On 5 Mar 2010, at 17:34, Greg Mefford wrote: > It seems like the card software includes some > Windows tools (which is fine with me if that's what it takes to get > started) and a bunch of technical documentation, but not much > practical help in how to actually use the thing.
Right. As far as I know, that's all there is.
> The tools are available on Windows to initialize the card
> (whatever that actually means...) and administrate it, but the admin
> tools seem pretty useless without some idea of what buttons to press
> in what order.
The Windows administration utility places a file system on the card,
essentially, and then lets you load keys and certificates into it. Once you've
done that, you can plug the PKCS#11 library they provide into, say, Thunderbird
and use it for e-mail. That all works pretty well.
The file system is *almost* standards compliant, except where it just isn't.
For example, the thing that finally killed my attempts with this card is that
they lay down an illegal ASN.1 encoding of something or other (sorry, my notes
are elsewhere) which means that processing what the Windows utility lays down
with anything other than their software is problematic.
Note that the administration utility does *NOT* put a development card into
production mode. This means that with an appropriate tool (which they no
longer supply in the current SDK, as if that helps) you can *always* set the
card to its initial state (or, I suspect, read its contents) unless you've set
it to production mode with *another* tool (which they *also* don't give you
unless you know to ask about it). So unless you're just playing around, don't
make assumptions about for example the secrecy of information on the card.
> I have been working for a few days on trying to figure
> out how to create an encryption key in the card using the Card Tool
> without success.
The card tool, so-called, is much much lower level. In theory, you can do
anything at all with it, but you need to know what you're doing and as Andreas
says you can lock the card doing so. If you actually want to create a key on
the card, you need to have a file to put it in first, and that would be
non-trivial to do with the card tool. It's easy with the administration
utility, but then your problem is the weirdness in the rest of what's laid down
by that tool.
> Anyone using this card successfully in any capacity that could help me
> get started? Once I understand how this thing works, I'm interested in
> making it work with OpenSC, but if it currently only works on Windows,
> that's fine for now.
I'm using these cards in production, but not with OpenSC. I spent about a
solid week on it, and got a bit further than you did (I think I got a very
dirtily modified OpenSC to do 1024-bit private key operations, and I probably
still have that code somewhere) but in the end it was simpler for my purposes
just to deploy on Windows and use their library. Don't underestimate the
amount of work required to get something like this going, is all I'm saying.
-- Ian
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
