On Jan 28, 2011, at 9:21 PM, Douglas E. Engert wrote: >>> There may be a better way, maybe using side by side assemblies, as if >>> OpenSSL is included, it may want to load other dlls too. >> A static dll is the recommended way by Microsoft and easiest to manage >> (polluting system32 with random .dll-s is not nice, as noted by several >> people) > > Yes. But how could we handle OpenSSL and its engine dlls like gosteay32.dll? > I still need to test if login can use the dlls in C:\Program Files\opensc\bin > or in a side-by-side assembly. I doubt OpenSSL is needed at all with BaseCSP.
Isn't any hashing done by CSP layer if required? Public key and certificate operations would also be done by CSP layer. GOST would become a problem when working with GOST would be reasonable in minidriver context. I doubt that's the case, V7 only added ECDSA, no mention of GOST. As a minidriver is Windows specific, anything that WOULD be needed from OpenSSL can be used from CryptoAPI instead, inside the minidriver? I might overlook something, but this should be doable. Nevertheless, the recommended delivery of a minidriver is a single DLL as is written in the spec. >>> One ATR and ATRMask in the registry could be used with many opensc >>> cards. >> How? With a very relaxed mask?Shouldn't the ATR length still match? > > Good point, I am not sure if the length is involved in the checks. > I will have to try with a shorter and longer ATR. > > You also lose the card name feature (one ATR/mask pair matching several > cards)? > > Yes, you loose the card name, but gain in easier install. This might be an > option > for the windows installer, for users who are only going to use OpenSC with > one or two cards. The installer could have a generic ATR and mask that > would cover all the OpenSC cards. The card name appears to come from the > Registry Key Name, "DEE OPENSC" in the case below. I would not want to install a "wildcard" minidriver as an administrator or a poweruser. Should check how the process would look like if there were two drivers claiming support for an ATR in case of ATR based discovery, who would win. I'd prefer re-auditing the list of supported cards (and ATR-s) to claim support for cards that can be tested and verified. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel