Hi, Andre Zepezauer wrote: > in my opinion the usage of OpenSSL in libopensc.so should be removed > altogether. If cryptography is needed by some cards (i.e. for > initialisation/personalisation), then this should be done by dedicated > tools. CardOS is a good example. It requires encrypted APDU:s for the > delete_MF and create_MF commands. This is done by cardos-tool, which has > to be executed only before personalisation. Looking at the code of > entersafe, gpk and oberthur I came to the conclusion, that a similar > approach could work for these drivers too. > > If parsing of certificates is the reason for using OpenSSL, then the > missing functionality of pkcs15-cert.c should be determined and > corresponding tickets should be created. >
As for me, libopensc.so, and especially pkcs15init, should keep the access to the cryptography. It concerns parsing of certificates: to get public key, subject DN, issuer DN, serial, (it's in the x509CertificateAttributes). The same about RSA parsing: get public key, get modulus. SHA1 to calculate the object IDs of the Mozilla and rfc2459 styles. Symmetric cryptography is needed for Secure Messaging . > Kind Regards > Andre Zepezauer > Kind wishes, Viktor Tarasov. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel