2011/12/17 Anders Rundgren <anders.rundg...@telia.com>: > Hi Guys,
Hello, > As you already heard (to death?), I'm working on a "smarter smart card" which > (with my definition) is a cryptographic module explicitly designed for on-line > enrollment over the web [1]. > > Anyway, since my core competence is architecture as well as due to limited > funding > the low-level part is a true challenge so I need to "cut some corners" to not > get stuck. > > One possible solution seems to be reusing existing OS-drivers like CCID and > PC/SC. > My questions to you *real* experts out there are: > > 1. Would extended APDUs be a suitable way supporting a completely "alien" API? Why wouldn't it? > 2. What would be a good choice of emulation targets (USB reader+card) for not > having to write a single-line of OS-dependent code or custom installation > scripts? If you are using a token and not a smart card + reader I suggest to use ICCD [1] instead of CCID. ICCD is a derivation of CCID for tokens. Some useless functions have been removed (like card movement notification) and may be simpler to implement. My CCID driver support both type A and type B of ICCD. > 3. Does existing drivers (P11s, CSPs) actually support any number of keys? I would say yes. But I do not know enough the internals of OpenSC to give a definitive answer. > Although writing the device code is non-trivial, compared to grasping Windows > driver framework etc. it seems fairly reasonable, at least if you are equipped > with an USB line-analyzer and some useful emulation targets. > > Ideally , there would be a "composite" USB interface where legacy systems > would use CCID while newer systems would talk "native SKS". Provisioning > can only use the latter. >From your document you describe an API at the C (or equivalent) language level. How is your device supposed to be used? By a PKCS#11 application? Using its own API? Please give use cases and compare with existing solutions like Firefox + PKCS#11 + smart card. It is quiet easy to talk to a "proprietary" USB device using libusb on Unix. This could be integrated into the SKS library. It is a bit different on Windows Bye > 1] "Appendix A. KeyGen2 Proxy" in: > http://webpki.org/papers/keygen2/sks-api-arch.pdf [1] http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_USB-ICC_ICCD_rev10.pdf -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
