Menu
▾
▴
Re: [Ejbca-develop] SmartCard-HSM as remote key store / Was:Re: Problem Creating a CVC CA in ejbca 6.2.0
|
From: Andreas K. <ku...@tr...> - 2014-07-21 12:00:24
|
Hi Andreas, > Would be interesting to get something like this integrated with EJBCA. > > That shouldn't be too complicated: The server side is just a small > servlet that provides the APDU channel via HTTP to the device on the > client side. The servlet talks to OCF on the server and a JCE Provider > on top of it. > > The CA would just need to access the private key operation via JCE. I would go with any security enhancement ... but dtmo the cv-certificates do make sense when two cards interact. If one and is a server with 'usual' security level it does not provide any benefit, does it? Just just a strong link to chain but leave the other links weak as they are ... Greetings, Andreas Kuehne -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales |
