Timothy J. Miller wrote:
Roy Keene (Contractor) wrote:
You might also want to look into CoolKey
(http://directory.fedora.redhat.com/wiki/CoolKey) as it doesn't
need commonAccessCard.bundle and seems to recognize a wide range of
CAC cards without the need to update the ATR list or patch
libmusclepkcs11.
I don't think this is accurate. CoolKey uses the pcsc-lite API (it
doesn't link against it, it dynloads it). pcsc-lite most certainly
needs the bundle since it doesn't implement card edge interfaces
generally, and certainly doesn't implement the CAC card edge
natively.
That said, I've got a relatively complete CAC ATR list and I'll be
adding it into the bundle Info.plist. I've also got some Makefile
cleanup to do. I still haven't looked at redistribution
requirements, though.
This business of verifying a card's authenticity by means of the ATR is
really the wrong way to do it. Access to the card after power up should
simply be done by Select File using the AID of the relevant application,
followed if necessary by retrieving a certificate for on-line
verification. But I don't know the detail of the CAC cards that you all
are using, although I would have thought that Jim Dray and other friends
at NIST would have had a say in how this thing works.
Peter
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
