On 3/14/2011 2:02 PM, Viktor TARASOV wrote:
> On 14.03.2011 13:56, Douglas E. Engert wrote:
>>
>> On 3/12/2011 1:40 PM, Viktor TARASOV wrote:
>>> Hi,
>>>
>>> For container's GUID I propose to adopt the classic serialized form
>>> (ex.{3F2504E0-4F89-11D3-9A0C-0305E82C3301})
>>> used by Windows containers.
>>>
>>> In this patch there is also little simplification of the key research, and
>>> some minor remarks.
>>>
>> (I am on vacation, so have not looked closely at the modification.
>> I cannot test anything until next week.)
>>
>> What I had tried to do was use the card serial number || ID of the key.
>> It looks like you are doing this.
>
> I do not change the 'binary source' of GUID, as it was done by François -- ID
> || serial.
> When 'intrinsic' object ID (SHA1) is used, the serial number do not
> participate in the GUID derivation.
>
>
>> The Windows 7 built in driver for the PIV card was doing something like this.
> Can you verify it?
>
>> I don't think the OpenSC containerID should match the W7 containerID
>> as there might be some confusion over which driver should be used.
>
> I'm slightly confused, the driver to be used is associated to the key
> container or to the card's ATR ?
> I've had an impression that this association is defined by
> ...\Cryptography\Calais\SmartCard\* registers .
> Is it possible to have more then one crypto provider for the same card ?
I believe the continerID is stored in the the Microsoft Certificate Store, and
it may also store the driver, that would be listed in the registry.
So it may not be a problem.
It is possible to have multiple providers for the same card. One would be used
when a certificate was added to the Cert Store. Then if a second provider was
added
such that it would be found based on the ATR before the first, then depending on
if the the provider was found from the ATR or from the Cert Store.
>
> Does there any difference in the card manipulation between the PIV card
> producer's driver and the OpenSC driver ?
> (One can do more/less then other ?)
There are "PIV card producer drivers", ActivCard for example
has this for XP and it runs on W7. But Microsoft has a built in
minidriver for W7 for PIV that works with login to AD. The PIV is
an application and a number of card vendors have cards with piv.
See NIST 800-73-3 I don't know how much of this Microsoft supports.
The OpenSC can be used via PKCS#11 where as the Microsoft does not
have this capability, (unless the Mozilla nsscapi.dll is used
that provides a PKCS#11 to the Cert Store. I have not tried it with
Outlook for signed/encrypted email,
but I bet it works.
>
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
