ECDH in 'staging' of github OpenSC/OpenSC

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ECDH in 'staging' of github OpenSC/OpenSC

Viktor Tarasov-3
Hi Douglas,

ECDH support, that you have tested in SM branch,
has been committed into the 'staging' branch of github OpenSC/OpenSC.
https://github.com/OpenSC/OpenSC/tree/staging

I've made only basic (list on-card objects) tests with PIV card.
More substantial tests will be performed later,
when the rest of pending proposals will find their place in 'staging'.

If you are using Windows environment you can try one of MSIs from
https://opensc.fr/jenkins/view/OpenSC-staging/

Kind regards,
Viktor.
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ECDH in 'staging' of github OpenSC/OpenSC

Douglas E. Engert


On 6/2/2012 12:50 PM, Viktor Tarasov wrote:
> Hi Douglas,
>
> ECDH support, that you have tested in SM branch,
> has been committed into the 'staging' branch of github OpenSC/OpenSC.
> https://github.com/OpenSC/OpenSC/tree/staging

Thanks!

>
> I've made only basic (list on-card objects) tests with PIV card.
> More substantial tests will be performed later,
> when the rest of pending proposals will find their place in 'staging'.

To use the ECDH one needs a PIV card that can support ECC. No priduction
cards with ECC  keys are being issued at the current time, but cards are
available, and the NIST Demo card set that should be available soon will
have ECC keys. Using ECDH with Thunderbird for excrypted e-mail also
needs additional mods that have been submitted to Mozilla. These are
starting to be committed.

>
> If you are using Windows environment you can try one of MSIs from
> https://opensc.fr/jenkins/view/OpenSC-staging/

I will try and test this week.



>
> Kind regards,
> Viktor.
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ECDH in 'staging' of github OpenSC/OpenSC

Douglas E. Engert
In reply to this post by Viktor Tarasov-3

On 6/2/2012 12:50 PM, Viktor Tarasov wrote:
> Hi Douglas,
>
> ECDH support, that you have tested in SM branch,
> has been committed into the 'staging' branch of github OpenSC/OpenSC.
> https://github.com/OpenSC/OpenSC/tree/staging

I have tested today the staging build, with the changes,
and the Derivation functions are working as expected.

Thanks.

The staging branch was built on Solaris, and using two smart cards,
with ECC Key Management Keys one from NIST and one where I generated
a key.

The certs from the two cards were previously read and called
cardA.cert.03.pem  and cardB.cert.03.pem

openssl x509 -noout -in cardA.cert.03.pem -pubkey |
    openssl ec -pubin -outform DER > cardA.pubkey.pem

openssl x509 -noout -in cardB.cert.03.pem -pubkey |
    openssl ec -pubin -outform DER > cardB.pubkey.pem

Inserting cardA:
pkcs11-tool -l --derive -m ECDH1-COFACTOR-DERIVE -O -d 03 -i cardB.pubkey.pem

Inserting CardB:
pkcs11-tool -l --derive -m ECDH1-COFACTOR-DERIVE -O -d 03 -i cardA.pubkey.pem

Will produce the same secret key output string.

>
> I've made only basic (list on-card objects) tests with PIV card.
> More substantial tests will be performed later,
> when the rest of pending proposals will find their place in 'staging'.
>
> If you are using Windows environment you can try one of MSIs from
> https://opensc.fr/jenkins/view/OpenSC-staging/

I will try and do that next week.

>
> Kind regards,
> Viktor.
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel