On Fri, Oct 28, 2011 at 4:10 AM, Martin Paljak wrote:
> Now, the fact that there are both binary blob "drivers" that speak
> PKCS#11 but also open source drivers (also free, in the sense of "free
> software" vs "open source software") is as good excuse to reject PKCS#11
> as ruling out HTTP from a
On Fri, Oct 28, 2011 at 12:10:46PM +0300, Martin Paljak wrote:
> Taking into account the original request of getting something
> off-the-shelf for PGP uses, this demand basically just rules out GnuPG
> for some users and use cases.
GnuPG, sure - however:
> [..] the hardware usually comes off-the-
On 10/28/11 4:57 , Werner Koch wrote:
> On Fri, 28 Oct 2011 11:10, mar...@martinpaljak.net said:
>
>> PKCS#11 but also open source drivers (also free, in the sense of "free
>> software" vs "open source software") is as good excuse to reject PKCS#11
>
> In 99% percent of all cases Open Source and
On Wed, Oct 26, 2011 at 7:12 PM, Thor Lancelot Simon wrote:
> I find myself needing a crypto card, preferably PCIe, with onboard
> key storage. The application is PGP, so I really need hardware that
> can use keys stored onboard to do arbitrary RSA operations -- rather
> than a protocol acceller
On Sat, Oct 29, 2011 at 08:10:38PM +1100, ianG wrote:
> Is there any particular reason why PCI(e) is preferred as a hardware
> interface?
Because that's the only thing server boards typically have.
Plus, PCIe is much preferable to PCI in terms of throughput
(not that makes a bottleneck for a c
On 29/10/11 10:09 AM, coderman wrote:
On Wed, Oct 26, 2011 at 11:12 AM, Thor Lancelot Simon wrote:
I find myself needing a crypto card, preferably PCIe, with onboard
key storage
...
i too would like to know what other options are available for HSM +
Accel in PCIe form factor.
Is there
On Wed, Oct 26, 2011 at 11:12 AM, Thor Lancelot Simon wrote:
> I find myself needing a crypto card, preferably PCIe, with onboard
> key storage
>
> As far as I know, the only current products that do this are the
> IBM 4765 and the BCM586x line of chips. There were more sources
> once-upon-a-
On Fri, Oct 28, 2011 at 10:32:19AM -0700, Morlock Elloi wrote:
> Take a cheap Android, write the code you need for it, make it talk via USB,
> rip out all antennas, put it in your box (wrap in a paper bag first), and
> connect with USB cable to the internal USB port.
>
> HW cost: $80
Where do y
Or pluk any old PC/laptop/notebook you have lying around and make it
talk over IP. Phones consume less energy though, nice idea. It's
arguably more secure than a CPU but I doubt it'd make a noticeable
difference (since the rest of the hardware needs to be secure also).
2011/10/28 Morlock Elloi :
>
Take a cheap Android, write the code you need for it, make it talk via USB, rip
out all antennas, put it in your box (wrap in a paper bag first), and connect
with USB cable to the internal USB port.
HW cost: $80
> a Trojan. Security certification concerns put aside, the
> architectural demands
Hi,
> Unfortunately, it also appears to be unbuyable. I tried all three
> sources listed on the crypto-stick.org website yesterday: two were
> out of stock, while the third said something along the lines of
> "low stock - order soon", walked me through the whole ordering process,
> then said my o
Thor Lancelot Simon wrote:
On Thu, Oct 27, 2011 at 12:15:32PM +0300, Martin Paljak wrote:
You have not described your requirements (ops/sec, FIPS/CC etc) but if
the volume is low, you could take USB CryptoStick(s)
(crypto-stick.org), which is supported by GnuPG and what can do up to
4096 bit onb
Martin Paljak writes:
>Taking into account the original request of getting something off-the-shelf
>for PGP uses, this demand basically just rules out GnuPG for some users and
>use cases.
At the risk of slight self-promotion, cryptlib,
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/, has support
On Fri, 28 Oct 2011 11:10, mar...@martinpaljak.net said:
> PKCS#11 but also open source drivers (also free, in the sense of "free
> software" vs "open source software") is as good excuse to reject PKCS#11
In 99% percent of all cases Open Source and Free Software describe
software distributed unde
On Fri, 28 Oct 2011 14:03, t...@panix.com said:
> So this appears to be basically a smartcard and USB smartcard reader
> built into the same frob. I can probably find a way to put it within
Right.
> Unfortunately, it also appears to be unbuyable. I tried all three
> sources listed on the crypt
On Thu, Oct 27, 2011 at 12:15:32PM +0300, Martin Paljak wrote:
>
> You have not described your requirements (ops/sec, FIPS/CC etc) but if
> the volume is low, you could take USB CryptoStick(s)
> (crypto-stick.org), which is supported by GnuPG and what can do up to
> 4096 bit onboard keys, unfortun
On 10/27/11 3:02 , Werner Koch wrote:
> On Thu, 27 Oct 2011 11:15, mar...@martinpaljak.net said:
>
>> I don't know about PGP(.com), but GnuPG is picky about hardware key
>> containers. Things like PKCS#11.
>
> For the records: That is simply not true. We only demand an open API
> specification f
Hi Peter,
On Thu, Oct 27, 2011 at 10:45 AM, Peter Gutmann
wrote:
> Alfonso De Gregorio writes:
>
>>For a past project, I've been engineering a cryptographic appliance running
>>with Bull TrustWay CC2000
>>http://support.bull.com/ols/product/security/trustway/c2000/cc2000.html
>>It is a full-leng
On Thu, 27 Oct 2011 11:15, mar...@martinpaljak.net said:
> I don't know about PGP(.com), but GnuPG is picky about hardware key
> containers. Things like PKCS#11.
For the records: That is simply not true. We only demand an open API
specification for the HSM because we don't want to support binary
Hello,
On Wed, Oct 26, 2011 at 21:12, Thor Lancelot Simon wrote:
> I find myself needing a crypto card, preferably PCIe, with onboard
> key storage. The application is PGP,
I don't know about PGP(.com), but GnuPG is picky about hardware key
containers. Things like PKCS#11.
> As far as I know,
Thor Lancelot Simon schrieb:
> As far as I know, the only current products that do this are the
> IBM 4765 and the BCM586x line of chips. There were more sources
> once-upon-a-time of course -- nCipher and NetOctave/NBMK/etc. but
> those products seem to be gone now (and have obsolete PCI host
> i
Alfonso De Gregorio writes:
>For a past project, I've been engineering a cryptographic appliance running
>with Bull TrustWay CC2000
>http://support.bull.com/ols/product/security/trustway/c2000/cc2000.html
>It is a full-length PCI with on-board key storage.
Can you provide a bit more information
On Wed, Oct 26, 2011 at 8:12 PM, Thor Lancelot Simon wrote:
> I find myself needing a crypto card, preferably PCIe, with onboard
> key storage. The application is PGP, so I really need hardware that
> can use keys stored onboard to do arbitrary RSA operations -- rather
> than a protocol accellera
I find myself needing a crypto card, preferably PCIe, with onboard
key storage. The application is PGP, so I really need hardware that
can use keys stored onboard to do arbitrary RSA operations -- rather
than a protocol accellerator which can use onboard keys only to do
more complex operations tha
24 matches
Mail list logo