Hello, On Tue, Feb 22, 2011 at 17:39, Douglas E. Engert <deeng...@anl.gov> wrote: > On 2/22/2011 1:16 AM, Martin Paljak wrote: > > At one time there was some Secure Messaging code in OpenSC, which as > I understad it, was removed because the the intent of OpenSC is to > support only the crypto that is available on the card. Since this uses > secret keys, I was not sure if that code tried to define a > sc_pkcs15_secretkey_obj (or something like that.)
No. There has been no central secure messaging code in OpenSC (yet). But that is to happen in the next+1 release :) What was removed and what you refer to was the support for enveloped data and pkcs15-wrap.c [1] which did not create PKCS#11 objects the way I see with a quick browse and AFAICR. > It looks like OpenSC will need a sc_pkcs15_secretkey_obj, with native=FALSE > to allow PKCS#11 to create a session object even with a R/O session. > > PKCS#15 defines the SecretKeys type. Is there any intent > with OpenSC to support secretkey crypto using the card? > Some HSM could take advantage of this. In this case the object > would not be a session object. Support for non-asymmetric keys in PKCS#11 would be a nice feature. I don't know how universally applicable it would be but it would be useful. But most probably it would assume special purpose cards and special purpose applications in real life. [1] http://www.opensc-project.org/opensc/browser/releases/opensc-0.11.13/src/libopensc/pkcs15-wrap.c Best, m. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel