Hi all,
The new package Sign-MCard has just been released
on the Smart Sign web-site. You can download it
from:
http://smartsign.sourceforge.net
It basically allows to calculate
and verify digital signatures in PKCS#7 format on
generic files, using command line utilities.
It is built upon the MuscleCard framework, so it
works with all the smartcards that are supported
by the MuscleCard project (examples are all JavaCard
enabled smartcards and the SLB Cryptoflex card).
The utilities have default configuration options that
allow it to interoperate with the CardEdge-Token
PKCS#11 module from the SmartSign project.
Please, submit any comment, suggestion or request
to the SmartSign mailing lists:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
Detailed information about the package follows.
Bye,
Tommaso.
*********************************************************
Sign/verify command line utilities for M.U.S.C.L.E. Cards
============================================================
This package provides a couple of command line utilities
that allow you to calculate a digital signature of a
generic file using the key and public key certificate
stored on your smart card, and verify it against the
original file.
Actually the verify utility does not need any smartcard.
An additional utility, `loadkey_mcard', is provided in order
to easily transfer an already generated private key from
your host machine to the smartcard.
REQUIREMENTS
------------------------------------------------------------
This package requires PCSC-Lite from M.U.S.C.L.E. project
and MuscleCard framework (release 1.0.1, actually)
with proper smartcard reader's driver installed for your
reader and card's plugin for your card.
It also requires a MuscleCard supported card, that is a
card for which a MuscleCard plugin has been developed
(Schlumberger's Cyberflex 32K MuscleCard Applet or Gemplus'
211/PK with MuscleCard Applet or Cryptoflex 16K, actually).
Please, check out the MuscleCard web site for an up-to-date
list of supported cards: http://www.musclecard.com.
This utility compiles correctly on RedHat 6.x based systems,
but not on a RedHat 7.2 system, because on these systems
OpenSSL comes in the "Engine" flavour. Compilation is still
possible on such systems by configuring the package with a
custom OpenSSL installation obtained compiling without the
"Engine" capability. The custom installation can be specified
with the `--with-openssl=' switch to the configure script.
This utility can also work without smartcards at all,
if the user's private key and certificate are stored on
the hard disk as files in standard OpenSSL format.
In this case, MuscleCard and PCSC Lite are still required
to be installed on your system in order to link the
executables.
USAGE
------------------------------------------------------------
Just type:
user > sign_mcard --help
user > verify_mcard --help
Here is an example usage:
user > sign_mcard -in file.txt -out file.p7 -sc
Please, enter smartcard PIN: *******
...
In order to load an already existing private key from your
host machine to your smartcard, type:
user > loadkey_mcard <keyfile.der> <key_nb> <pin_nb>
Key file must be DER-encoded. In order to use digital
signatures, you also have to load onto your smartcard your
public key certificate, DER-encoded. You can do it by using
XCardII from the MuscleCard site.
LICENSE
------------------------------------------------------------
This package has been obtained as a modification of the
OpenSSL utility "sign" by Eric Young. Changes have been
done by Tommaso Cucinotta as part of the SmartSign project
(http://smartsign.sourceforge.net). Before compiling and
using this package, please assure to agree with the terms
stated into the LICENSE file. All of the additional modules
that were necessary to integrate the MUSCLE Card framework
into this package, provided as separate files, are part of
the SmartSign project and retain the original SmartSign
software license.
As a further note, please note that redistribution of this
package is only allowed if the original authors, enumerated
in the AUTHORS file, are clearly cited in every documentation
and advertising material that is eventually added to the
package itself.
INSTALLATION
------------------------------------------------------------
(see also the REQUIREMENTS section)
user > ./configure
user > make
root # make install
TECHNICAL NOTES
------------------------------------------------------------
The signing utility relies on the user's private key being
stored onto the smartcard. Use of such key should
be PIN protected. It also relies on the user's public key
certificate to be stored DER-encoded into an object. This
object does not need to be PIN protected. Default key number,
object identifier and PIN number are customizable by editing
the proper section of Makefile.in, then (re-)configuring.
The default values are also overridable by using command
line options. See the help message from sign_mcard for
details.
The verify utility does not require the smartcard at all.
It only needs the original data, the root public key cert
and the PKCS#7 signature of the data.
The signature is stored as a PKCS#7 blob and includes the
user's public key certificate.
*********************************************************
--
,------------------------------------------------.
| Dr. Tommaso Cucinotta <[EMAIL PROTECTED]> |
>------------------------------------------------<
! Scuola Superiore di Studi Universitari !
! e Perfezionamento S.Anna !
! Pisa Italy !
`------------------------------------------------'
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to [EMAIL PROTECTED] with
unsubscribe sclinux
***************************************************************
