http://csrc.nist.gov/publications/nistir/nist-IR-7206.pdf
It seems that NIST researchers are doing things in this area. They have also concluded that the PIV card format is "wrong" and that PIV needs to get out of its ID-card/badge costume in order to deliver full value. Maybe the PIV card's user keys are primarily suited as seeds for secondary instances of keys, where the secondary instances may take many different forms including USB tokens, SC tokens and IMHO TPM tokens as well? That is, you would use the PIV card for authenticating to the CA, in order to generate and download additional PIV "clones". The absence of good in-line key-gen tools will though hamper this a bit. Anders ----- Original Message ----- From: "Peter Williams" <[EMAIL PROTECTED]> To: "'MUSCLE'" <[email protected]> Sent: Tuesday, August 09, 2005 08:24 Subject: [Muscle] windows CE, and PIV201 tokens Does anyone have any experience with musclecards and Windows CE-based PDAs? I've managed to hook up our CCID token to a PDA, via a USB host adaptor card delivered in compact flash format. Ideally, there is a simple scripting application for the CE O/S that can now exploit the platforms PC/SC support (and the CE CCID driver) to now exchange commands with the musclecard on our USB token. Im quite happy to buy the application, rather than learn the CE development kits, for PC/SC. Peter _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wei Hu Sent: Monday, August 08, 2005 11:17 PM To: MUSCLE Subject: RE: [Muscle] pkcslite and libmusclecard on solaris box Hi Doug, I did the same thing as you did to add the reader. I have compiled opensc on solaris box. But 'opensc-tool --list-readers' still says no readers found. I have ocfserv -D running and it didn't show any debug information when running opensc-tool. So I think opensc-tool didn't even get communicated with ocfserv daemon. How did you compile opensc? Do I need to have additional configurations to make opensc talk to ocfserv? You help is great appreciated. Many thanks, Wei _____ From: [EMAIL PROTECTED] on behalf of Douglas E. Engert Sent: Mon 8/8/2005 7:59 AM To: MUSCLE Subject: Re: [Muscle] pkcslite and libmusclecard on solaris box Wei Hu wrote: > Do you have two internal readers? Make sure you do have /dev/scmi2c1 on your system. > No. But looking closer I did not use the correct device. The Sun Balde 1500 with Solaris 9 defines /dev/scmi2c0 This worked. Starting the ocf server with debug in one window as root: /usr/sbin/ocfserv -D Then in another window as root: smartcard -c admin -t terminal \ -j com.sun.opencard.terminal.scm.SCMI2c.SCMI2cCardTerminalFactory \ -x add -d /dev/scmi2c0 -r InternalReader -n SunISCRI Stoping and restarting the ocfserv server. ^C /usr/sbin/ocfserv -D Then to see the parameters: smartcard -c admin -t terminal I am now able to use the opensc-tool to see a card which was the real goal. Thanks to Amit, Wei and Sim. > Wei > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Douglas E. Engert > Sent: Fri 8/5/2005 9:23 AM > To: amit danayak; MUSCLE > Subject: Re: [Muscle] pkcslite and libmusclecard on solaris box > > > > I too am looking at using the internal reader on a Sunblade 1500 > with Solaris 9. > > I have the same set of libs as Wie Hu has, and have tried the GUI > and now the command line wihc fails below. > > > > amit danayak wrote: > >>Hi Wei, >>These are the Steps for Configure Internal Reader on Solaris 8/9 >>Make sure you have installed the following patches (check for the >>latest revision on sunsolve.sun.com) for smartcards, 110457, 109887 >>and 109695 >> >>Run the following command to activate the reader command to activate reader : >> >>smartcard -c admin -t terminal -j >>com.sun.opencard.terminal.scm.SCMI2c.SCMI2cCardTerminalFactory -x add >>-d /dev/scmi2c1 -r MyInternalReader -n SunISCRI > > > Well I tried it with /dev/scmi2c1: > > # smartcard -c admin -t terminal -j \ > com.sun.opencard.terminal.scm.SCMI2c.SCMI2cCardTerminalFactory -x add \ > d /dev/scmi2c1 -r MyInternalReader -n SunISCRI > Error: Classname, devicename, userfriendly readername, readername, IFD handler library or action argument is missing. > > > >>where MyInternalReader: whatever you want to name the reader >>then Restart ocfserv and Add ATR for smartcard. >> >>If you have any probs let me know ... >> >>Smiles >>Amit >> >> >>On 8/2/05, Wei Hu <[EMAIL PROTECTED]> wrote: >> >> >>>I have a sparc box with solaris 9 installed. It also comes with an internal >>>reader. I compiled the pkcslite and libmusclecard on that system and now >>>want to make it work on the internal reader. >>> >>>Dose anyone have successfully make it work on Sun's internal reader? What >>>kind of driver should I specify >>>in /etc/reader.conf? >>> >>>Thanks, >>> >>>Wei >>>_______________________________________________ >>>Muscle mailing list >>>[email protected] >>>http://lists.drizzle.com/mailman/listinfo/muscle >>> >>> >>> >> >> >> > > -- > > Douglas E. Engert <[EMAIL PROTECTED]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle -------------------------------------------------------------------------------- _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
