eugene wrote:
Hi,
I am working on new smart card driver for opensc library.
Here is the description of problems I found during implementation:
SC does not conform to PKCS#15, it does not contain RSA/DSA ciphers at
all, except Russian GOST-28147.89 standard,
but Windows drivers support keeping RSA key, X.509 on card.
you mean the windows driver uses the smard card as a simple storage
token and does all crypto in software ?
My intention
to implement same functional set with help of opensc framework...
The card have some specific features derived from Windows drivers
- it has two "Map" files used to describe contents of data stored on
tokens flash.
ok
PKCS#11 function - C_GenerateKeyPair should create also special
"container" for
the key pair in those map files, that should be implemented to keep
compatibility with windows. Here difficulties come with attempt to
create two-byte identifier and save it as additional attribute
with PKCS object.
But for the ะก_CreateObject, I have just to put only object into file.
Could you advice how to implement this effectively?
this isn't really trivial. Currently support for non-pkcs15 cards
is mostly read-only (due to the fact that the current opensc
pkcs11 implementation heavily depend upon on pkcs15init which it
turn requires a (file-system based) pkcs15 compliant card).
because real
trouble happens when I working with Mozilla, SC does not permit store
additional identifiers bytes with keys:
sorry, but what do you mean with "additional identifiers" ?
sc_pkcs15_object.label,
sc_pkcs15_pubkey_info.key_reference,
sc_pkcs15_prkey_info.key_reference, sc_pkcs15_pubkey_info.usage,
sc_pkcs15_prkey_info.usage
Another critical point for me, Could you provide ideas how to implement
RSA software emulation on SC_ALGORITHM_RSA_RAW flags, is it possible?
get the key from the card and use openssl, or what do you mean ?
Also Is it possible to implement digital signature using OpenSSL
engine (not smart card) by utilizing flag SC_ALGORITHM_RSA_HASH_NONE?
should be but I'm not sure if I really understand what you exactly
mean ;-)
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
