Support for IBM 4764 HSM

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Support for IBM 4764 HSM

Harakiri
Hello list,

i know that openssl ships with the ENGINE source for
the IBM 4758 card.

Is anyone aware of an implementation for the IBM 4764
card ?

I contacted IBM crypto support and they said they do
not have nor will develope any openssl integration.
(which is kinda funny judging by the price of that
card you would think there is openssl support out of
the box)

thanks

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Support for IBM 4764 HSM

Steven Bade
Harakiri wrote:

>Hello list,
>
>i know that openssl ships with the ENGINE source for
>the IBM 4758 card.
>
>  
>
The engine code you refer to was not done by IBM as far as I know, I
believe it was done at a university.

>Is anyone aware of an implementation for the IBM 4764
>card ?
>
>I contacted IBM crypto support and they said they do
>not have nor will develope any openssl integration.
>(which is kinda funny judging by the price of that
>card you would think there is openssl support out of
>the box)
>  
>
Considering that the core market of the 4764 and the CCA api is at the
ATM Pin/Transaction space,  why would you expect IBM to do openSSL
integration.

>thanks
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com 
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]
>  
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Support for IBM 4764 HSM

Harakiri
--- "Steven A. Bade" <[hidden email]> wrote:

> >the IBM 4758 card.
> The engine code you refer to was not done by IBM as
> far as I know, I
> believe it was done at a university.

Yes i know, therefor i ask if anyone already has done
something similar. Or even if someone in-the-known can
tell me if the 4758 and 4764 are similar in the api so
that it would be easy to change the existing 4758
driver...

>
> Considering that the core market of the 4764 and the
> CCA api is at the
> ATM Pin/Transaction space,  why would you expect IBM
> to do openSSL
> integration.

Easy - because IBM advertise the card not only for PIN
transactions but also for SSL Certificates - let me
quote

http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzajc/rzajcco4758.htm

QUOTE

"You can use a Cryptographic Coprocessor along with
DCM to generate and store private keys associated with
SSL digital certificates. A Cryptographic Coprocessor
provides a performance assist enhancement by handling
SSL private key processing during SSL session
establishment."

And as you should be aware of, the most common
webservers use openssl libaries for SSL...



BTW: I even believe that IBM already programmed such
an engine driver (for a specific project maybe), but
since IBM is a pretty big company the right hand
doesnt know what the left hand does.. =)

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Support for IBM 4764 HSM

Steven Bade
Those referenced statements are for specific platforms which do NOT use
openSSL for SSL operation with IBM products.
Harakiri wrote:

>--- "Steven A. Bade" <[hidden email]> wrote:
>
>  
>
>>>the IBM 4758 card.
>>>      
>>>
>>The engine code you refer to was not done by IBM as
>>far as I know, I
>>believe it was done at a university.
>>    
>>
>
>Yes i know, therefor i ask if anyone already has done
>something similar. Or even if someone in-the-known can
>tell me if the 4758 and 4764 are similar in the api so
>that it would be easy to change the existing 4758
>driver...
>
>  
>
>>Considering that the core market of the 4764 and the
>>CCA api is at the
>>ATM Pin/Transaction space,  why would you expect IBM
>>to do openSSL
>>integration.
>>    
>>
>
>Easy - because IBM advertise the card not only for PIN
>transactions but also for SSL Certificates - let me
>quote
>
>http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzajc/rzajcco4758.htm
>
>QUOTE
>
>"You can use a Cryptographic Coprocessor along with
>DCM to generate and store private keys associated with
>SSL digital certificates. A Cryptographic Coprocessor
>provides a performance assist enhancement by handling
>SSL private key processing during SSL session
>establishment."
>
>And as you should be aware of, the most common
>webservers use openssl libaries for SSL...
>
>
>
>BTW: I even believe that IBM already programmed such
>an engine driver (for a specific project maybe), but
>since IBM is a pretty big company the right hand
>doesnt know what the left hand does.. =)
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com 
>  
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]