

Show HN: AcceSSL: a "soft HSM" for OpenSSL to secure private keys - gozdal
https://github.com/gozdal/accessl/

======
reedloden
Neat idea with good potential, but Affero GPL just means nobody realistically
is going to use it. :/

------
reedloden
1024-bit RSA key is not a good test, as both NIST and CABForum policy require
at least 2048-bit for RSA private keys used in SSL certificates. What is the
performance with that size? or even 4096-bit?

What about ECC keys?

------
wmf
It would be interesting to compare this with factotum. [http://plan9.bell-
labs.com/plan9/factotum.html](http://plan9.bell-labs.com/plan9/factotum.html)

~~~
gozdal
As far as I can see factotum is used for authenticating users into the system.
AcceSSL allows you "only" to store RSA private keys on a separate
machines/machines without storing them on Internet-facing server handling SSL.

