From owner-freebsd-security@FreeBSD.ORG Sun May 13 07:39:22 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63534106566B for ; Sun, 13 May 2012 07:39:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id C2FED8FC15 for ; Sun, 13 May 2012 07:39:21 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q4D7dGvY039030 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 13 May 2012 08:39:17 +0100 (BST) (envelope-from matthew@FreeBSD.org) X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q4D7dGvY039030 Authentication-Results: smtp.infracaninophile.co.uk/q4D7dGvY039030; dkim=none (no signature); dkim-adsp=none Message-ID: <4FAF651B.6090407@FreeBSD.org> Date: Sun, 13 May 2012 08:39:07 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: mahdieh salamat References: In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig349BC7187B4CE06D4540DF8B" X-Virus-Scanned: clamav-milter 0.97.4 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Sun, 13 May 2012 08:29:48 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: HSM in FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 May 2012 07:39:22 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig349BC7187B4CE06D4540DF8B Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 13/05/2012 06:58, mahdieh salamat wrote: > Hi all. I want to use a HSM pc card for security in my system. Can I us= e it > in FreeBSD? FreeBSD support this cards? I take it you mean a 'Hardware Security Module' and not 'Hierarchical Storage Management' ? You'ld have to tell us the make and model number of the card (ideally with pointers to the manufacturers website showing technical specs if you can.) Hardware is not generally supported by specific function, but per manufacturer or per chipset. Also, there's no guarantee that all the functions of a particular card are supported, but once we've pinned down what drivers etc. will be used for that hardware, the documentation should cover that. Having said that, I believe that OpenSSL provides an API for accessing many of these sorts of devices, so if OpenSSL supports it, then you're probably in luck. A keyword here is 'cryptoki' (meaning cryptographic token interface) -- that's the standard that OpenSSL implements. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enig349BC7187B4CE06D4540DF8B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+vZSMACgkQ8Mjk52CukIxhJwCeKULVn35F/zJoVgrFTkv+7Egs DjMAniRzQdZjUawS7+XayM7S1KKfLWsS =dyDz -----END PGP SIGNATURE----- --------------enig349BC7187B4CE06D4540DF8B--