[OCF] OCF-based and PKCS11-based access to same data on the same card: possible?

Tue, 28 Dec 1999 08:08:55 -0800 

Question for smartcard gurus:

Given that OCF is smartcard-oriented, while PKCS11 is "token"-oriented, is
it conceivable - at least in theory - to have two different applications
(both relying on digital signatures) access the same key pair and
application data on the same smartcard, one appliocation via OCF and the
other via PKCS11?

With the FileAccessCard Service feature of OCF, the hypothethical 1st
application may store some data (es. "user=john/smith") on a smartcard
elementary file (EF) with FID e.g. 0x1065. The card actually has a file
system, and OCF knows that, so I end up knowing exactly "where" I am putting
those data on the card.

Using PKCS11, on the other hand, is pretty different. PKCS11 has the "DATA
objects" (CKO_DATA object class) feature by which the hypothetical 2nd
application can instantiate a generic data item (eg. "user=john/smith") and
have it created on the token (where?) -- if the PKCS11 library implements
that and if the token agrees -- associated with a certain label and
application name.

Now, how the hell are the two hypothethical application share the same data
("user=john/smith") ? How can the PKCS11-based application make sure the
data is stored on the same location where the OCF-based application will
look at?

Of course, the same problem may also apply to the keys: how to make sure
that the key pair used by the two application is the same, in case the token
has room for more than one?

Adriano
_______________________ 
Adriano Santoni 
Ufficio Progettazione Sicurezza
SIA S.p.A.
Viale Certosa, 218
20156 Milano, IT 

Phone: +39-02-3005.377 
Fax: +39-02-38003333 
E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  
Website: www.sia.it <http://www.sia.it>  



---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/

! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
!                           [EMAIL PROTECTED]
! containing the word
!                           unsubscribe 
! in the body.

Reply via email to