Re: [opensc-devel] Secure Messaging and concurrent access to card

Fri, 18 Feb 2011 04:58:00 -0800 

> > But why don't you store the needed SM-data in the card's
> > private data? This way each card handle has it's own SM context and
> > could access the card with different SM parameters (if supported).
> 
> Sorry I can't: AFAIK DNIe is "read only", at least at user level
> Ideally, virtual channels should be used, but not enought documentation
> on card to make sure that DNIe supports them. Need to test...
> 
> So cannot store sm context in card 

When talking of "virtual channels", do you mean the logical channels
defined by ISO 7816-4? You could have a look at the ATR's historical
bytes or EF.ATR to see if those are supported. If so, you only need to
count the connections to the card and set the appropriate bits when
sending APDUs. Such a counter could be stored in the driver's private
data. If you only access the card through OpenSC, you do not need
something like a daemon, which makes this kind of stuff.

> > > I'm thinking on a sort of "SM daemon" to take care on apdu 
> > > encoding/decoding
> > 
> > Please have a look at victor's repository
> > http://www.opensc-project.org/svn/opensc/branches/vtarasov/opensc-sm.trunk/
> > He uses relaying to a distant entity to encode/decode SM APDUs. This
> > sounds pretty much like what you have in mind.
> 
> I'll take a look. Actually I know about 4 different approaches
> - Use virtual channels. But need to test for feature availability 
> on DNIe card

As I am understanding it, the user's consent would be required for each
channel. And that's a good thing: You want to authorize different
operations with your cards independently.

So the conclusion is: Either you access your card only through OpenSC,
then you could use the private-data-approach or you access your card
through different applications with different use cases, which
reasonably requires multiple confirmations.

Greets, Frank.

Attachment: pgp9mqZc72sa8.pgp
Description: PGP signature

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to