[opensc-devel] Review of HSM:s

2011-01-17 Thread Rickard Bellgrim
Hi We have written a review of four different HSM:s (AEP, Safenet, Thales, and Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11 interface. Other topics was also addressed like the security model, administration, and backup/HA-mode. It is typically TLD:s that uses HSM:s fo

Re: [opensc-devel] Review of HSM:s

2011-01-17 Thread Martin Paljak
Hello. On Jan 17, 2011, at 11:41 AM, Rickard Bellgrim wrote: > We have written a review of four different HSM:s (AEP, Safenet, Thales, and > Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11 > interface. Other topics was also addressed like the security model, > administra

Re: [opensc-devel] Review of HSM:s

2011-01-17 Thread Rickard Bellgrim
On 17 jan 2011, at 12.56, Martin Paljak wrote: > Most smart cards, especially smart cards personalized by OpenSC, don't have > very fancy and varying managing capabilities, comparable to HSM-s. Yes, so you probably have to create another set of review points in this case. > Yet an overall revi

Re: [opensc-devel] Review of HSM:s

2011-01-17 Thread Ludovic Rousseau
2011/1/17 Rickard Bellgrim : > On 17 jan 2011, at 12.56, Martin Paljak wrote: >> From the report: >> "For the test of the PKCS#11 interface (review point A.2) we used a >> specially developed test tool called pkcs11-testing. If desired, please >> contact the authors to obtain the source code." >>

Re: [opensc-devel] OpenSC 12 with minidriver

2011-01-17 Thread Brian Thomas
We got this working but had to comment the following line in the OpenSC code: src/libopensc/ctx.c, line 662: sc_ctx_detect_readers(ctx) To meet our customer's deadline we cannot perform a modification to OpenSC due to the amount of V&V efforts associated with it. Does anybody have any recomme

Re: [opensc-devel] OpenSC 12 with minidriver

2011-01-17 Thread francois . leblanc
 opensc-devel-boun...@lists.opensc-project.org a écrit sur 17/01/2011 15:27:45 : > [image supprimée] > > Re: [opensc-devel] OpenSC 12 with minidriver > > Brian Thomas > > A : > > opensc-devel > > 17/01/2011 15:30 > > Envoyé par : > > opensc-devel-boun...@lists.opensc-project.org > > W

Re: [opensc-devel] Review of HSM:s

2011-01-17 Thread Tomas Gustavsson
A very nice report. I agree with your findings about diversity of authorization models :-) for smart cards or usb tokens there of course don't exist any "enforced" security models or backup models etc. One could discuss how it would be possible to implement such models (using routines etc) in

[opensc-devel] IAS ECC

2011-01-17 Thread Andre Zepezauer
Hello Viktor, from Changeset 5094 [1]: "[...] 'path' is [now] mandatory for the 'Local' PINs." I think of it as a temporary solution to fix a weakness of "IAS ECC" cards as specified by The Gixel Group [2]. But keep in mind that the behaviour up to revision 4927 was conforming with PKCS#15 and IS

Re: [opensc-devel] OpenSC 12 with minidriver

2011-01-17 Thread Peter Stuge
Brian Thomas wrote: > To meet our customer's deadline we cannot perform a modification to > OpenSC due to the amount of V&V efforts associated with it. All you need to do is send a clean patch with a commit message that makes sense. But I guess that's too much. :\ //Peter ___

Re: [opensc-devel] OpenSC 12 with minidriver

2011-01-17 Thread Douglas E. Engert
On 1/17/2011 10:49 AM, Peter Stuge wrote: > Brian Thomas wrote: >> To meet our customer's deadline we cannot perform a modification to >> OpenSC due to the amount of V&V efforts associated with it. > > All you need to do is send a clean patch with a commit message that > makes sense. But I guess

Re: [opensc-devel] IAS ECC

2011-01-17 Thread Viktor TARASOV
Dear Andre, On 17.01.2011 17:09, Andre Zepezauer wrote: > Hello Viktor, > > from Changeset 5094 [1]: > "[...] 'path' is [now] mandatory for the 'Local' PINs." > > I think of it as a temporary solution to fix a weakness of "IAS ECC" > cards as specified by The Gixel Group [2]. But keep in mind tha

[opensc-devel] Comments on the OpenSC cardmod mini-driver

2011-01-17 Thread Douglas E. Engert
I have some questions about the cardmod mini-driver in OpenSC 0.12.0 It appears that the code in CardAcquireContext is trying to store in the registry two handles, pcsc_ctx and pcscd_card in the HKEY_LOCAL_MACHINE, "SOFTWARE\\OpenSC Project\\Opensc" Using the registry for this does not look corre