resoli - libero wrote: > This thread is really interesting looking from an italian perspective. > > Viktor mentioned the fact that in Italian CNS card PIN and signature are > secure messaging protected, as reported by Emanuele Pucciarelli that > created also some patches[1] to support that cards in OpenSC. > > Unfortunately the sm 3DES keys needed are static, and usually embedded > in proprietary pkcs11 libs, so no chance to have a true open source > implementation at this time. >
Static secret keys do contradict the open source implementation. The last one will provide the possibility to supply the keys knowledge to the middleware (the simplest way to look for it's values in the card profile) or to externalize the SM encoding of the APDUs (through the loadable modules). > IAS-ECC specification describes a "Device authentication with Privacy > Protection" scheme[2] where sm session keys are negotiated each time > using a protocol similar to TLS. > > I have looked at the code posted by Viktor at > > http://www.opensc-project.org/svn/opensc/branches/vtarasov/opensc-sm.trunk > > and it seems to me that that part is still not covered. Is it correct? > Yes, it's still under development. Before SM implementation, I would like to finish the 'common' support of the IAS-ECC card and test it with the actually available cards 'Gemalto IAS-ECC Multi-App' and 'Oberthur IAS-ECC v1.0.1'. If you are interested by the other IAS-ECC card you can send it me. My own interest is to make this support the most general . > Me and many people in Italy are really interested in this activity, > hopefully soon or later CNS specification (valid for Italian eID as > well) in the future would be aligned to IAS-ECC, and in that case almost > all widespread cards in Italy (several millions) would be supported by > OpenSC > > bye, > Roberto Resoli > Kind wishes, Viktor. > [1] http://www.opensc-project.org/opensc/wiki/ItalianCNS > [2] http://www.gixel.fr/includes/cms/_contenus/bibliotheque/file/CAP% > 20/IAS%20ECC%20v1_0_1UK.pdf , Chapter 5.2.3 "Device authentication with > privacy protection" > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
