other device to store configuration!
new conf
newconfig at gmail.com
Thu Apr 16 17:20:24 CEST 2009
I m Ok that the whole point of using a smart card is that we can't extract
keys..
I learned that OPENSSL using the API pkcs#11 must communication with a
middleware called openSC that really comunicate with the card..
the problem is that opensc, do not understand the structure of card if it is
non standard ( exple pkcs#15). SO:
1- I should write an emulation driver that will create a structure ( similar
to pkcs#15) in host memory to allow the middleware to know the structure (
exple: ID/path of keys)
2- I should write a driver card to make opensc doing basic commands, such as
sign data with that key(if needed ) -> the outputs will be understood by
openssl.
I'm thinking about another solution: why not creating a new module ( in
place of eap-tls) that freeradius will use to apply eap-tls via "APDU
outputs" of card instead of openssl. client must have the same structure of
messages to send!
*Another question to consider is if a smartcard will give you adequate
performance for your server load, a different type of hardware based key
management might be more appropriate than using a smartcard for a server.
Smartcards are typically used for "client" authentication and signing where
the volume of cryptographic operations is relatively low.
*if i will be able to connect one card, i will use many cards to connect
with server to optimize the performences and the access to the data.. can
you give me an exemple of other hardware key management usable for that
aim?!
thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090416/e81645d9/attachment.html>
More information about the Freeradius-Users
mailing list