Hello, On Dec 23, 2010, at 10:56 AM, francois.lebl...@cev-sa.com wrote: > This patch simply break the use of westcos 2ko cards used for key transports > facility not > for hight security level... If you need to store keys for transportation purposes, you can use either data objects to store stuff inside a smart card or an ironkey or whatever is suitable for the purpose.
For consistency and to fulfill the expected security guarantee of smart cards, every crypto operation done by OpenSC must be done in hardware. OpenSC binaries must not generate itself any private or secret key material, only accept plaintext for importing into a card or emit it if the card supports exportable keys. If the card can not do crypto itself, it must be expressed clearly to the application, which must be designed accordingly. > I don't understand why this can be let in place since like I said or I would > like said I provide my own > custom build to the users of westcos cards 2ko so it's ok for me if official > build don't use openssl if Nothing forbids you from building modified versions of OpenSC with this feature added, granted that you also distribute the source code for your binaries. > I can still build with openssl and use software rsa... Yes. But I would not use smart cards in such scenarios. An Ironkey would be much better and easier to use. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
