Le Sunday 30 September 2001 � 20:25:02, Michael H. Warfield a �crit:
> And all of my cards are cryptoflex, not cyberflex. So I don't need to
> load a java applet to the card to do RSA (the card has native RSA) but
> I don't know if the command structure is compatible. Either way, you
> want the crypto running on the card. What other "less proprietary"
> cards did you have in mind?
I was thinking of Gemplus GemXpresso (Java card) [1] or GPK [2] cards.
The GPK can generate RSA keys onboard and it is also a native RSA card.
My problem is that the code of ssh-keygen in [3] contains tons of calls
to cyberflex_inq_class(), cyberflex_load_rsa_priv(), etc.
It would have been a great idea to abstract the card. Maybe using gpkcs
[4] or ssp-lite [5] or even the Virtual Card Edge Interface [6] David is
working on.
> Oh, and having OpenSSH work with my Cryptoflex cards and my
> GemPlus readers (serial and PCMCIA) and my Schlumberger readers (ditto)
> would be a very nice thing. It might be easier to adapt the OpenSSH
> patch to use PCSC lite rather than get libsectok going with all the other
> readers.
OpenSSH uses libsectok to talk to the smart card. So we need to port
libsectok to the PCSC API 2.0 to support the other readers. This part of
the job should not be so difficult. The use of a non Cyberflex card will
be more difficult.
> At least now we have the command structure in place in the
> applications. :-)
Yes. And that's a very good point. If things are not perfect at least
they exist and can be improved.
Bye
[1] http://www.gemplus.fr/products/microprocessor/gemxpresso211.htm
[2] http://www.gemplus.fr/products/microprocessor/gpk.htm
[3] http://www.citi.umich.edu/projects/smartcard/hal2001/ssh.tar.gz
[4] http://www.gnu.org/software/gpkcs-11/gpkcs-11.html
[5] http://sourceforge.net/projects/smartsign
[6] http://www.linuxnet.com/applets.html
--
Ludovic Rousseau [EMAIL PROTECTED]
-- Normaliser Unix c'est comme pasteuriser le Camembert, L.R. --
PGP signature
