[viff-devel] Which operations for HSM (Hardware Crypto)
Brian Graversen
jobo at daimi.au.dk
Tue Jul 15 03:17:21 PDT 2008
Hi Martin.
> I think I can answer your second question:
>
> > 2. SSL communication?
> We have recently (two days ago!) switched to OpenSSL as the backend
> crypto library. We use it via the PyOpenSSL bindings.
>
> I looked at the OpenSSL source, and I *think* it can do what we want:
> the files
>
> openssl-0.9.8h/engines/e_4758cca.*
Great, I expect that means it uses the CCA (common crypto architecture or
something like that, it is an IBM thing) instead of the usual PKCS#11
interface. I have drivers for both available, and have used the CCA for the
python C-modules as well.
Attached is the first sample implementation (can we attach files?) of
getRandomBytes(int), and a screenshot of the module being called from Python.
There is a build-script as well.
It is not really possible to build it without having the IBM software installed,
nor is it possible to run it without the IBM hardware, so the code is more for
those interested at looking at it. It is very simple...
I'm more interested in hearing how this will be configurable in the client
software. Since some clients will run using software, and at least one will run
using the IBM hardware, I'm guessing some configuration will have to be handled
in the python code, so it knows which crypto-library to use (hardware or
software).
Kind regards
Brian Graversen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ibm4758.zip
Type: application/x-zip-compressed
Size: 32494 bytes
Desc: not available
URL: <http://lists.viff.dk/pipermail/viff-devel-viff.dk/attachments/20080715/6f27d3a6/attachment-0001.bin>
More information about the viff-devel
mailing list