Hello,

On Tue, Feb 22, 2011 at 17:39, Douglas E. Engert <deeng...@anl.gov> wrote:
> On 2/22/2011 1:16 AM, Martin Paljak wrote:
>
> At one time there was some Secure Messaging code in OpenSC, which as
> I understad it, was removed because the the intent of OpenSC is to
> support only the crypto that is available on the card. Since this uses
> secret keys, I was not sure if that code tried to define a
> sc_pkcs15_secretkey_obj (or something like that.)

No. There has been no central secure messaging code in OpenSC (yet).
But that is to happen in the next+1 release :)

What was removed and what you refer to was the support for enveloped
data and pkcs15-wrap.c [1] which did not create PKCS#11 objects the
way I see with a quick browse and AFAICR.

> It looks like OpenSC will need a sc_pkcs15_secretkey_obj, with native=FALSE
> to allow PKCS#11 to create a session object even with a R/O session.
>
> PKCS#15 defines the SecretKeys type. Is there any intent
> with OpenSC to support secretkey crypto using the card?
> Some HSM could take advantage of this. In this case the object
> would not be a session object.

Support for non-asymmetric keys in PKCS#11 would be a nice feature. I
don't know how universally applicable it would be but it would be
useful. But most probably it would assume special purpose cards and
special purpose applications in real life.


[1] 
http://www.opensc-project.org/opensc/browser/releases/opensc-0.11.13/src/libopensc/pkcs15-wrap.c

Best,
m.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to