I have been going through a process of creating a Open-Source recepie
for applications using PKI enabled Smart-Cards. I add another wrinkle
here, we say that we also want Java Applications to be able to make use
of PKI-enable smartcard for cryptographic functionality.
Objective of this email:
------------------------
To be able to share thoughts and brain-storm on areas that I am not
clear and someone might be able to share a better flavor or
caution the impact of selecting a particular ingredient or even a
particular brand of hardware equipment.
Reason for leaning toward an Open-Source solution is: that
we are not dependent on a specific/expensive Vendor-specific
component that cannot be quickly made available on HPUX
(i.e the platform of our choice)
Ingredients
-----------
Operating System: HPUX 11i running on PA-RISC2.0
Interface to PA-RISC box: Serial
Java Virtual Machine: J2SE version 1.5.0.xx
Smart Card Reader: ?
Smart Card: ?
pkcs#11 implementation ?
pkcs#15 implementation ?
PC/SC ?
Drivers for Smart Card ?
Gist of the Recepie
-------------------------
Java 5.0 comes along with wrapper that serves as PKCS#11
provider (i.e PKCS#11 classes and respective JNI librarry)
that talks to native PKCS#11 implementation or we call it
PKCS#11 driver. In order to make this PKCS#11 loosely
coupled with a specific Smart Card, we assume that
Smart Card is PKCS#15 compliant and our PKCS#11 is also
PKCS#15 aware, i.e. it can generate PKCS#15 specific
APDU(s). Now we need to bridge these PKCS#15 specific
APDU(s)s to with the PKCS#15 compliant Smart Card. This
is the are, I am relatively more gray. Not sure, if I have
to have a PC/SC layer in between or not, If not then how
to bridge the gap.
Which Smart Card Reader?
------------------------
I am thinking about GemPC Serail interface based reader for
this discussion. Reason: It is claimed to be ISO-7816
complaint. GemCore based PC/SC reader drivers are available
as open source. Though I am not sure why PC/SC would be
necessary, i.e. what do I get with it or what do I
loose without it.
Which Smart Card?
-----------------
Any suggession is welcome. Though I think it should be
PKCS#15 compliant.
Which pkcs#11 & PKCS#15 implementation
---------------------------------------
So far, I am leaning towards OpenSC/CT project
Question Of PC/SC?
------------------
I would really appreciate, if some one could help me clarify,
* why one needs to have PC/SC component.
* What is it that its doing? and What would happen, if it's
not there.
Question: Bridge between PKCS#15 specific APDU(s) and Smart Card
----------------------------------------------------------------
I think part of this answer will come from question of PC/SC. If
PC/SC has to be there, than do I just pass my PKCS#15 specific
APDU to PC/SC interface or there is something else that needed to
be taken care. On there hand, if we do not have PC/SC layer
in-between, then how do I pass this APDU to the smart-card reader.
Question:
---------
Does PKCS#15 fully replaces vendor specifc library that must know
about smart-card specific commands or information. If not, than
what could be that.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
