Hi, I would like to start to submit the support for the cards IAS/ECC as it defined in 'Gixel' specification [1] . File system of this card is based on PKCS#15.
This support should include multi-applications, secure messaging (SM), external authentication (EA), qualified signature, ... Support of SM and EA will be implemented as a loadable module . This module, relatively small, will have different versions. 'Local' version will have direct access to the SM or EA key-sets and is used mostly for tests. 'Distant' version should communicate with some distant entity that is able to 'securize' the APDUs or to generate secured APDUs . This solution we are currently using in our PKI&SCM projects . IAS/ECC support will be tested with the personalization profiles defined in [2] as well as with the internal profiles of some of the IAS/ECC card producers. But final support will be not depending on any particular profile. Other cards, that declare compatibility with PKCS#15, and use similar SM mechanism or SM mechanism defined in GlobalPlatform, can also be supported. This support will need a certain intervention into the OpenSC core in the libopensc, pkcs15 and framework-pkcs11 parts. I imagine two possible scenarios: First one is to create some sub-project or brunch, forked from the current trunk. Here we'll have possibility to finalize the basic architecture features in inoffensive for the main brunch manner . I cannot estimate how much efforts is needed to support one more sub-project, and so, don't know if it's acceptable. Second is to start the integration into the main trunk. It will be rather slow and somewhere 'painful' way. But it will not need the support of another brunch/sub-project . I don't know what is the release roadmap, but if that is 'the road we take', I guess it would be safe to fix the actual state of trunk with the next (major ?) release . What are you thinking about? Kind wishes, Viktor. [1] http://www.gixel.fr/includes/cms/_contenus/bibliotheque/file/CAP%20/IAS%20ECC%20v1_0_1UK.pdf [2] http://www.gixel.fr/includes/cms/_contenus/bibliotheque/file/CAP%20/Profil_IAS_ECC_v1_36_GIXEL.pdf -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
