Hello, On Mon, May 28, 2012 at 11:10 AM, Peter Marschall <pe...@adpm.de> wrote: > I am trying to extend openpgp-tool to load data to the various writable DOs, > and - if possible - I want it to determine automatically the permissions of > the (emulated) files using standard interfaces, i.e. security attributes or > preferably ACLs. As the file system on openPGP cards only is emulated using > opensc, I need to emulate these data structures too. I don't quite get it. IMHO ACLs would matter, if you would have actual files, and the ACL-s would actually be communicated to/from the card by some means.
I don't really understand how you would use ACL-s with the "gender" field, for example. From OpenPGP spec v201: 5 Security Architecture All commands and data of a smart card are under control of the security of the card oper ating system. ISO defines mechanisms, attributes (e.g. in FCP) and environments for security purposes. Because this features are quite complex and may differ from card to card (depending on mask developer), the OpenPGP application does not evaluate security related items of a card. So this chapter is informative for the card developer and defines the access conditions for all commands and data objects of the application in a common way. The described security features are mandatory for the card, but the coding or the way of implementation is up to the card developer, manufacturer or personaliser. Maybe I'm missing something... Martin _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
