MUSCLE Re: PKS-11 (BOUNCE)

Sat, 08 Dec 2001 09:20:35 -0800 

From: Tommaso Cucinotta <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: MUSCLE musclecard architecture

Dr S N Henson wrote:
> 
> I'm not sure I follow this. PKCS#11 implementations have been written
> with no certificate handling at all: that is they just blindly store
> them as an opaque blob with a set of attributes provided by the
> application.

Just as a note: MuscleCard PKCS#11 (and other SmartSign PKCS#11) do
interpret
some of the certificate fields (i.e. to set CKA_SUBJECT). They also
extract
the public key and expose it to the app. I don't know if this is useful
at
all, as the only thing an app should look at is the cert itself (as it
is
the only signed object).
Another useful thing (that is not actually done) would be checking if
the prv key on the card matches the public one in the cert...

> 1. The card doesn't support the full range of algorithms: say RSA only,
> no DSA or DES, 3DES.
> 2. The card is read only: you can't create or delete objects at all.
> 
> These could presumably be handled by some "query capabilities" function
> or similar. Does such a thing exist under MuscleCard or would an
> application have to interpret SW_UNSUPPORTED_FEATURE return codes?

Next release of MCardAPI and CardEdge protocol will have further
informations returned with GetStatus() command. One of the already
defined info is the crypto capability of the card, so you would answer
to question #1. "read-only" could also be another capability, we will
eventually think of it.... other capabilities that would result useful ?

Bye,
        Tommaso.

-- 
/------------------------------------------------\
|  Dr. Tommaso Cucinotta <[EMAIL PROTECTED]>  |
+------------------------------------------------+
|     Scuola Superiore di Studi Universitari     |
|            e Perfezionamento S.Anna            |
|  Pisa                                   Italy  |
\------------------------------------------------/

***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to [EMAIL PROTECTED] with
unsubscribe sclinux
***************************************************************

Reply via email to