Re: [opensc-devel] OpenPGP card / Cryptostick - current status???

Mon, 21 May 2012 04:22:25 -0700 

Hi Viktor,

On 05/21/2012 05:10 PM, Viktor Tarasov wrote:
>
>     > 2: The current driver emulates SELECT and READ BINARY APDUs
>     > by reading from the corresponding Data Objects. I believe this
>     > was done in order to emulate a (read only) PKCS#15 file layout.
>     > If that was true - is there any hope to extend this emulation?
>     Yes, but it seems that this emulated file layout does not match the
>     PKCS#15 very well, leading to the problem which I described in this
>     topic
>     http://www.opensc-project.org/pipermail/opensc-devel/2012-May/018018.html
>
>
> Card specific emulator do not emulates the file system but exposes the
> pkcs15 objects with their attributes.
> These attributes genarally contain some 'path'. 
> This 'path' can-be/is treated by the card specific libopensc driver.
I think this is right for pkcs15 binding in libopensc folder, but not
for pkcs15init binding in pkcs15init folder.

For example, here is how I expose the certificate object, located at
path "3F007F21", to pkcs15:

    sc_format_path("3F007F21", &cert_info.path);
    strlcpy(cert_obj.label, "Cardholder certificate",
sizeof(cert_obj.label));

    r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);

However, when come to pkcs15init, the path is read from the
pkcs15.profile, then openpgp.profile, and it is "3F0050157F21" instead
"3F007F21" (the additional 5015 comes from pkcs15.profile). I have not
found a way to intervene the path reading to change "3F0050157F21" to
"3F007F21" (what the lower driver needs) yet.
> Beside the absence of pkcs15init support, afais, 
> the openpgp libopensc driver have no support for any operation 
> that could change the card's content: write, update, delete, generate,
> import, ...
>
At low level, the OpenPG card uses PUT DATA command instead of UPDATE
BINARY to write content. I implemented that put_data function for
OpenPGP driver in my github repository
(https://github.com/hongquan/OpenSC-OpenPGP/commits/openpgp).

-- 
Regards,
Quân


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to