On Apr 2, 2010, at 11:33 , Anders Rundgren wrote: > Hi, > > I thought that the main point with SCP (Secure Channel Protocol) was for > performing secure (end-to-end) card initialization and updates. Yes, that is one option.
But not related to what I'm trying to achieve (that with whatever type of card connections no key material exists/is created in plaintext outside of the smart card unless asked explicitly by the caller of OpenSC PKCS#11 module or command line utility) What I was talking about has zero relation to secure messaging. I want to: - remove code from OpenSC that deals with key generation (key generation has to be done by some other tool) - remove code that creates keys as session objects in software (unless required by some application) - add code that can wrap/unwrap keys inside hardware, for supported cards. - make sure that extractable/native/local/sensitive flags actually represent reality OpenSC deals with smart cards which usually means keys generated onboard of a smart card. Plaintext key material should never be created by OpenSC code and only exist if explicitly given as input argument or asked by some software (exportable keys). > Since SCP > works on the APDU-level I have some difficulties understanding how you > make it useful from PKCS #11 since the mapping is not one-to-one. Secure messaging is currently not implemented in OpenSC, if you have questions/thoughts/ideas/proposals on how this could be done, feel free to voice in! > Other ref: > http://technet.microsoft.com/en-us/library/cc708681(WS.10).aspx Uh. I don't want to write XML to exchange APDU-s, no thanks (like http://www.codeproject.com/KB/smart/SmartcardFmwk.aspx ) I'm not a believer in the "look, don't have to write code, just xml!" cult. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
