supports for nCipher, PrimeCardHSM, Eracom (now SafeNet), SafeNet Luna, Utimaco
CryptoServer, AEP Keyper, ARX CoSign HSM's and also provides complete
documentaion for integration.Does OpenXPKI supports all these HSM's ? If yes
then how should i test it with nCipher HSM?
>In the past months I have been heavily working on improving the
SmartCard personalization process which has >been completely
reimplemented (the old implementation remains available as a separate
workflow). It now >supports key backup for encryption keys (an
necessary precondition if SmartCards shall be used for data
>encryption, e. g. for emails). The personalization process
automatically reinstalls the existing encryption >certificate if it
was deleted from the card or if the card was replaced. Unfortunately
this new SmartCard >personalization currently cannot easily be
backported to the public repository because it uses a
>proprietary interface to the SmartCards. But I will try to find a solution for
>this in the next year.
>The web frontend badly needs to be rewritten. My current plan is to start
>development on an alternative web >frontend that uses a real MVC framework and
>AJAX to provide increased stability and extensibility.It will >possibly even
>contain or integrate a CMS to allow embedding PKI functionality in easily
>customizable web >pages.I will start on this by first implementing one single
>part of the web interface (the SmartCard >personalization web frontend). Once
>this has been done, we can work on extending functionality to cover the
>>missing topics. I will port this web frontend to the public repository once
>it is usable.
Current Web interface is also fine, but it does not have support for Smart
Cards and corrupted support for LDAP(web interface authentication & publishing
to database) as visible from the posts of users/developers. I really appreciate
your custom implementation but i think that the Smart Card
interfacing should be on public repository. Furthermore, is there support to
develop Smart card authentication functionality with OpenSC library?
>the documentation of OpenXPKI is still far from being usable, this needs to be
>extended to make the system >usable for people new to the project
Sure, Documentaion us a REAL DARK AREA of this project. Normally every open
source project is very finely documented. There must be
User/Development/Deployment guides. Its not only the documentaion, but there
should also be tutorials and video lectures for each kind of users as EJBCA.
Community is THE STRONGEST point of an Opensource project specially when it is
in the development phase. If it has a large number of successful installation
then its damn sure that it would have a strong and large community. Currently
OpenXPKI community has only 6-7 persons having frequent posts/replies.
Similarly code patches are provided after quite long intervals. I have done its
installation but facing quite difficulties in its initial configuration. Also
communicate me the places where OpenXPKI has been successfully deployed?
In the end Thanks for coordination, you have told me that what you guys are
going to do in next 1 or 2 years. But kindly tell me the end to end features
list that are existing and fully functional at this time and ready for
deployment without any further code change/patches/modifications?
Best Regards
Mary Peterson
University of Essex
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
