[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal pkinit compiling on debian
>>I plan to include support for OpenSC smartcard library to use smartcards
>>for PKINIT. It does not seem to be too hard if I understand the code
>>well: basically I should modify the _krb5_pk_load_openssl_id function,
>>which loads the private key and the certificate and the
>>_krb5_pk_create_sign function which creates the signature needed for
> Is it possible to implement within OpenSSL itself?
Using OpenSSL engines, I guess so.
>>- As there will be no "loading of private key" as there is practically
>>no way to get the private key out of the card, is there a common way to
>>notify the _krb5_pk_create_sign function that the signature creation
>>should be done in a different way? Or should I invent a new method?
>>- Is it OK if I use a new #define statement in the config.h like
>>#define UseOpenSC 1
>>,as PKINIT works this way?
> The less #ifdefs the better, would be preferable for this to be
> configurable at runtime to the extent possible.
> -- Luke