[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal pkinit compiling on debian

>I plan to include support for OpenSC smartcard library to use smartcards 
>for PKINIT. It does not seem to be too hard if I understand the code 
>well: basically I should modify the _krb5_pk_load_openssl_id function, 
>which loads the private key and the certificate and the 
>_krb5_pk_create_sign function which creates the signature needed for 

Is it possible to implement within OpenSSL itself?

>- As there will be no "loading of private key" as there is practically 
>no way to get the private key out of the card, is there a common way to 
>notify the _krb5_pk_create_sign function that the signature creation 
>should be done in a different way? Or should I invent a new method?
>- Is it OK if I use a new #define statement in the config.h like
>#define UseOpenSC 1
>,as PKINIT works this way?

The less #ifdefs the better, would be preferable for this to be 
configurable at runtime to the extent possible.

-- Luke