[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal pkinit compiling on debian

To: pragai@rubin.hu
Subject: Re: heimdal pkinit compiling on debian
From: Luke Howard <lukeh@PADL.COM>
Date: Sun, 3 Oct 2004 10:57:33 +1000
Cc: lha@stacken.kth.se, heimdal-discuss@sics.se
Organization: PADL Software Pty Ltd
Reply-To: lukeh@PADL.COM
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.6d/makemail 2.10


>I plan to include support for OpenSC smartcard library to use smartcards 
>for PKINIT. It does not seem to be too hard if I understand the code 
>well: basically I should modify the _krb5_pk_load_openssl_id function, 
>which loads the private key and the certificate and the 
>_krb5_pk_create_sign function which creates the signature needed for 
>authentication.

Is it possible to implement within OpenSSL itself?

>- As there will be no "loading of private key" as there is practically 
>no way to get the private key out of the card, is there a common way to 
>notify the _krb5_pk_create_sign function that the signature creation 
>should be done in a different way? Or should I invent a new method?
>- Is it OK if I use a new #define statement in the config.h like
>#define UseOpenSC 1
>,as PKINIT works this way?

The less #ifdefs the better, would be preferable for this to be 
configurable at runtime to the extent possible.

-- Luke

--

Follow-Ups:
- Re: heimdal pkinit compiling on debian
  - From: "Prágai, Róbert" <pragai@rubin.hu>

Prev by Date: heimdal pkinit compiling on debian
Next by Date: Re: heimdal pkinit compiling on debian
Prev by thread: Re: heimdal pkinit compiling on debian
Next by thread: Re: heimdal pkinit compiling on debian
Index(es):
- Date
- Thread