Description:
Hello,

Someone at OpenSC mailing list requested to be able to authenticate SSL session using certificate/key located on smartcard.

I've created a prototype patch:
http://alon.barlev.googlepages.com/mysql-pkcs11

Currently it only support *NIX, but it would be simple to support Windows as well. But understanding your strange build system was already the most complex task.

If you like, I can work with you in order to improve it so you may provide this feature to all users.

I understand that it allows (at least) the root user to use the database in more secure manner... so regular users may not authenticate as root.

The C API needed to be modified is:
1. Add PKCS#11 provider.
2. Register user prompt hook (token and passphrase). And as a result also support encrypted private key files.

At the end of the process also the server certificate/key should be PKCS#11 enabled.

Regards,

How to repeat:
Download from:
http://alon.barlev.googlepages.com/mysql-pkcs11

Thank you for a contributed patch. I hope it will be considered soon.

Hello Alon - 

In order for us to continue the process of reviewing your contribution to MySQL - We need you to review and sign the Sun|MySQL contributor agreement (the "SCA")

The process is explained here: 
http://forge.mysql.com/wiki/Sun_Contributor_Agreement

Getting a signed/approved SCA on file will help us facilitate your contribution-- this one, and others in the future.

Thank you ! 

Liz Drachnik  - Program Manager - MySQL

Hello,

I don't wish to sign this document.
Just remember that supporting cryptography without supporting hardware cryptography is in most cases void.

Thank you,

Related:
Bug #75446 	Support for PKCS#11 (token/smartcard) in mysql client