Hi Emanuele, > I have one more alternative – I have written a smart card minidriver > for the Base CSP architecture. It's beta-ish, but it correctly handles > IE connections; I haven't tested Outlook et al. yet, but they should > be fine. > > The big advantage is that it is short (less than 2000 lines before > clean-up) and it does not need signing by Microsoft.
nice. do you use opensc code directly, or do you use the PKCS#11 interface to opensc-pkcs11.dll? > The disadvantages are that (1) it only runs on Windows XP+ (Vista > included) and I don't think users of Win2K and older are likely to start using smart cards. so I wouldn't worry about this one. > (2) it requires a hack in reader-pcsc.c. In detail, > Windows connects to the card first, and then passes a PC/SC context > and handle to the minidriver. Therefore, I had to modify reader-pcsc.c > to read pointers to them from the environment. It is not beautiful, > but there should not be any security implications since this behaviour > can be turned on or off from the main OpenSC configuration file. hmm, if the hack is config file enabled, people would need to switch edit it, when switching from outlook/ie/login/... to cmd line tools/putty/... and back? maybe some other solution could be used (like environment variables - easy way to store some text value that the library code can reach). sure it remains a hack, but I think it is most important to find one well working solution (as there are generic but not always well working alternatives already - csp11 and pkcscsp). > If it sounds "good enough" an idea, I'm going to push myself to clean > it up and release it a little earlier :) great! one question: I think both CSP#11 and pkcs-csp had some tool to "register" certificates or similar, but I don't know the details about what the tools did and why. do you need any special tool with your approach? also I wonder: if the smart card mini driver opens pcsc with locking the driver - how can several applications use the smart card? for example internet explorer, outlook and the GINA (login screen / screen lock)? did microsoft a central service that the applications talk to, or does the driver need to read all public info and then close the pcsc driver, so other apps can open it? or some other solution? Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
