[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal pkinit compiling on debian


>>I plan to include support for OpenSC smartcard library to use smartcards 
>>for PKINIT. It does not seem to be too hard if I understand the code 
>>well: basically I should modify the _krb5_pk_load_openssl_id function, 
>>which loads the private key and the certificate and the 
>>_krb5_pk_create_sign function which creates the signature needed for 
> Is it possible to implement within OpenSSL itself?

	Using OpenSSL engines, I guess so.
>>- As there will be no "loading of private key" as there is practically 
>>no way to get the private key out of the card, is there a common way to 
>>notify the _krb5_pk_create_sign function that the signature creation 
>>should be done in a different way? Or should I invent a new method?
>>- Is it OK if I use a new #define statement in the config.h like
>>#define UseOpenSC 1
>>,as PKINIT works this way?
> The less #ifdefs the better, would be preferable for this to be 
> configurable at runtime to the extent possible.



> -- Luke
> --