Hi all,
I'm successfully using dozens of smart cards at the same time with an
appliance that I develop for my company.
The experience I can bring to the table is that many PKCS#11 drivers go
nuts with just a few readers / smart cards, so the limit you will
finally experience mostly lies in the quality of the PKCS#11 driver.
As most people work with USB, the 128 crytpographic tokens limit is just
the upper limit.
And auditors are right, at least as for the European market: HSM and
SSCD certifications are not usually equal, especially if the "Common
Criteria" certifications are taken into account.
Sorry but I cannot tell much more...
On 03/21/2012 05:47 PM, Szabó Áron wrote:
Hi Andreas,
"I know of a large trustcenter offering certificates for qualified signatures"
Our aims are very similar to this! First, we also wanted to use HSMs to store
keypairs (we already have Thales netHSM for PKI functions, and a Thales payment
HSM), but independent auditors told us, that in some points FIPS/CC-evaluated
HSMs differ from SSCD devices. This was new information for me. So, now, the
task is to find out which solution gives us less trouble: re-auditing an HSM as
SSCD or creating an SSCD-farm...
Aron
From: Andreas Kroehnert [mailto:akroehn...@go-lan.net]
Sent: Wednesday, March 21, 2012 4:28 PM
To: Szabó Áron
Cc: opensc-devel@lists.opensc-project.org
Subject: Re: [opensc-devel] Managing devices simultaneously
Hi Aron,
not sure whether its worthwhile to mention: I know of a large trustcenter
offering certificates for qualified signatures, that uses hundreds of serial
port smartcard readers connected to a single system using RS232 multiplexers.
But I dont know which software they use.
However, do you really need to use a large a mount of devices connected in parallel, or
wouldn't just a single HSM do, in a kind of RSS configuration? It's just saving tons of
space and effort, but still offering high security with thousands of "virtual
smartcards" where each slot has its own unique user PIN and SO.
regards
Andreas
________________________________
From: "Szabó Áron"<aron.sz...@egroup.hu<mailto:aron.sz...@egroup.hu>>
To:
opensc-devel@lists.opensc-project.org<mailto:opensc-devel@lists.opensc-project.org>
Sent: Wednesday, 21 March, 2012 4:15:04 PM
Subject: Re: [opensc-devel] Managing devices simultaneously
Thanks for your answers!
In my case 1 smart card, USB token would use/store just 1 slot/1 keypair: 1
keypair is needed for each user stored on separate devices. This means, I have
to maximize the number of devices, not the slots of the devices. USB controller
gives an upper limitation for that, but I don't know whether CSPs have other
e.g. addressing limitations.
Aron
-----Original Message-----
From:
opensc-devel-boun...@lists.opensc-project.org<mailto:opensc-devel-boun...@lists.opensc-project.org>
[mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of NdK
Sent: Wednesday, March 21, 2012 3:35 PM
To:
opensc-devel@lists.opensc-project.org<mailto:opensc-devel@lists.opensc-project.org>
Subject: Re: [opensc-devel] Managing devices simultaneously
Il 21/03/2012 11:27, Szabó Áron ha scritto:
What is the maximum number (if any exists at this level) of regular smart
cards, USB tokens (and keys) that can be used and managed by OpenSC in the same
environment (USB controller supports up to 127 devices, up to seven tiers,
including the root tier and five non-root hubs)?
IIUC, each "PIN" uses a slot. So, for example, on a single Aventra card you
could need 14 slots!
BYtE,
Diego.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org<mailto:opensc-devel@lists.opensc-project.org>
http://www.opensc-project.org/mailman/listinfo/opensc-devel
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel