Sun Crypto Accelerator 1000 application and documentation

[Torsten Kirschner]

Hi,

we're getting a bunch of these boards, mainly for SSL.
I wonder, though, whether anybody has used them for other
types of applications, like PKI/PKC stuff.

Is there some sort of development API documentation?

I'd love to use them for secure key storage and hw accelerated
encryption of CMS/PKCS#7 using supported ciphers.

In case it matters, we're using RSA Cert-/Crypto-J and
IAIK Java libraries, but OpenSSL would not be out of the
question.

Also, what is the difference between the version 1.0 and
version 1.1 boards?

best regards,
Torsten

[Darren J Moffat]

On Fri, 25 Jul 2003 12:28:38 +0200, Torsten Kirschner wrote:

> I'd love to use them for secure key storage and hw accelerated
> encryption of CMS/PKCS#7 using supported ciphers.

The SCA-1000 & SCA-500 do not have a hardware keystore it is just
an RSA & 3DES crypto accelerator.

The SCA-4000 does have hardware keystore, it also has an
noboard Gigabit ethernet and does IPsec offload in the card.

> In case it matters, we're using RSA Cert-/Crypto-J and
> IAIK Java libraries, but OpenSSL would not be out of the
> question.

There is an unsupported OpenSSL distribution (along with
mod_ssl) that comes with the card, to hook it to Apache.

You may also wish to look at using PKCS#11 which is how
it links to Sun One WebServer. PKCS#11 is the defacto
industry standard API for accessing HSMs.

> Also, what is the difference between the version 1.0 and
> version 1.1 boards?

Software stack.

--
Darren J Moffat