Hi! It is implementation specific, which FIDs are used in PKCS#11 to store the data. So to make the above possible, you need some internal implementation spesific information. As this is not very beautiful.... But there is one exception. If the smart card data content is according the PKCS#15 specs (which standardize also how to store data objects into the smart card) and your PKCS#11 implementation support PKCS#15 data content in the token, then you also use OCF to read this same data, because the PKCS#15 standardise the data format in the token. Regards, MaSi > -----Original Message----- > From: Santoni Adriano [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 28, 1999 6:10 PM > To: [EMAIL PROTECTED] > Subject: ÄOCFĹ OCF-based and PKCS11-based access to same data on the > same card: possible? > > > Question for smartcard gurus: > > Given that OCF is smartcard-oriented, while PKCS11 is > "token"-oriented, is > it conceivable - at least in theory - to have two different > applications > (both relying on digital signatures) access the same key pair and > application data on the same smartcard, one appliocation via > OCF and the > other via PKCS11? > > With the FileAccessCard Service feature of OCF, the hypothethical 1st > application may store some data (es. "user=john/smith") on a smartcard > elementary file (EF) with FID e.g. 0x1065. The card actually > has a file > system, and OCF knows that, so I end up knowing exactly > "where" I am putting > those data on the card. > > Using PKCS11, on the other hand, is pretty different. PKCS11 > has the "DATA > objects" (CKO_DATA object class) feature by which the hypothetical 2nd > application can instantiate a generic data item (eg. > "user=john/smith") and > have it created on the token (where?) -- if the PKCS11 > library implements > that and if the token agrees -- associated with a certain label and > application name. > > Now, how the hell are the two hypothethical application share > the same data > ("user=john/smith") ? How can the PKCS11-based application > make sure the > data is stored on the same location where the OCF-based > application will > look at? > > Of course, the same problem may also apply to the keys: how > to make sure > that the key pair used by the two application is the same, in > case the token > has room for more than one? > > Adriano > _______________________ > Adriano Santoni > Ufficio Progettazione Sicurezza > SIA S.p.A. > Viale Certosa, 218 > 20156 Milano, IT > > Phone: +39-02-3005.377 > Fax: +39-02-38003333 > E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > Website: www.sia.it <http://www.sia.it> > > > > --- > > Visit the OpenCard web site at http://www.opencard.org/ for more > > information on OpenCard---binaries, source code, documents. > > This list is being archived at > http://www.opencard.org/archive/opencard/ > > ! To unsubscribe from the [EMAIL PROTECTED] mailing list > send an email > ! to > ! [EMAIL PROTECTED] > ! containing the word > ! unsubscribe > ! in the body. > --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
