Greetings, all.
As with a similar posted in the last day or two, I'm working deploying
an embedded linux system, and I'm trying to figure out the smallest
set of libraries that I need to do this.
The desired use for tokens in the field is:
1. Sign binary blobs, generating a detached RFC5652 signature file
from each data file.
2. (Eventually) for both client and server-side SSL handshaking.
On a typical Linux workstation, I can do all this already, thanks to
the developers here and on libusb, ccid, and pcsc-lite. Barring
late-breaking changes, this functionality is already available in
packages for the distribution I'm using here (Fedora 17).
To test the latest and greatest, I had to build:
libusb-1.0.9
pcsc-lite-1.8.6
ccid-1.4.8
openssl-1.0.1c
libp11-0.2.8
opensc-0.13.0rc1-g2895729 (from CardContact)
engine_pkcs11-0.1.8
Other than having to adjust the interprocess expectations of pcscd and
its users, that also works fine.
However, the embedded box is not running the typical workstation
daemons. There's no udev at all; I'm handling the event stream
directly within my application. (E.g., I'm receiving and handling USB
mass storage device insertions / removals.)
What I'm looking for is guidance on which libraries are required to do
the work, if I can tell those libraries exactly which USB device to
use, and only when there is something there to be used.
Is libusb used only for discovery, or for access as well? Likewise,
if there is only ever one process accessing the token (and I can
guarantee that it's single-threaded access), then is pcscd necessary?
Even further, if I know exactly which token will be used, is it
possible and/or advisable to short-circuit the generic aspects of
libpkcs11 and somehow use that token's driver directly?
Either way, it seems that I'll still want to use OpenSSL libraries (or
equiv, e.g., NSS) to do the ASN.1 streaming and on-cpu crypto ops.
(This is the easiest part, as I already have OpenSSL in my build.)
Are all these questions stupid, and do I need to be hit over the head
with a heavy book? :)
I'm still investigating, but if anyone has experience with this sort
of setup, I would very much appreciate any advice they could share
with me.
Thanks for your time.
Best regards,
Anthony Foiani
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
