On Apr 21, 2010, at 09:54 , Peter Stuge wrote: >> to emulate PKCS #11 directly is horrendous if the entire spec is to >> be followed but could turn out to be a no-brainer if you only need >> to enumerate keys, open, sign and close. > > I think more is needed, but the legwork is finished in SoftHSM. It's > a soft p11 provider in a library with 2-clause BSD license. > > It could certainly be made to run on a USB microcontroller. The > database is well abstracted, the crypto stuff not as much, but I > guess that could be solved by making a botan compatibility layer > for a suitable C crypto library. > > Wedge USB in between the front and the back of the library - done! :)
I would still use an actual crypto IC for key operations, just (maybe) forget emulating CCID on the host side and instead of providing several host side drivers (one for USB access to please PC/SC, one for crypto operations on top of PC/SC) just provide a portable PKCS#11 library which talks directly to the USB device. For client applications to work in existing infrastructure (think (Base)CSP on Windows and CDSA/Keychain/Tokend on OSX) additional work would be needed, if the idea would want to fit in the "smart card" world. But for generic crypto purposes, "USB-HSB" would suffice if it provided PKCS#11. There are some smart card based HSM-s out there already: http://iteon.net/Iteon_myHSM.html http://www.primekey.se/Products/PrimeCardHSM/ -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel