Justin Karneges wrote:
Hi folks,
I have a CryptoCombo FIPS device, which I believe contains the same hardware
as a CryptoIdentity FIPS. Eutron's website claims that both devices use a
Philips P8WE5032 chip, with "mask" G&D StarCOS SPK 2.4.
Eutron offers a closed source driver for some old Linux distributions. They
have a PC/SC driver and then a PKCS#11 layer on top, called SafeSign. Of
course the driver doesn't work on my modern Ubuntu installation. :(
There are five CryptoIdentity models, but only the FIPS and ITSEC-P models
utilize the SafeSign API kit (in my mail exchange with Eutron, they hinted at
being tied into some agreement with SafeSign). The other three they don't
offer support for in Linux, although they say that the ITSEC-I version (which
has the Infineon SLE 66CX32xP chip, with "mask" Siemens CardOS M4.01(a)) may
work with OpenSC.
well the problem with cardos m4 is that afaik the tokens are either in
"manufacturing" state (and to leave this state one needs some
proprietary software from siemens (see "Format Alladin Etoken Pro 32k.
BUG" mail on opensc-user) or they are initialized with a profile
we don't know)
This is now the second device I've bought that is useless in my Linux
environment, and it is sad because I bought this device specifically because
Eutron claimed Linux support. I want to get this working with an open source
driver, half on principle now.
Questions:
1) How should I begin? I'm experienced with low-level serial protocols, so
I'm not afraid to try this if you guys thing it is a reasonable idea.
However, I'm new to OpenSC's code structure.
2) On the OpenSC features page, StarCOS SPK 2.3 is listed. Can 2.4 really be
much different? Anyone know anything about this?
Starcos SPK 2.4 shouldn't be a problem for opensc (of course it would
be interesting to know whether the token is empty)
3) Would I want to implement a PC/SC driver, just like Eutron? Or would it
make more sense to do this in OpenCT?
4) What about the PKCS#11 layer? Is it enough to get the PC/SC device working
and then OpenSC can take over from there? Or could there be additional
proprietary protocol going on between pcsc and SafeSign?
safesign is pkcs15 profile from AET so opensc should be at least be
capable to read it
5) The device claims to support PKCS#15. I thought this was a hardware
protocol standard, and would mean instant OpenSC compatibility, but I guess I
was wrong? (I read now that it's more of a filesystem layout, how
uninteresting...)
yep, pkcs15 describes what is where on the card
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
