On 2/20/2012 3:41 PM, Anders Rundgren wrote: > On 2012-02-20 21:40, Peter Stuge wrote: >> Anders Rundgren wrote: >>> I don't know what USB P11 is, can you send me a pointer? >> >> It's my old idea of implementing PKCS#11 directly over USB. Issues >> have been pointed out, and they would have to be solved of course. > > Maybe you would like to have an STM32F215-based token? > 160 MHz, 128K RAm 1M Flash, USB HS, True RNG, AES > It may happen this year. > > Anders
I have not tried this, but check out this token too: http://www.goldkey.com/usb-smart-card-with-piv.html Built-in PIV Support Basic functionality and support for PIV cards and tokens already exists in Microsoft Windows®, Mac OS® X, and many Linux® distributions. It does not say what what the Linux support is, but I bet it is OpenSC. > >> >> >>> Although PKCS #11 is good it is not particularly popular on Windows. >>> It is essentially only Mozilla who insists on not supporting the >>> native Windows crypto system. SUN/Oracle have managed to do 3(!) >>> major Java releases (5,6,7) without PKCS #11 support for Win-64. >>> They have though added support for Crypto-API. >> >> The same USB device could support Crypto-API primitives too. >> >> >>> Regarding my token-project it has no direct ties to PKCS #11; it is >>> closer to the NXP GP-chip which is powering Google's Wallet. >>> >>> The reason for this is that PKCS #11 doesn't have a interface >>> supporting secure remote provisioning, something which absolutely >>> necessary in the mobile phone world. >> >> Provisioning is indeed outside PKCS#11 and could be done in some >> other, also convenient, way. USB is really easy to use. >> >> >>> I have stretched this notion to include connected tokens as well >>> with a hope reaching the critical mass needed for establishing a >>> de-facto standard. >> >> I fear that you are ahead of your time. :\ Adam Dunkels implemented >> the internet of things many years ago, but I don't even have IPv6. >> Things are changing, but still slowly. >> >> >>>>> it seems that NIST's PIV would be good choice >>>> >>>> It would be a much better candidate if there was not such a thick >>>> layer of components involved which serve little to no purpose. >>> >>> If you talk about the actual card standard I have no idea what >>> you are referring to. It looks quite simple to me. If you OTOH >>> refer to the OpenSC implementation, this is something that PIV >>> isn't responsible for. >> >> Actually neither, I refer to the entire stack of software required >> for CCID, APDUs, PKCS#15 and translation to PKCS#11 or CryptoAPI. >> >> >>> Anyway, I know that the PIV vendors verify their cards against >>> Microsoft's driver and that is IMO the way to go. >> >> If there's a superior alternative Microsoft may well catch up at some >> point. They did with USB. >> >> >>>> But it would be nice to try to do even better. :) >>> >>> That is what my project is all about but that is hardly an >>> alternative for Feitian at this stage. >> >> Also agree. I'm also not suggesting Feitian to pick up on my idea. If >> they do that's perfectly fine and totally awesome, but I'm keeping >> the idea alive only because *I* think it is good and would like to >> try it out. >> >> >> //Peter >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel >> > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
