Peter Stuge <stuge-opensc-devel <at> cdy.org> writes:
> If it doesn't however, directly calling OpenSC would be useful. > But in that case, why not do away with CryptoApi completely? Some theory: As tells http://msdn2.microsoft.com/en-us/library/ms953432.aspx If some user want to encrypt\decrypt some data, with certificate, which has private key on smart card, he use CryptoApi. CryptoApi on low level redirect calls to CSP. Windows has several number of ready for using CSP - s. But they doesn't know how to work with smart cards. So we need to create our own CSP, such as http://www.opensc-project.org/files/ pkcscsp/orig/ and use inside OpenSc for access smart cards on PKCS11 level. Opensc can't encrypt, C_Encrypt* returns CKR_FUNCTION_NOT_SUPPORTED, but can decrypt. Thus we need for encryption use standard windows CSP, because this operation need access only to public part of certificate, which can be exported from card using OpenSc. For decryption we can't use standard windows CSP, because this operation need access to private key, which doesn't leave card, so we use OpenSc. All this functional already is implemented in pkcscsp. But it doesn't work as I wrote high (pkcscsp tries to export key pair for encryption, and fails). _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
