Hello All,
After getting that question from Suman who is writing a patch for OpenSSL it
occurred to me that if OpenSSL doesn't currently support the Windows
Certificate Store should we?
I did some research and found out that they support PKCS formatted files. I
saw they are also support different way to support key storage on hardware,
like smartcards and such.
Can anyone help me with what the current thinking is on storing and
protecting a user's private key and / or certificate using only software?
Does it make sense for us to support PKCS formatted files. Is this all that
is needed for software protection?
Should we support MS CryptoAPI. I also noticed that MS CryptoAPI was (ta
da!) Nist certified
http://www.microsoft.com/technet/archive/security/topics/issues/fipseval.mspx?mfr=true . What that means exactly I'm not sure since programs need to
follow the security policy to also be Nist Certified but I haven't been able
to find the requirements or the policy yet.
We could tap into more of the crypto functions of MSCryptAPI which would
allow programs written in squeak for windows at least to be certifiable.
Any thoughts?
As an update I'm writing the TLS/ssl interface for Squeak. It's moving
along very nicely. I point a browser to squeak and so far I've been able to
read and parse the client hello (ssl 2.0, ssl 3.0, tls 1.0 and tls1.2), to
select a security suite for communication, to send back a server hello, and
now I'm working on the certificate management part. The cryptoAPI stuff is
working nicely with FFI. The FFI stuff is hit and miss but I should be able
to get though it within a few more days.
Ron Teitelbaum
Squeak Cryptography Team Leader
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Locked
