Hi Alan, two answers: 1) the diplomatic one: YES, you can support ANY card that has been � �personalized with PKCS#11 using OCF. See below for the requirements. 2) the realistic one: As PKCS#11 is card and application specific there is no such thing � � as a PKCS#11 card. You can not (likely) take an arbitrary card X that has been personalized with � � a PKCS#11 library implementation A and use it with a PKCS#11 library implementation B � � if A and B were intended for use with different cards/card applications. B will fail to read X � � with a very high probability. Requirements for YES, ANY: 1) Write a CardServiceFactory that knows ANY card you want to support. 2) Write CardServices for ANY card you want to support and make these � � available via the factory above. Thus your application need not know which of these cards you are using as long as your factory returns the required card service for that card. Your application requests a smartcard object and after that it requests the service needed. Regards, � � �Daniel |------------------------+------------------------+------------------------| | | Alan Alie | | | | <[EMAIL PROTECTED]> | � � � � An: | | | | Daniel.Ciesinger@GDM.| | | 20.03.00 11:10 | DE | | | | � � � � Kopie: | | | | OpenCard Discussion | | | | Forum | | | | <[EMAIL PROTECTED]| | | | g> | | | | � � � � Thema: | | | | RE: Antwort: [OCF] | | | | Talking to PKCS#11 | | | | cards with OCF | |------------------------+------------------------+------------------------| Hello Daniel, Thanks for your reply but I think you may have mis-understood my question a little. The point of my question is whether OCF's SignatureCardService will allow my application to gain access to the cryptographic facilities of ANY third party smart card that was personalised using the PKCS#11 API. If the SignatureCardService does not provide this capability then my next question would be.....is it possible to write a generic CardService to fulfil my requirements ? Thanks Alan > -----Original Message----- > From: � � � �[EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: � � � �Monday, 20 March, 2000 8:41 AM > To: � � � �Alan Alie > Cc: � � � �OpenCard Discussion Forum > Subject: � � � �Antwort: [OCF] Talking to PKCS#11 cards with OCF > > > > > Hi Alan, > > if I understand you correctly, PKCS#11 is used for personalisation of your > smart cards. So your cards have a file system with e.g. > X.509-certificates, > some keys for signing, encryption,... and possibly a key generation > feature. > OCF provides CardService interfaces for most of these features, so the way > to go is: > 1) Implement the interfaces needed. > 2) Write a CardServiceFactory. > You need to know the APDU values for your card. > > IMHO the answer is YES. Please note that you'll need to implement more > than the SignatureCardService in order to support the full functionality > of your smart card. > > Regards, > � �Daniel > |------------------------+------------------------+----------------------- > -| > | � � � � � � � � � � � �| � Alan Alie � � � � � �| > | > | � � � � � � � � � � � �| � <[EMAIL PROTECTED]> | � � � � � An: > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| � OpenCard Discussion > | > | � � � � � � � � � � � �| � 17.03.00 16:26 � � � | � Forum > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| > <[EMAIL PROTECTED]| > | � � � � � � � � � � � �| � � � � � � � � � � � �| � g> > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| � � � � � Kopie: > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| � � � � � Thema: > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| � [OCF] Talking to > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| � PKCS#11 cards with > | > | � � � � � � � � � � � �| � � � � � � � � � � � �| � OCF > | > |------------------------+------------------------+----------------------- > -| > > > > > > > > Dear All, > > Yet another plea for help from another newcomer ! > > Recently I have been investigating OpenCard and the OCF for my company. > After presenting my initial report I was asked the following question: > > A third party (Company X) issues cryptographic smart cards using its own > issuing s/w and this s/w uses a PKCS#11 API to write to these cards. Then > we > (Company Y) produce an application that communicates to smart cards using > the OCF. Can we use OCF's SignatureCardService to access the cryptographic > functions of the cards issued by Compnay X? > > This is a simple but fundamental question that has been put to me and I > have > not seen a clear YES or NO answer yet. Can anyone help? > > Thanks in advance > > > Alan S. Alie > > NetLexis Limited > Tel: +44 (0)1628 470900 (Switchboard) > Solutions for Secure Electronic Commerce > For more information, please visit our web site http:\\www.netlexis.com or > contact NetLexis direct. > ------------------------------------------------------------------------ > Disclaimer: I don't speak for NetLexis. > NetLexis doesn't speak for me.....it is better that way!!! > > > > > > --- > > Visit the OpenCard web site at http://www.opencard.org/ for more > > information on OpenCard---binaries, source code, documents. > > This list is being archived at http://www.opencard.org/archive/opencard/ > > ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email > ! to > ! � � � � � � � � � � � � � [EMAIL PROTECTED] > ! containing the word > ! � � � � � � � � � � � � � unsubscribe > ! in the body. > > > --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! � � � � � � � � � � � � � [EMAIL PROTECTED] ! containing the word ! � � � � � � � � � � � � � unsubscribe ! in the body. --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
