On Apr 13, 2011, at 23:44 , Douglas E. Engert wrote: > > > On 4/13/2011 2:03 PM, Martin Paljak wrote: >> Hello, >> On Apr 13, 2011, at 20:44 , Felipe Blauth wrote: >> >>> Hello to all, >>> >>> Simple question: >>> Is it possible, using openssl, to unwrap a key wraped inside a Smart Card >>> with C_Wrap function? > > Its not that simple. > Is the key to be unwrapped on the card, or do you have the wrapped key of the > card > and it has to be unwrapped a private key on the card? > >> The format of C_Wrap is described in PKCS#11 specification. Yes, you could >> use OpenSSL but note that OpenSC does not support C_Wrap (or unwrap) >> > > If the wrapped key was wrapped by an RSA public key, the Mozilla NSS for > example > can fall back to using C_Decrypt in place of C_Unwrap. The data returned is > the bits of the key, and not a PKCS#11 session object.'
But that's the expected behavior. As OpenSC is supposed to be a gateway for *in-hardware* operations, if the outcome from the card is plaintext key material, the application should use the plaintext key for whatever it deems necessary. That's why Wrap/Unwrap is not implemented. If the Unwrap resulted in a native object (meaning the key would not leave the hardware) C_Unwrap could (and should) be used (and first implemented) Unfortunately there's no standard for this that I know of. Martin _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
