Andreas,
my idea is to support PKCS#11 interface on both sides... Thus nothing
actually gets simpler... Just keep standard while providing singe
sign-on and more secure environment.
I am strongly against developing a new API for application to use...
"full feature store".
The application will l
Hi Clizio,
I think spliting client and server is the right thing to go.
While I share Alons reservations when it comes to using
tcp/ip, I don't see a reason to not do that, if someone wants
to do that. might work well in thinclient environments etc.
currently we have a big fat library loading oth
Hello,
I have a plan to write a PKCS#11 proxy which offers PKCS#11 interface
to application and work with PKCS#11 provider at daemon side.
This will enable to solve two issues:
1. Do not allow a PKCS#11 provider to mess with main process memory.
2. Allow single signon for user desktop, by iden
Excuse me if I enter into this discussion. But, as the author of LSM-PKCS11,
I'd like to answer to the question:
Why a daemon is required?
The aim of the package is to implement the necessary tools to build an
HSM-like device.
Apart from tampering problems, an external machine implementing
Thanks!
There is always egg and chiken conflict with this kind of approach...
In order to communicate with remote daemon using TCP/IP you need to
authenticate...
But you cannot authenticate since you cannot access the token...
This problem is common for most HSM modules as well... Not all allow
The project is actually implementing a software security module (rather
than a hardware security module / HSM) that uses a client/server
approach with a PKCS#11 library on the client side. You run the deamon
on one machine and use the PKCS#11 library on the client to access the
cryptographic token.
Hello Andreas,
Why a daemon is required?
Can't the card transaction be used to sync between instances?
And if caching is required you can cache certificates by thumbprint at
user home...
Best Regards,
Alon Bar-Lev.
On 3/6/07, Andreas Jellinghaus <[EMAIL PROTECTED]> wrote:
http://www.clizio.com
http://www.clizio.com/lsmpkcs11.html
did anyone have a look at this software and try it?
if it does what I think and if we could attach opensc to the
daemon side of it, then we might be able to to real locking etc,
and still have multi applications access a card - if the daemon
caches the certs e