I don't particularly like advocating other products here, but NSS
(from Mozilla) has a (relatively) secure PKCS#11 softoken
implementation, and it can interface with other PKCS#11 middleware.
The softoken has been FIPS-validated, at certain versions.
-Kyle H
On Thu, Jun 3, 2010 at 3:15 AM, Martin
Hello,
I recently did a test compile of OpenSSL 1.0.0a in rxvt / msys (not command
prompt).
./config no-capieng enable-camellia > config.out 2>&1
make depend > make.depend.out 2>&1
make > make.out 2>&1
make test > make.test.out 2>&1
perl util/mkdef.pl 32 libeay enable-static-engine > libeay32.d
H Jaroslav
Thanks for your comments. I was very eager to read your comments and had
my own thoughts about it. Please read below.
Am 03.06.2010 15:26, schrieb Jaroslav Imrich:
Hello Martin,
I am not OpenSSL developer so this message will contain only my own opinions.
Security provided by the
On Thu, 2010-06-03 at 18:04 +0200, Dr. Stephen Henson wrote:
> If you mean private key security then this makes more sense.
>
> OpenSSL includes means to secure private keys through the ENGINE interface.
> There are some built in which can use external private keys (e.g. Windows CSPs
> or Chil HSMs
On Thu, Jun 03, 2010, Martin Gwerder wrote:
>
> This modification of the OpenSSL library would allow to make the
> certificates more secure and allow applications without (!) any code
> modification (just by linking against the CSP capable OpenSSL library) to
> support the CSP.
>
I'm more than
Hello Martin,
I am not OpenSSL developer so this message will contain only my own opinions.
Security provided by the default CSP in Windows (I think its name is
"Microsoft Enhanced Cryptographic Provider" or something like that) is
same as security provided encrypted PEM file. Default CSP stores
Hi Martin:
I'll jump on this :)
On June 3, 2010 06:15:13 am Martin Gwerder wrote:
> Hi All
>
> Recently we built a Linux based system setup which is heavily relying on
> X.509 certificates. On this occasion we had to realize that there is no
> such thing as a client CSP available on Linux or UNIX
Hi All
Recently we built a Linux based system setup which is heavily relying on
X.509 certificates. On this occasion we had to realize that there is no
such thing as a client CSP available on Linux or UNIX (neither free nor
comercial; At least nothing which might be well supported by apps; If I
ha
Hi,
Given a CRL file, how to detect its format. whether it is in PEM encoded
format or ASN1.
Thanks,
Arun
