|
|
On Wednesday 06 December 2006 18:47, Alon Bar-Lev wrote: > > After that step the eToken worked like a charm, and is fully > > interoperable among Windows and Linux. > > I am glad! > Although I would have been much happier if you told me that OpenSC > PKCS#11 provider works on Windows too... :) i will try that for sure! > I don't like to use closed source drivers... me neither :) > > So my last wish is to instruct OpenVPN to not ask for a pin, since i > > would like to use the OpenVPN-GUI, which (at the moment) isn't able to > > request one via a GUI dialog. Maybe this is possible by simply not > > supplying a user pin on token initialization, but i've to try that. > > I will not support that. > Smartcards are used because the provide more security. > Using hardcoded PIN is violates this. Well, you're right. AFAIK without a security-officer pin it's not possible to modify or delete the private key. So for me, the token is basically a safe place to store the private key (please correct me, if i'm wrong). If the user messes up the certificates and/or public-keys, its basically his fault. The only thing that i would like to avoid is the private-key gets modified or deleted. > The OpenVPN GUI is a known issue... I am not a GUI type of man... It > should be so simple to support the management interface!!! Indeed, although a socket interface is a nice and portable way of interprocess communication, i would like to have the Aladdin PKCS#11-library to ask for the pin (like AFAIK Tony said, the CryptoAPI does). A simple inputbox would do fine. Please be aware that i find the management interface _very_ helpful and a superb idea, but just in this specific use case - i.e. the prompting for a smartcard pin i somehow would like to avoid it. > For the mean time I can suggest to use CryptoAPI interface for > Windows, this is why Tony also uses none PKCS#11 configuration. At the moment i'm not sure how it's possible to manage the keys and certificates using CryptoAPI and how the interaction between the token and the Microsoft certificate store works. I'll take a look at it, maybe after trying the opensc pkcs#11 provider on Windows again ;) Best Regards, Robert ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00063.html on line 226 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00063.html on line 226 |