From owner-freebsd-security@freebsd.org Mon Sep 14 10:28:23 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AAA84A0443D for ; Mon, 14 Sep 2015 10:28:23 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 751671A06 for ; Mon, 14 Sep 2015 10:28:22 +0000 (UTC) (envelope-from des@des.no) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 930F069DA; Mon, 14 Sep 2015 10:28:13 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 844DA4E72; Mon, 14 Sep 2015 12:28:12 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Dmitry Morozovsky Cc: freebsd-security@FreeBSD.org Subject: Re: SmartCards/Tokens recommended for TLS CA under FreeBSD References: Date: Mon, 14 Sep 2015 12:28:12 +0200 In-Reply-To: (Dmitry Morozovsky's message of "Fri, 11 Sep 2015 21:09:26 +0300 (MSK)") Message-ID: <86si6hnvlv.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2015 10:28:23 -0000 Dmitry Morozovsky writes: > We used Aladdin Pro (non-Java), but they are long gone, and I could not=20 > reimplement sign tree with sha256 after a dozen of experiments. Aladdin was acquired by SafeNet who have a range of PKI smart cards. I think the SC650 might meet your requirements. It is possible that they still sell the cards you used under a different name. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no