Andreas Jellinghaus <aj <at> dungeon.inka.de> writes:
>
> yes. hmm,, strange, you shouldn't need a profile file unless you want to
> change the card. using it should be fine without the profile file.
>
> why do you want to use opensc for encryption?
> smart cards are usualy used for signing or decryption, but encryption is
> usually done in software, since it only uses the public key, and any desktop
> pc is much faster at that than a smart card.
>
> for testing decryption or signing you can simply use the pkcs15-crypt command.
> the regression test suite has some examples.
>
> note that pkcs11-tool --test does give errors about tcos cards, as it tries
to
> test some modes that tcos does not support (or more specific: that tcos could
> support, but the keys are usually restricted to deny that mode, and opensc
> isn't precise enough about that yet).
>
> Regards, Andreas
>
I think, but not sure, that problem more is in CSP, I use open source CSP #11.
Encryption in Windows must be like this:
Method 1
1. Bind to selected key container (get it from certificate).
2. Generate session(symmetric) key.
3. Do symmetric encryption, by session key.
4. Export session key (in this operation, key must be crypted by public key of
cert).
Decryption:
1. Import key (decrypt key by private key of cert).
2 Decrypt data by imported encoded session key.
or
Method 2
1. Bind to selected key container (get it from certificate).
2. Generate key pair.
3. Do asymmetric encryption, by key pair.
4. Export public key.
Decryption:
1. Import public key.
2 Decrypt data by imported key.
On operation 2 of second method CSP #11 tried to use C_GenerateKeyPair, and
fails by reason as posted high.
For solutions we need in any case use asymmetric encryption in Windows CSP by
OpenSc public key, because our provider throw OpenSc can't do it.
Is it possible? Is in OpenSc tools examples of encryption\decryption?
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
