Greetings, all. As with a similar posted in the last day or two, I'm working deploying an embedded linux system, and I'm trying to figure out the smallest set of libraries that I need to do this.
The desired use for tokens in the field is: 1. Sign binary blobs, generating a detached RFC5652 signature file from each data file. 2. (Eventually) for both client and server-side SSL handshaking. On a typical Linux workstation, I can do all this already, thanks to the developers here and on libusb, ccid, and pcsc-lite. Barring late-breaking changes, this functionality is already available in packages for the distribution I'm using here (Fedora 17). To test the latest and greatest, I had to build: libusb-1.0.9 pcsc-lite-1.8.6 ccid-1.4.8 openssl-1.0.1c libp11-0.2.8 opensc-0.13.0rc1-g2895729 (from CardContact) engine_pkcs11-0.1.8 Other than having to adjust the interprocess expectations of pcscd and its users, that also works fine. However, the embedded box is not running the typical workstation daemons. There's no udev at all; I'm handling the event stream directly within my application. (E.g., I'm receiving and handling USB mass storage device insertions / removals.) What I'm looking for is guidance on which libraries are required to do the work, if I can tell those libraries exactly which USB device to use, and only when there is something there to be used. Is libusb used only for discovery, or for access as well? Likewise, if there is only ever one process accessing the token (and I can guarantee that it's single-threaded access), then is pcscd necessary? Even further, if I know exactly which token will be used, is it possible and/or advisable to short-circuit the generic aspects of libpkcs11 and somehow use that token's driver directly? Either way, it seems that I'll still want to use OpenSSL libraries (or equiv, e.g., NSS) to do the ASN.1 streaming and on-cpu crypto ops. (This is the easiest part, as I already have OpenSSL in my build.) Are all these questions stupid, and do I need to be hit over the head with a heavy book? :) I'm still investigating, but if anyone has experience with this sort of setup, I would very much appreciate any advice they could share with me. Thanks for your time. Best regards, Anthony Foiani _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel