hi Diego,
> -----Original Message-----
> From: Diego Pietralunga [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 27, 2001 4:07 PM
> To: [EMAIL PROTECTED]
> Subject: [OCF] Using OCF with a crypto toolkit with no smartcard support
>
>
> Hello,
> I'd like to know whether I can use OCF for "complex" crypto operations
> provided by a third party.
> Namely, I'm using the IAIK crypto toolkit (from Graz University, Austria)
> for building a digital signature application enhanced by a crypto
> smartcard.
nice to hear.
>
> The problem is that IAIK provides all the necessary framework I need
> (certificate handling and SMIME support) but it DOES NOT support smartcard
> natively!
not by now. that is right.
>
> I came up with another third party library that provides the
> interface with
> the token via DLL (so, only windows) basing on IBM PKCS11 Java Wrapper.
you have to be aware of the fact that the IBM PKCS11 wrapper is alphaworks
and as far as i know, you are not allowed to use it in commercial systems,
you must not redistribute it, ... just for playing around.
we are also working on a PKCS#11 wrapper that should be available for first
tests until - let's say summer.
> With that, I can (more or less) seamlessly "give" the PrivateKey reference
> to the IAIK toolkit that does the work.
>
> I would be really happy if this cuold be done also in OCF, because this
> would be a 100% java solution.
i also tried to realize such a solution based on OCF. the problem was that
there were really no card solutions available that implement the necessary
card services, e.g. the SignatureCardService, in an usable manner. for the
IBM cards the card services are available, and they should work. but for IBM
MCF cards there are no development tools avaiable for initialization,
PKCS#11 modules, MS CSP drivers, ... at least nobody was able to tell me
where to get them. even not the distributor company itself.
the other card service implementation that i got was the one for GPK8000
cards from Gemplus. but unfortunately they are in alpha-state and lack some
major features, like PIN protection of signature keys. moreover, currently
there is nobody really working on this drivers at gemplus. the last
bugfix/change is over a year ago.
last but not least, you cannot use the GPK card services with GemSAFE cards,
though these are GPK8000 based. one reason is that there is an undocumented
(hidden) PIN on the GemSAFE cards that are required to use the signature
keys (where does it come from? what is it good for? who knows it?). Gemplus
does not provide the necessary information that is required to use GemSAFE
cards with OCF.
>
> Can this be done?
yes, some days i was successful in implementing an pure OCF based JCE
provider using SeTec cards. they have a OCF card service implementation for
SignatureCardService. by now this SeTec card seem to be very promising to
me. however, i will need to do some more tests.
>
> Best Regards,
> Diego Pietralunga
>
> P.S.=I know that OCF provides a sign() method but unfortunaltely, this
> returns a byte array which cannot be "passed" to IAIK (at least in my
> release, 2.51) while,say, creating an SMIME object.
we are also working on a solution that makes it easier to sign according to
PKCS#7 using smart cards.
with kind regards
Karl Scheibelhofer
--
Karl Scheibelhofer, <mailto:[EMAIL PROTECTED]>
Institute for Applied Information Processing and Communications (IAIK)
at Technical University of Graz, Austria, http://www.iaik.at
Phone: (+43) (316) 873-5540
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
