|
|
On 12/6/06, Robert Fischer <triton@xxxxxxxxxxxx> wrote: > Well, you're right. AFAIK without a security-officer pin it's not possible to > modify or delete the private key. So for me, the token is basically a safe > place to store the private key (please correct me, if i'm wrong). If the user > messes up the certificates and/or public-keys, its basically his fault. The > only thing that i would like to avoid is the private-key gets modified or > deleted. Wrong. You afraid of private key USAGE. > > For the mean time I can suggest to use CryptoAPI interface for > > Windows, this is why Tony also uses none PKCS#11 configuration. > > At the moment i'm not sure how it's possible to manage the keys and > certificates using CryptoAPI and how the interaction between the token and > the Microsoft certificate store works. I'll take a look at it, maybe after > trying the opensc pkcs#11 provider on Windows again ;) If you generate certificate using Aladdin CSP you can acces it via CSP And PKCS#11. I think that the CSP of OpenSC is not working very well these days... But I am not so sure. Best Regards, Alon Bar-Lev. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00064.html on line 202 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00064.html on line 202 |