Log in

No account? Create an account

The current state of PKI - Journal of Omnifarious

Dec. 2nd, 2008

02:26 pm - The current state of PKI

Previous Entry Share Next Entry

Whee, PKCS#12 is such a fantastic standard! I was assigned to implement it using the OpenSSL C API, yet another fantastic (and well documented) standard.

The state of cryptography standards and implementations is utterly awful. And everybody is so afraid of making a mistake that it seems that nobody wants to fix it or create better ones. *sigh*

Current Location: 1500 Dexter Ave N, 98109
Current Mood: [mood icon] annoyed
Current Music: Delerium - Serenity


[User Picture]
Date:December 3rd, 2008 02:40 am (UTC)
Doesn't the openssl binary handle it already? My version (OpenSSL 0.9.8g 19 Oct 2007) handles pkcs12 out-of-box.
(Reply) (Thread)
[User Picture]
Date:December 3rd, 2008 06:10 am (UTC)

Yes, it does. But we will be deploying our software in an environment in which the openssl binary isn't available. We basically have our own version of OpenSSL that we have managed to get through FIPS certification.

(Reply) (Parent) (Thread)