Hi Douglas,
Thanks a lot for your kind help.
On Nov 10, 2011, at 5:12 PM, Douglas E. Engert wrote:
This has been a very busy thread over night.
As co-author of http://www.ietf.org/rfc/rfc3820.txt and having
worked on the Globus GSI code from 1996-2004 I would like to make some
comments.
hi Alon,
On Nov 10, 2011, at 8:24 AM, Alon Bar-Lev wrote:
Hello,
You can't.
pkcs11-helper targets developers who want to use smartcards without
overhead of the actual card management.
Well behaved smartcards should not allow export of private key.
But it seems the pk12util can
Hello,
You can't.
pkcs11-helper targets developers who want to use smartcards without
overhead of the actual card management.
Well behaved smartcards should not allow export of private key.
Why do you need the private key anyway?
Alon.
On Thu, Nov 10, 2011 at 3:27 AM, weizhong qiang
Take a look at:
http://www.metacentrum.cz/en/about/devel/pkcs11.html
and
https://lists.strongswan.org/pipermail/users/2007-July/001900.html
the basic idea is that you don't extract a private key, but you ask the
nss softtoken to sign a request for you.
HTH,
JJK
weizhong qiang wrote:
hi
hi Jan,
On Nov 10, 2011, at 10:13 AM, Jan Just Keijser wrote:
Take a look at:
http://www.metacentrum.cz/en/about/devel/pkcs11.html
and
https://lists.strongswan.org/pipermail/users/2007-July/001900.html
Thanks a lot for your information.
From this link:
Your whole concept is totally wrong.
If you switch to hardware cryptography, and utilize its advantages,
you do not have direct access to the private key.
This what makes hardware cryptography better than software only solutions.
OpenSSL is fully compatible with this approach, having RSA object
hi Alon,
Thanks for your reply.
On Nov 10, 2011, at 10:42 AM, Alon Bar-Lev wrote:
Your whole concept is totally wrong.
If you switch to hardware cryptography, and utilize its advantages,
you do not have direct access to the private key.
This what makes hardware cryptography better than
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang weizhongqi...@gmail.com wrote:
OpenSSL is fully compatible with this approach, having RSA object that
can be used for crypto operation without actually having the private
key. This is done via the concept of engine which delegate the
crypto calls
hi Alon,
Sorry that I make you be confused.
On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
OpenSSL is fully compatible with this approach, having RSA object that
can be used for crypto operation without
On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang weizhongqi...@gmail.com wrote:
hi Alon,
Sorry that I make you be confused.
On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
OpenSSL is fully compatible with this
Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
hi Alon,
Sorry that I make you be confused.
On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
hi Alon,
On Nov 10, 2011, at 2:15 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
hi Alon,
Sorry that I make you be confused.
On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang
hi,
On Nov 10, 2011, at 2:18 PM, Jan Just Keijser wrote:
Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
hi Alon,
Sorry that I make you be confused.
On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at
On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
As I mentioned that I need to use EEC credential to generate a proxy
credential (process is the same as you use CA credential to generate a EEC
credential).
The
On Thu, Nov 10, 2011 at 5:12 PM, weizhong qiang weizhongqi...@gmail.com wrote:
On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang weizhongqi...@gmail.com
wrote:
As I mentioned that I need to use EEC credential to generate a proxy
credential
On 11/10/2011 9:12 AM, weizhong qiang wrote:
On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiangweizhongqi...@gmail.com
wrote:
As I mentioned that I need to use EEC credential to generate a proxy
credential (process is the same as you use CA
hi all,
I tried to use pkcs11-helper api to retrieve X509 and private key from nss
softtoken, wit the 1.09 version of pkcs11-helper.
I can get X509 object, but the returned RSA object only includes public key,
rather than private key.
I paste the code as the following.
Could anyone give me some
17 matches
Mail list logo