Can somebody give me a link to PKCS#11 test suite? This may be a simple utility or part of big project no matter.
I now only this one: Netscape PKCS #11 Test Suites
A:
An automated test won't be able to enumerate security flaws in your implementation or SSL/TLS. An automated test will tell you weather or not you are meeting the specifications.
Here are some manual testing guidelines: http://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
Testing ecc+ssl/tls: http://ecc.fedora.redhat.com/
Rook
2010-04-26 21:41:54
Thank you, but I need to test PKCS#11 library not a SSL/TLS... And the main goal is not to test security flaws, but conformance to the PKCS#11 standard.
Sasha
2010-04-27 06:54:37
@Sasha, aah yes, i recommend stepping though the code with a debugger.
Rook
2010-04-27 07:04:41
yes I can do this, but this will be the hardest way...
Sasha
2010-04-27 07:36:33
@Sasha tell me if you find something (http://milw0rm.com/author/677)
Rook
2010-04-27 08:11:59
@The Rook Ok, I will tell you.
Sasha
2010-04-27 08:33:57
+1
A:
Not sure what reception you would get, but you could ask on the Cryptoki mailing list or perhaps send a private email to someone off the list.
Also you could do a google code search for things like Cryptoki, C_Initialize etc it may turn something up.
Sorry, I don't have anything more concrete.
bignum
2010-04-27 05:49:14
A:
I would check OpenSSL and see if it includes anything relevant: http://www.openssl.org/source/
Andrew Medico
2010-04-27 06:02:14
I can not find something in OpenSSL to test existing PKCS#11 library. Can you give me some direction to search.
Sasha
2010-04-27 07:28:32
I'm not positive there is any. It just seemed like a likely place to check.
Andrew Medico
2010-04-27 23:41:20
+1
A:
OpenSC package includes pkcs11-tool, a very rudimentary test-suite, pkcs11-tool --test --slot X --module module. This is just for reference, I'm sure you can find some quirks in pkcs11-tool test suite if you're using a strange or little bit exotic PKCS#11 module.
martin
2010-04-27 17:58:33