Re: [opensc-devel] Windows 7 support for PKCS#11 = mini-driver
On 2010/12/20 5:30, Jean-Michel Pouré - GOOZE wrote: Some users are contacting me with questions about Windows support for PKCS#11 smartcards. As far as I understand, Windows support for PKCS#11 is poor. AFAIK, Windows uses CSPs, and does not support PKCS#11 at all. This may have changed in Windows 7, but I doubt it. Do some of you know solutions for: * Single sign-on Windows using PKCS#11 cards. * Smartcard based windows disk encryption (EFS). * Secure (smartcard) logon using MS Windows VPN. No :) Would a mini-driver between Windows and PKCS#11 do the trick? Just for my personal knowledge, I would like to know. There is such a mini-driver in OpenSC SVN. Is it working? I haven't tried the one in SVN, but it looks like a fairy complete read-only driver. Try it and tell us how it worked out. Generally: * a minidriver is a *CSP* minidriver. You can think of it as a equivalent to the card driver modules in OpenSC. There is actually a Wiki with a pretty picture :) http://www.opensc-project.org/opensc/wiki/MiniDriver * it's just a DLL, that exposes functions like create file, delete file, sign, encrypt etc. The specification is available from Microsoft ([1]) * the cool thing about a minidriver is that, unlike a full CSP, you don't have to get it signed by Microsoft * writing a full minidriver is tricky, but a read-only one is fairly easy * as long as the following basic functionality is implemented, you should be able to use your OpenSC card with the Windows CSP * listing files and containers * authentication (PIN) * exporting certificates * signing [1] http://www.microsoft.com/whdc/device/input/smartcard/sc-minidriver.mspx ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] win32: path to OpenSC windows registers
On 2010/12/09 20:22, Kalev Lember wrote: Victor, that's a very good idea to use standard MSI generated with WiX! Instead of adding 'Program Files\OpenSC' directory to PATH, it might be better to put all the deps (libopensc.dll, zlib.dll, iconv.dll, etc) into WinSxS [1] and only put the pkcs11 libraries in 'Program Files\OpenSC'. That would really be the best solution. It requires Windows XP and above though, which is probably OK. BTW, in VS2010 MS has finally come to their senses and DLLs include a version number in the filename. ([1]) [1] http://msdn.microsoft.com/en-us/library/dd293574.aspx ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] card driver and locking
Hi, I am developing a (proprietary) dynamic card driver (Windows). I have the basics setup working, I can load and login. However I am having some troubles with locking (transactions). Any advice is much appreciated. It appears that the framework calls pcsc_lock before calling my card_select_file/read_binary. That starts a card transaction (SCardBeginTransaction) and locks the card, but I would like to avoid that. I have my own library for communicating with the card, it does secure messaging and what not, so I don't want to re-implement it using OpenSC APIs. At the moment I am ending the transaction before calling my own code, but is using internal APIs, so probably not a very good idea. I've noticed that if I set sc_reader_t.ops.lock/unlock to NULL I could avoid locking but where should I set it? Do I have to implement a reader driver? Or is there a better way to do this? ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
