Alessio,
PKCS#11 is not an interface for accessing smart card readers - it's
an interface for accessing cryptographic tokens. Some smart cards can
be used as cryptographic tokens, but to say that you want a PKCS#11
implementation for a smart card reader doesn't make sense - what you
want is a PKCS#11 implementation for whatever type of smart card is
is that you want to use, assuming you already have the card. The
PKCS#11 implementation's job is to abstract the crypto token's
capabilities and provide a well-known interface to applications that
need to use it (such as web browsers, S/MIME email clients, etc).
PC/SC is an interface for accessing smart card readers, and Sun Ray
currently provides that via the PC/SC SRCOM Bypass[1]. Typically, the
PKCS#11 implementation for your smart card of choice would use ("sit
on top of") the PC/SC interface to access the card reader.
If you do not already have smart cards with certificates, and want a
complete solution, I'd recommend you look at ActivIdentity, who provide
this, with Sun Ray support, using JavaCard. If you need to support, say,
some European national ID card, you might want to look at OpenSC[2],
which can also use a PC/SC interface, and therefore (via the bypass[1]),
the Sun Ray card reader.
By the way, MUSCLE is the name of a "movement", not really a particular
piece of software. PC/SC-Lite was developed by the MUSCLE community,
but it is not tied to any particular type of smart card. The MUSCLE
community also developed a JavaCard applet ("MuscleCard"), which can
be use on JavaCard for PKI-style crypto. To use that applet, you need
the "libmusclecard" framework, which includes a PKCS#11 implementation.
The libmusclecard framework is no longer being actively developed,
though - most energy is going into OpenSC[2] these days, and work is (or
at least was) underway to add support to OpenSC for the MuscleCard
applet on a JavaCard.
For some (unofficial) information on using the open-source software on
Solaris, see [3].
HTH,
~D..
[1] http://www.sun.com/download/products.xml?id=457da0d9
[2] http://www.opensc-project.org/
[3] http://www.dseven.org/twiki/bin/view/Stuff/SolarisSmartCard
Alessio wrote on 07/ 3/07 01:21 PM:
Hi Craig,
MUSCLE, which on SRS is ported as libpcsclite.so (which is a sort of
"wrapper" to use the sunray smartcard reader as PC/SC device), does
not allow to use the device to sign/encrypt - as far as i understood!
Indeed I've succesfully used libpcsclite.so within java to connect to
the srs smartcard reader and to send APDU commands to it... but this
is not enough to use it as device to sign data.
What I need is a pkcs11 provider (specific for that reader) to plug
into the JCA framework.
"The Sun PKCS#11 provider, in contrast to most other providers, does
not implement cryptographic algorithms itself. Instead, it acts as a
bridge between the Java JCA and JCE APIs and the native PKCS#11
cryptographic API [...] Cryptographic devices such as Smartcards and
hardware accelerators often come with software that includes a PKCS#11
implementation, which you need to install and configure according to
manufacturer's instructions."
"The software that is delivered along with the smart card usually
contains an implementation of the PKCS#11 standard for the specific
smart card and card reader. The implementation usually is a library
(.dll file in Windows or .so file in Linux and UNIX) that can be
loaded dynamically and can be used from all applications installed
locally." [2]
So my guess is that bundled with a smart card reader I usually get
from the vendor a library (.so and/or .dll) which implements a pkcs11
provider so that the device can be used for the pkcs#11 purposes
(=sing/encrypt)...
Then, is it available a pkcs11 library for the SRS smartcard reader?
DISCLAIMER: I know almost nothing about cryptography and smartcards,
so i may have misunderstood all the information i collected till now.
[1]
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#P11Provider
[2] http://www.developer.com/security/article.php/3587361
2007/7/3, Craig Bender <[EMAIL PROTECTED]>:
Have you looked @ MUSCLE?
http://www.linuxnet.com/
Alessio wrote:
> hi all,
> does anyone know if it is available a pkcs11 library (as shared
> object) so that the smartcard reader of the DTU can be used as
> signature/encryption device (given a valid smartcard containing a
> certificate)?
>
> The only libs I found, related to the sun ray smartcard reader, are
> libpcsclite.so and libpcsc-srcom.so but they are NOT pkcs11 provider -
> so they are nolt useful for the above mentioned purposes (AFAIK).
>
> What I need is to load this pkcs11 provider/.so within java to access
> the reader to instrument sign & encryption commands.
> _______________________________________________
> SunRay-Users mailing list
> [email protected]
> http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
