Andreas Jellinghaus wrote:
> I'd be willing to help as time permits, and I'm sure many other people
> here can answer questions about writing new card drivers too. So why
> don't you give it a try? take a look at a few drivers with full support
> (like cardos and cryptoflex and starcos), the basic pattern is pretty
> much the same. I hope that helps to get started?
Certainly if you or others might be able to help me out if I get stuck,
I'd be happier starting off. It seems to me that it makes a big
difference if you have some of the cards already, as well.
I've poked around with the cards I have already with the supplied tool,
and sent it some basic APDUs, so I should be able to get started.
Where I did run into problems playing with the card at that level was
with "perform security operation" after using the supplied tool to load
some certificates and keys into the card. Nothing that I could do
seemed to lead to the encryption, decryption or signature results I
expected, and unfortunately I don't have a copy of 7816-8 which is where
I think this stuff is defined. Nevertheless, using Thunderbird's
PKCS#11 support with the very same card produces correct signatures!
The ACOS5 manual is pretty unclear on this stuff, I guess unless you
already understand what is supposed to be going on. Any clues as to how
you would approach debugging that kind of issue?
Another strategy question: the supplied tools claim to write a PKCS#15
file system on the card. I'd have contributed something, I think, even
if all I managed to do was enable cryptographic operations on a card
which had been formatted by their tool. So I'm tempted to try and work
initially with a card that I've loaded with keys using their tool. Is
that a worthwhile approach, do you think, or is their idea of PKCS#15
likely to be incompatible with the existing OpenSC code?
Last question for now: the svn repository has a file called
card-atrust-acos.c in it. Is this for something even slightly related
to the ACS ACOS5 cards and worth trying to use as a baseline, or is it
just completely unrelated?
-- Ian
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
