On Fri, 22 Aug 2008, David Lutterkort wrote:
On Thu, 2008-08-21 at 14:18 -0500, Jeffrey Ollie wrote:
> What about using a crypto card like Jesse plans on using for Sigul?
I wonder if a TPM can be (ab)used for this, too; they are pretty common
on newer hardware, and store a key in HW that can not be extracted.
Not sure though if anybody has looked at using it to sign SSL certs, and
especially at keeping logs of what was signed in a way that makes it
impossible to tamper with those logs, e.g. to hide the signing of some
certs.
Possibly. I was looking earlier too for something like ssh-agent or gpg
agent to serve this purpose... Haven't seen anything. Which.. well
strikes me as strange. It'd be a software way to do what we're talking
about.
-Mike