Hi all, Thanks for your replys. I have already done some implementation for my card. But I am facing problem when trying to provide operations like loading of keys and certificates to card using opensc-pkcs11 module with p15 structure emulated. I have given the issues and the fix i made to solve them below. 1. I first tired loading of keys and certificate operation, in card which already had one certificate and key pair. When loading the key pair and certificates, the opensc-pkcs#11 module, tries to write the PuKDF,PrKDF, CDF pkcs#15 structures to card. I solved it by just returning success. Emulated p15 structures has "11001101" path. 2. The second issue was occurring when trying to load the key pair and certificate to the card, which is empty. The load operation was failing in this scenario. I debugged the source and found that since the card is empty, opensc is not emulating the p15 structures and trying to read it from the card. I solved it by adding a dummy public key,private key and certificate object, so that opensc emulate the corresponding p15 files. I like to know how other cards that are emulating p15 files solve these issues. Does opensc provide any standard way to solve these issues? Regards, Kamal.
--- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: > > > Andreas Jellinghaus wrote: > > On Monday 09 July 2007 12:15:41 kamal kumar wrote: > >> Hi all, > >> I need clarification. Is P15 emulation provided > only > >> for using certificates/keys from the card. > >> > >> As i told you earlier, I am emulating p15 > structures > >> for my card and trying to support operations like > >> loading of keypair and certificate to card. > > You can use a combination of a card-<yourcard>.c > and pkcs15-<yourcard>.c modules. The > pkcs15-<yourcard>.c > handles the emulation. > > The card-<yourcard>.c frontends the iso7816.c to > handle > any card specific commands. > > You can also do some special scripts and use the > opensc-tool -s xxxxx to preform a specific APDU > sequence. > This works if your operation can done with one APDU > command > per session. > > Or as in my case I needed to authenticate to the > card using > 3des before doing some operations like generate a > key pair > on the card, and save the public key to a file. > > The piv-tool is a modified version of opensc-tool > with some > extra options. It ends up calling the card-piv.c > without using > the pkcs15 emulation. > > piv-tool can then load the certificate to the card. > > You could write your own <yourcard>-tool.c and do > something similar. > > >> > >> Is there any card opensc implementation that > emulates > >> P15 structures and also support these operations. > Does > >> OpenSC restrain p15 emulation for only reading > data. > > > > I'n not 100% sure, but i think the pkcs#15 > emulation has so far only ben unsed > > on pre-initialized cards that cannot be altered. > thus it might support only > > read only mode so far. but I might be wrong. Nils? > > > > Regards, Andreas > > _______________________________________________ > > opensc-devel mailing list > > opensc-devel@lists.opensc-project.org > > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > > > > -- > > Douglas E. Engert <[EMAIL PROTECTED]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > ____________________________________________________________________________________ Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. http://autos.yahoo.com/carfinder/ _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
