On 11.01.2010, at 17:28, Jean-Michel Pouré wrote: > Le lundi 11 janvier 2010 à 16:17 +0200, Martin Paljak a écrit : >> Definitely not. You might find glitches and shortcomings with >> pkcs11-tool but that would just benefit OpenSC as we could see the >> problems and fix them. > > Sorry to insist, but from a user point of view, what is the difference > between pkcs11-tool and pkcs15-tool and related tools? Why is there two > sets of tools for the same features? How do I know which tool to use? PKCS#11 is a generic cryptographic device interface, implemented by OpenSC and by several other (hardware) vendors. pkcs11-tool can work with any of those PKCS#11 modules (unless there are bugs that prevent intended usage in either pkcs11-tool or the specific pkcs#11 module)
pkcs15-tool is a low(er) level OpenSC tool that interacts directly with OpenSC internals (libopensc) to create (or read) necessary objects on the card. pkcs15-init writes objects on the card, pkcs15-tool reads them. OpenSC PKCS#11 module provides, in theory, similar functionality as pkcs15-init (to write thing to the card) or pkcs15-tool and pkcs15-crypt (to read things from the card or do crypto operations with keys on the card) but instead of a command line interface, PKCS#11 API for other programs to use is exposed. Hope this helps. I think there are sections in the wiki that describe the situation, I believe this needs to be made more clear (as it often causes misunderstandings) > I guess the wiki should only inform about pkcs15 related tools, right? Yes and no. In theory, it would be nice if OpenSC PKCS#11 module would allow to do all operations that are possible via lower level pkcs15-init. But pcks15-init could be more flexible in some circumstances. -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
