Geoffrey Elgey wrote:
G'day,
Martin Paljak wrote:
You can use whatever pkcs11 module with opensc pkcs11 openssl engine - for example muscle pkcs11.
My understanding is the the OpenSSL PKCS#11 engine in OpenSC relies on a PKCS#11 implementation on the path.
o If the card in the reader is a Cyberflex e-gate 32K card (a java card), then the PKCS#11 library provided by muscle is required (and the muscle applet must be loaded onto the card).
o If the card in the reader is a Cryptoflex 32K card (a file-based card), then the PKCS#11 library provided by OpenSC is required (and the card must have a PKCS#15 file structure).
Is that correct?
Sort of. But the OpenSC code now has pkcs15-emulation routines, which emulate pkcs15 file operations on a non-pkcs15 card. So if one was written to work with the Muscle applet, you could use the OpenSC PKCS11 that calls the OpenSC PKCS15. The choice of the emulation can be controlled by the opensc.conf and based on the ATR. (I have been working on a GemSAFE emulator this month.)
I'm wondering what happens if I use a Cyberflex card in the reader, then pull it out and use a Cryptoflex reader. It seems that the OpenSSL PKCS#11 engine must invoke a different PKCS#11 implementation, and I'm wondering how that happens, if my understanding above is correct.
That would work too, but at a different level.
-- Geoff _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
--
Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
