Hi, I would like to start a new OpenSC sub-project, forked from the current trunk, that should be an experimental branch for the implementation of SecureMessaging, MultiApplication, combined ACLs, etc.
At the beginning this sub-project should support the cards natively compatibles with PKCS#15. The first targets are the Oberthur's card CosmopolIC.v7 with applet AuthentiIC.v3 and IAS/ECC card. The next is the 'Gemalto Classic TPC' (if Gemalto will have no objections). The main features are: - 'Secure Messaging' and 'External Authentication' are performed by external, dynamically loadable module. This relatively small module have different implementations: -- 'local' version have access to the keysets and used mostly for tests; -- 'distant' version should communicate with some distant entity capable to generate secured APDUs. (In our SCM application such a module uses IPC to communicate with XPCOM extention of the application's XUL client-side part. This last one, in its turn, uses XMLHttpRequest to communicate with the distant server that has a knowledge of keysets.) - two 'Secure Messaging' usage modes: -- 'config' mode: all transactions that, according to card specification, can be done under SM will be secured with SM (as it was suggested long time ago by the comments in 'do_single_transmit' procedure); -- 'acl' mode: SM (as well as External Authentication) used only when really needed and is triggered by ACL of the next operation. - Multi oncard PKCS#15 applications: example IAS/ECC card with administration support that have 'general' and 'administation' applications. - Combined ACLs: for example signature with NonRepudiation key can ask 'Sign-PIN && Sign-SM'; PIN unblock can be protected by 'PUK || ExternalAuthentication'. I'm not completely conscious of how much and what kind of administrative efforts it's needed to support a new sub-project, but I'm ready to participate as much as possible. So, what would you say? Kind wishes, Viktor Tarasov. -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
