On Sunday, March 27 at 01:42PM, Viktor TARASOV wrote: > > http://www.opensc-project.org/opensc/wiki/SecureMessaging > > I've added my vision onto the SM implementation . > Still to be finalized the proposal for the SM data types. > I'll try to look over the prior works to see how their needs can be reflected > in the common data types.
I think you should call the SM routines in sc_transmit_apdu instead of in do_single_transmit. The SM APDU is usually longer than the non-SM APDU. So the secured APDU could extend the readers/cards maximum APDU length and is subject to splitting via chaining (which is done in sc_transmit_apdu before do_single_transmit). I think I implemented a simpler version of your approach for nPA without file specific SM and without key sets (all this is entirely handled by the card driver). What I am missing is a separation of ISO 7816 and the specific cryptographic layer as stated before [1]. This is what Emanuele calls a "building block" for reuse with different card drivers [2]. Greets, Frank. [1] http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015093.html [2] http://www.opensc-project.org/opensc/wiki/SecureMessaging#Modularity
pgp54MUTGJPD9.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
