Hi Douglas. I am quite late with the answer, sorry. :)
Douglas E. Engert wrote: > > >> >> Some words to finish this topic: >> >> My goal was to encrypt/decrypt some data with the PIV card (i.e., only >> the >> card keeper may use the data). It can be done in the easier way: >> >> 1. PIV cards can have their Key Management Key destined to provide key >> establishment during transactions. >> 2. If this KMK uses ECDH, I can emulate C(1;1) scheme (NIST >> SP800-73-3,part2). That is: >> 2.1. I create and store in code my own EC public key (openssl affords to >> create EC private keys and certificates with public keys included). >> 2.2. The card is authorized. >> 2.3. I call its 'General authentication' operation with KMK and this >> public >> key. > > Are you using any of the OpenSC code to talk to the card, or are you > using some other code to send the 'General authentication' command to the > card? > > If anyone is interested: https://github.com/dengert/OpenSC > under the ECDH branch has the code that can be applied to OpenSC-0.12.2 > to support PKCS#11 C_DeriveKey for the PIV card. There is also a > pkcs11-tool > > No, I do not use either openSSL (library) or openSC when operating with PIV card. SCardTransmit() is used to send commands to the card directly. It is not very intelligent, though. Best regards, Max Ushakov -- View this message in context: http://old.nabble.com/How-to%3A-read-a-certificate-from-PIV-smart-card%2C-encode-some-text-with-its-public-key--tp32941067p33109713.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
