[7860] in cryptography@c2.net mail archive
Re: Command-line tools supporting both PKCS#12 and PKCS#11
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Fri Sep 22 13:52:46 2000
Message-ID: <003201c024b8$7d8f4e60$3c00a8c0@FECHK.local>
From: "Enzo Michelangeli" <em@who.net>
To: <coderpunks@toad.com>, <cryptography@c2.net>
Date: Sat, 23 Sep 2000 01:11:20 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Kick Willemse" <k.willemse@diginotar.nl>
To: "lcs Mixmaster Remailer" <mix@anon.lcs.mit.edu>
Cc: <coderpunks@toad.com>; <cryptography@c2.net>
Sent: Friday, September 22, 2000 3:07 PM
Subject: Re: Command-line tools supporting both PKCS#12 and PKCS#11
[...]
> What you would like is a n (application) to n (token) relation.
> Therefore you need to install some middleware on the clientside that
> supports both PKCS#11, CAPI and PKCS#12 and it is preferable that this
> middleware is developed by a non token manufacturer.
Actually, my goals are more modest: I just need a utility that allow me to
import and export a privkey+cert from a script. I already have the dynamic
libraries to present a PKCS#11 API (well, at least some of it) hiding the
details of the underlying communication protocol. Recent versions of
Netscape Communicator can do the import/export, but through a GUI - which is
unsuitable to automated production procedures.
> OpenSSL is supporting pkcs#12 and PKCS#11 at this moment
Uh? I couldn't find any mention of PKCS#11 in the docs. The version 0.9.6
(now in beta) supports external crypto engines, but through an API that
looks like proprietary.
Enzo
P.S. For the record, the device I'm presently dealing with is the Dallas
Java iButton 1.1.
