On 9 May 2008, at 03:36, Mccue, Richard Alan wrote:

>
>> How do you feel about PKCS#11 ?

>
> I'm not sure the device I'm working with fits well with the PKCS#11
> token interface. The device is a little more complicated than a
> smartcard. It can handle multiple private keys. If a dozen apps all
> have different private RSA keys, each app can load its key
> separately and have the device encrypt/decrypt with it. PKCS#11 is
> on my list of things to investigate more deeply. Maybe later this
> year I'll understand PKCS#11 a little better.



Can you tell us what the device is and/or what engine you are trying
to use?

It sounds like an HSM - if it is then it almost certainly supports
pkcs11. Using a pkcs11 enabled version of OpenSSH will most likely be
easier than trying to support every different OpenSSL engine that a
user might decide to use.

John
---
John Dickinson




_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev