Hello All. We, as producers Rutoken well understand your decision to delete "wrong Rutoken code" from the future release 0.12. However, Rutoken S is very popular in Russia as a token for storing key information. We'd be very grateful if you would all still released 0.11.14 with the solved "openssl gost" problem and backported changes (Some of them are very necessary for us to support the new hardware). We need it to ensure backward compatibility with old applications, which will disappear when moving to version 0.12.
I hope for your understanding. Thanks. Best regards, Mescheryakov Kirill, Aktiv Company. -----Original Message----- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Aleksey Samsonov Sent: Friday, September 03, 2010 8:32 AM To: Martin Paljak Cc: OpenSC-devel (opensc-devel) Subject: Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release Hello, Martin Paljak wrote: > On Sep 1, 2010, at 9:41 AM, Aleksey Samsonov wrote: >> "Rutoken S" [1] doesn't support on-board RSA (as opposed to "Rutoken ECP"). >> "Rutoken ECP" [2] have on-board RSA (with RSA keys up to 2048 bits), GOST R >> 34.10-2001 (public-key cryptography), GOST 34.11-94 (hash) and GOST 28147-89 >> (symmetric-key algorithm). >> The file card-rutoken.c provides support "Rutoken S". And this code worked >> on "old scheme OpenSC". Already now ("new scheme") all old functionality >> aren't working at "Rutoken S". Example: software key generation was removed >> [3]. > Right. Software RSA support for Rutoken S should then be removed. I'm going to cleanup code. > OpenSC should be a gateway to key operations in hardware. > > Maybe, just maybe, it would make sense to support "data objects over PKCS#11" > for using smart cards like small secure flash drives (like TrueCrypt wants to > use PKCS#11) but key material should never be automagically extracted into > host memory and the user of OpenSC (PKCS#11) left the impression that key > operations are taking place inside the token, when in fact they are not. I think, support data objects make sense. I will make cleanup Rutoken S code. Thanks _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
