On Mon, May 21, 2012 at 3:48 AM, Nguyễn Hồng Quân <quanngu...@mbm.vn> wrote:
> Hi Peter, > > On 05/21/2012 04:35 AM, Peter Koch wrote: > > Here are my own impressions - if they are wrong, please correct me: > > > > 1: OpenPGP cards do NOT have a filesystem like other smart cards. > > Instead of storing informations in EFs which are located in DFs an > > OpenPGP card stores information in Data Objects. Here my conclusion > > is: Without EFs and DFs and in particular without commands to > > create EFs and DFs pkcs15-init does not make any sense. > Yes, but the pkcs15-init binding for OpenPGP card will implement only a > small part: importing certificate, generate keys. It won't create DF & EFs. > The reason why I need pkcs15-init binding is that I want it possible to > import certificate via PKCS#11 interface (using Firefox). > While researching how to achieve it, I tried with the pkcs11-tool and > found that doing import certificate needs the pkcs15-init binding. > > I will appreciate if someone point me another way to do, avoiding > pkcs15-init. > No other way if you are going to use the pkcs11 framework of OpenSC. The pkcs11 framework uses pkcs15init API. > > 2: The current driver emulates SELECT and READ BINARY APDUs > > by reading from the corresponding Data Objects. I believe this > > was done in order to emulate a (read only) PKCS#15 file layout. > > If that was true - is there any hope to extend this emulation? > Yes, but it seems that this emulated file layout does not match the > PKCS#15 very well, leading to the problem which I described in this > topic > http://www.opensc-project.org/pipermail/opensc-devel/2012-May/018018.html Card specific emulator do not emulates the file system but exposes the pkcs15 objects with their attributes. These attributes genarally contain some 'path'. This 'path' can-be/is treated by the card specific libopensc driver. To resume, in the card specific pkcs15 emulator you can assign some attribute value, that will have some meaning in your card specific libopensc driver, that in its turn will perform a card specific low level operation. In that manner the card specific implementation of 'file system' is hidden from pkcs15 level. > > 3: What features are missing in the current implementation and > > what bugs should be fixed? > > > What's new in my own branch: > - Write support for normal DOs (the Extended Header List DO - 4D - is > not supported yet. This DO is used for key import). > - Expose certificate (stored in the 7F21 DO) to PKCS#11 app. > > Things I want to do next is to support key import and certificate import. > Beside the absence of pkcs15init support, afais, the openpgp libopensc driver have no support for any operation that could change the card's content: write, update, delete, generate, import, ... > -- > Regards, > Quân > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
