Hello, On Sep 1, 2010, at 9:41 AM, Aleksey Samsonov wrote: >>> On the other hand, it really seems that RSA is only done in software >>> with card-rutoken.c. Perhaps that device does not support RSA in >>> hardware at all? >> I suggest to remove the offending code and pay closer attention in the >> future to avoid such code. Will write it to the wiki as well. Apparently we >> need to clarify the capabilities of Rutoken (and different versions of it) >> regarding their RSA support *and* GOST support. > > "Rutoken S" [1] doesn't support on-board RSA (as opposed to "Rutoken ECP"). > "Rutoken ECP" [2] have on-board RSA (with RSA keys up to 2048 bits), GOST R > 34.10-2001 (public-key cryptography), GOST 34.11-94 (hash) and GOST 28147-89 > (symmetric-key algorithm). > The file card-rutoken.c provides support "Rutoken S". And this code worked on > "old scheme OpenSC". Already now ("new scheme") all old functionality aren't > working at "Rutoken S". Example: software key generation was removed [3]. Right. Software RSA support for Rutoken S should then be removed.
OpenSC should be a gateway to key operations in hardware. Maybe, just maybe, it would make sense to support "data objects over PKCS#11" for using smart cards like small secure flash drives (like TrueCrypt wants to use PKCS#11) but key material should never be automagically extracted into host memory and the user of OpenSC (PKCS#11) left the impression that key operations are taking place inside the token, when in fact they are not. -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel