Hello, I would like to discuss an extension for the libopensc API, that implements secure messaging.
In the attachment there is the patch to the common OpenSC part. The full patch was tested with Oberthur card. (Java card, secure messaging is conform to GlobalPlatform .) The main headlines are: - secure messaging (SM) is used only for APDUs that really need it: secure channel initialized just before, and closed immeadiatly after. - secured APDUs are generated by some external SM_server (in my case it's HTTPS server). OpenSC access SM_server via the SM_module. SM_module to be used is defined in opensc.conf and is loaded during the sc_context initialization. - SM_module exports three functions: initialize(), get_apdus() and finalize(): first one is to get the host challenge; second is to get the secured APDUs; last one is to return the confirmation. - libopensc card driver use cache of the curent EF's and DF's FCIs and detects the moment when SM has to be used. - APDUs processing is deviated to the SM procedures at the level of libopensc commands (not at the APDU transmission level) -- key_generation, key_import, pin_unblock, binary_write. Current trunk version of libopensc/card-oberthur.c contains (in comments) the SM specific procedures. Full patch (too voluminous for this mail) contains SM_server tool to generate secured APDUs, and SM_module implementations. It would be nice to hear your opinions, kind wishes, Viktor.
opensc-0.11.1.trunk.20061204-sm-common.patch.tgz
Description: GNU Unix tar archive
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
