Anders Rundgren wrote: > OpenSC will get Secure Messaging some day it seems based on the Wiki. > > What I don't understand is how you are supposed to use Secure Messaging > since it works on the APDU-level which is invisible from PKCS #11. >
It'll be implemented at the libopensc level. In ideal case, the PKCS#11 level is not conscious of the secure transport layer (STL) presence. (For a while, in my 'concept proof' implementation, I use a few PKCS#11 API extensions.) STL is used when it's imposed to use by operation's ACL. For a while I consider the ACLs that require the SM, External Authentication, PINs and its combinations . (Another possible, more simple implementation, is to secure the all APDUs at the 'send_apdu' level, just before reader->transmit. ) When ACL demands STL, the appropriate callbacks from the dynamically loadable SM module is used to initialize and execute secure transaction. This deviation from the normal processing takes place at the libopensc level . There two types of this SM loadable module: 'local' -- has direct access to the keysets, mostly used for the tests; 'distant' -- communicates with some distant entity that is capable to securize an APDU or to generate secured one. > Anders > Kind wishes, Viktor. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
