[viff-devel] Which operations for HSM (Hardware Crypto)
Martin Geisler
mg at daimi.au.dk
Mon Jul 14 05:36:00 PDT 2008
Brian Graversen <jobo at daimi.au.dk> writes:
Hi Brian,
I think I can answer your second question:
> 2. SSL communication?
> Ivan mentioned that it would be nice to have the RSA keys used for
> SSL communication to be stored in hardware. This is also doable, and
> would likely only require that the SSL software we use supports
> hardware keys (which software do we use for communication, and does
> it support hardware keys?)
We have recently (two days ago!) switched to OpenSSL as the backend
crypto library. We use it via the PyOpenSSL bindings.
I looked at the OpenSSL source, and I *think* it can do what we want:
the files
openssl-0.9.8h/engines/e_4758cca.*
look promising... I could not immediatedly find any documentation that
explained what can and cannot be done with OpenSSL and the IBM 4758 --
maybe we will have to write them ourselves :-)
--
Martin Geisler
More information about the viff-devel
mailing list