On Fri, 27 Mar 1998, Dr Stephen Henson wrote:
> The simplest is that CryptoAPI base and enhanced CSPs (for RSA
> licensing, cost and export licensing reasons I believe) only indirectly
> allows access to RSA. That is you cannot use RSA directly to encrypt and
> decrypt arbitrary data blocks.
I have not looked at CryptoAPI, but I can say that it is possible to put in
hooks to use SSLeay with smart cards for RSA stuff. One of my aims with some
more internal changes I'm making is to remove the digest/public key algorithm
tieing I currently have.
>From the smart card/crypto token view of the world, there are tokens that
1) do any form or RSA operation
2) Will sign/verify an application supplied digest
3) sign/verify an application supplied data stream.
1) is easy to do with SSLeay, write a RSA_METHOD
2) is a bit ugly
3) involve writing a EVP_MD along with sign/verify methods and is
a bit ugly.
I'm trying to make the above scenarioes easier :-).
For RSAref, 1) has been done.
eric
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
