Hi,
On Mon, 2007-06-18 at 09:49 +0200, porsia wrote:
> I see in AbstractApplet.java something like:
>
> // FileLog.debug("Skipping CdCard for now when single
> jar/cab");// todo: fix
> // this.addPlugin(new
> org.openoces.opensign.certificate.plugin.cdcard.CdCardKeyStoreHandler());
> // if (OS.isMsJVM()) {
> // FileLog.debug("Skipping PKCS12 for now when MS
> JVM"); //todo: fix
> // } else {
> // this.addPlugin(new
> org.openoces.opensign.certificate.plugin.pkcs12.Pkcs12KeyStoreHandler());
> // }
>
> Does this mean that the keystore handler for cards is under
> development and doesn't work right now?
Just a quick comment ..
The java source you quoted is from our support for the cdcard keystore
which is not related in any way to a pkcs#11/smartcard keystore.
The cdcard keystore is basically an encrypted pkcs#12 with the following
little tweak: instead of entering the pkcs#12 password directly you
enter a 4-digit pin and obtain the pkcs#12 password from a server (if
the correct 4-digit pin was entered). The national PKI here in Denmark
uses the cdcard keystore.
As we are talking about extending OpenSign, allow me to promote our Open
Source Your Summer Initiative[1], where we will be paying the
participants for contributing to eg. OpenSign - a pkcs#11 keystore would
be a cool project proposal for OSYS '07!
[1] http://www.openoces.org/osys07.html
--
Carsten Raskgaard
Tux IT - OpenOCES consultancy
http://www.tuxit.dk
_______________________________________________
Developer mailing list
[email protected]
https://www.openoces.org/mailman/listinfo/developer
