Kasra Nassiri(Math & ComSci) escreveu:
What do you think? Anything that I am missing on?
The concept of a cryptographic token. I have in the past also considered what would be a generic cryptographic library; I agree with the general approach of searching for the concepts modelled by cryptographic primitives but feel no truly useful cryptographic library can leave out hardware support. Even though OpenSSL doesn't have official hardware support and is actually widely used, I have personally never used it in a full product exactly because it lacks support for keys stored in hardware. For this reason, I feel a complete generic cryptographic library must at the very least fulfill the use cases possible with the PKCS #11 interface, if it won't be a wrapper for this interface. This means the library must be implementable as front-end to a PKCS #11 driver. Maybe a design based on "policy classes" would satisfy this requirement. Also, I can contribute to this project a generic PBKDF2 I have lying around here somewhere. -- P.