Hello, On Feb 21, 2011, at 10:23 PM, Douglas E. Engert wrote: > I would like to C_DeriveKey support to OpenSC, to the derivation > capabilities of a smartcard. Although RSA can do key derivation, > I am interested in CKM_ECDH1_COFACTOR_DERIVE which is supported > in the newer PIV cards. (There is also some EDDH support in NSS > to use with Thunderbird for encrypted mail.) > > EC can only do encryption using key derivation, so to use card > with EC keys will require a minimal implementation of C_DervieKey. > > The output of C_DeriveKey is a key object. This looks like a > PKCS#11public session object with: > CK_EXTRACTABLE = TRUE Also CK_SENSITIVE = FALSE probably.
> CK_LOCAL = FALSE > CK_VALUE = the derived key > CK_KEY_TYPE = CKK_GENERIC_SECRET > > So to add this will require the ability to return > a session key object and to delete or clean it up after > after the session is closed. > > At one time did OpenSC have any KDF code? > If so did it have any PKCS#11 session key object code? I can't identify any at first sight, nor do I know about it ever existing before. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel