|
|
On 12/6/06, Robert Fischer <triton@xxxxxxxxxxxx> wrote: > Well, you're right. AFAIK without a security-officer pin it's not possible to > modify or delete the private key. So for me, the token is basically a safe > place to store the private key (please correct me, if i'm wrong). If the user > messes up the certificates and/or public-keys, its basically his fault. The > only thing that i would like to avoid is the private-key gets modified or > deleted. Wrong. You afraid of private key USAGE. > > For the mean time I can suggest to use CryptoAPI interface for > > Windows, this is why Tony also uses none PKCS#11 configuration. > > At the moment i'm not sure how it's possible to manage the keys and > certificates using CryptoAPI and how the interaction between the token and > the Microsoft certificate store works. I'll take a look at it, maybe after > trying the opensc pkcs#11 provider on Windows again ;) If you generate certificate using Aladdin CSP you can acces it via CSP And PKCS#11. I think that the CSP of OpenSC is not working very well these days... But I am not so sure. Best Regards, Alon Bar-Lev. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |