Thank you very much Geoff for your comprehensive reply. I did discover gpkcs11 which does have a software implementation (ceay_token) that relies on openssl for its crypto stuff. I had it compiled, integrated into firefox, and I was about to start tracing and scripting the real app. when the project got canned :-( . All I could really do was zip up the source tree, and archive it off with a note on how to go about it if they wanted to do it again.
Thank you all for now, Dave _____ From: Geoff Elgey [mailto:[EMAIL PROTECTED] Sent: Tuesday, 9 October 2007 4:39 PM To: David Bruce; opensc-devel@lists.opensc-project.org Subject: RE: [opensc-devel] PKCS11 Smart Card Emulators (newbie) G'day, The obvious solution here is to obtain a configurable PKCS#11 implementation, that uses software tokens rather than hardware, so that calls to C_Encrypt() etc return the data you want instead of communicating with a card. I added PKCS#11 support to one of my company's products and part of the unit testing involved developing a configurable software-based PKCS#11 token and PKCS#11 library. So I had an XML file that specified the card, PIN, the tokens on the card, the objects on the token, which PKCS#11 methods were supported, reacting to PKCS#11 events (such as token ejected, etc) using IPC, etc. Took a little bit of work but it sure made automated PAM testing much easier, and no more locked cards! It's still a bit of a hack and a redesign would be nice one day. Another option I explored used an existing PKCS#11 library that makes PC/SC calls via pcsclite, and configure pcsclite to use an ifdhandler that is purely software-based and configurable. I did this to emulate CACv1 and CACv2 cards, so that I did not have to rely on DoD-issued cards. This way there was no need to write my own PKCS#11 library, only the applets that respond to APDUs sent by the particular PKCS#11 library I was using. Again, no more locked cards and automated tests were fast. Neither of these projects are publically available but if I ask nicely maybe I can get that changed. However, maybe someone out there has already done something similar already. You may also need a PKCS#11 tracer. This is basically a PKCS#11 library in which each PKCS#11 function delegates to another PKCS#11 library, and dumps some logging before and after the call. I think there's one provided in opensc, but I wrote my own tracer a while back anyway. It was publicly released on <http://rc.quest.com> http://rc.quest.com but it seems to have gone missing. I will have to rectify that. But these are the kind of tools you require IMHO for testing PKCS#11 support. Hopefully someone will point you to public releases of such tools. -- Geoff _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Bruce Sent: Thursday, 27 September 2007 9:32 PM To: opensc-devel@lists.opensc-project.org Subject: [opensc-devel] PKCS11 Smart Card Emulators (newbie) Hi Folks, I have been tasked with performance testing a web based application that uses Smart Card based authentication. The tool of choice is HP LoadRunner that simulates many (~40 in this case) users from one driver server. Is there a simple PKCS11 Smart Card simulator out there that I can implement as a dll: E.g. page loads applet Applet calls fake smart card via pkcs11 (Cryptoki API) Page returns encrypted data to server. I realize that there are a couple of issues here such as how does the fake card reader know which fake credentials to associate with which of the 40 users. I would appreciate some tips from other forum members that have performance tested SC apps. Cheers, David Bruce
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
