This thread is really interesting looking from an italian perspective. Viktor mentioned the fact that in Italian CNS card PIN and signature are secure messaging protected, as reported by Emanuele Pucciarelli that created also some patches[1] to support that cards in OpenSC.
Unfortunately the sm 3DES keys needed are static, and usually embedded in proprietary pkcs11 libs, so no chance to have a true open source implementation at this time. IAS-ECC specification describes a "Device authentication with Privacy Protection" scheme[2] where sm session keys are negotiated each time using a protocol similar to TLS. I have looked at the code posted by Viktor at http://www.opensc-project.org/svn/opensc/branches/vtarasov/opensc-sm.trunk and it seems to me that that part is still not covered. Is it correct? Me and many people in Italy are really interested in this activity, hopefully soon or later CNS specification (valid for Italian eID as well) in the future would be aligned to IAS-ECC, and in that case almost all widespread cards in Italy (several millions) would be supported by OpenSC bye, Roberto Resoli [1] http://www.opensc-project.org/opensc/wiki/ItalianCNS [2] http://www.gixel.fr/includes/cms/_contenus/bibliotheque/file/CAP% 20/IAS%20ECC%20v1_0_1UK.pdf , Chapter 5.2.3 "Device authentication with privacy protection" _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel