Hello,
On Sep 1, 2010, at 9:41 AM, Aleksey Samsonov wrote:
>>> On the other hand, it really seems that RSA is only done in software
>>> with card-rutoken.c. Perhaps that device does not support RSA in
>>> hardware at all?
>> I suggest to remove the offending code and pay closer attention in the
>> future to avoid such code. Will write it to the wiki as well. Apparently we
>> need to clarify the capabilities of Rutoken (and different versions of it)
>> regarding their RSA support *and* GOST support.
>
> "Rutoken S" [1] doesn't support on-board RSA (as opposed to "Rutoken ECP").
> "Rutoken ECP" [2] have on-board RSA (with RSA keys up to 2048 bits), GOST R
> 34.10-2001 (public-key cryptography), GOST 34.11-94 (hash) and GOST 28147-89
> (symmetric-key algorithm).
> The file card-rutoken.c provides support "Rutoken S". And this code worked on
> "old scheme OpenSC". Already now ("new scheme") all old functionality aren't
> working at "Rutoken S". Example: software key generation was removed [3].
Right. Software RSA support for Rutoken S should then be removed.
OpenSC should be a gateway to key operations in hardware.
Maybe, just maybe, it would make sense to support "data objects over PKCS#11"
for using smart cards like small secure flash drives (like TrueCrypt wants to
use PKCS#11) but key material should never be automagically extracted into host
memory and the user of OpenSC (PKCS#11) left the impression that key operations
are taking place inside the token, when in fact they are not.
--
Martin Paljak
@martinpaljak.net
+3725156495
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
