[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509, S/MIME, and evolution of PGP
On Wed, 27 Sep 1995, Bill Stewart wrote:
> 6) It's a lot of work - well, yeah, it is. And I'm lazy. Is there enough
> related code in SSLeay to steal to help implement it?
I am cleaning up and documenting the routines right now, but yes, it is
possible to implement not only a CA but all the other stuff you mention.
I have finished digital envelope routines (ala Sign, Verify, Seal and Open).
I have the full functionality of RSAref plus support for about umpteen
differnt cipher in umpteen different modes (well DES, IDEA and RC4 in a
total of 13 different modes, I use structure pointers to specify ciphers
so only the ciphers used are linked in and it is also trivial for
applications to specify new ciphers to use).
Everything needed to implement PEM is there, to do S/MIME I've got to do
PKCS-7 but that is just a parsing and packageing problem which I will do
(when I get time) for SSL v3.
I'm also about to redo my X509_get_certificate routine so that an
application can 'push' 'methods' onto the system used to lookup certificates.
I need to be able to look them up via an alias, subject X509 DN, and
via Issuer and ID. If I get time I'll probably put in a demo 'method'
that will talk to a socket/host and ask for certificates (proably a
simple perl server at the other end).
I'm taking the view that if I can put hooks into the library for other
people to put in routines to retrieve certificates/CRL's I will not have
to do all the work :-). I just have to document everything so other
people can have a play :-)
eric
--
Eric Young | Signature removed since it was generating
AARNet: [email protected] | more followups than the message contents :-)