Elliptic Curve support and suggested cards?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Elliptic Curve support and suggested cards?

Daniel Pocock

Hi,

Can anybody comment on the Elliptic Curve support in OpenSC and which
cards are suggested?

I found this ticket about ECDSA with PIV card support but it is not
clear if this is also supported for other cards now:

https://www.opensc-project.org/opensc/ticket/295

Is the PIV card concept only relevant to those in organisations that use
PIV cards, or can these cards be useful for any arbitrary project?

I found that some of the Athena cards offer ECC support, I understand
these are on the OpenSC supported list, but it's not clear if the ECC
support is in all variations of the card:
http://www.athena-scs.com/docs/products-solutions-datasheets/athena-idprotect-client.pdf

Regards,

Daniel



------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Elliptic Curve support and suggested cards?

Andreas Schwier (ML)
Hi Daniel,

the SmartCard-HSM card has build-in support for ECC [1] and is supported
by OpenSC.

Andreas

[1] https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM


Am 25.06.2013 12:59, schrieb Daniel Pocock:

> Hi,
>
> Can anybody comment on the Elliptic Curve support in OpenSC and which
> cards are suggested?
>
> I found this ticket about ECDSA with PIV card support but it is not
> clear if this is also supported for other cards now:
>
> https://www.opensc-project.org/opensc/ticket/295
>
> Is the PIV card concept only relevant to those in organisations that use
> PIV cards, or can these cards be useful for any arbitrary project?
>
> I found that some of the Athena cards offer ECC support, I understand
> these are on the OpenSC supported list, but it's not clear if the ECC
> support is in all variations of the card:
> http://www.athena-scs.com/docs/products-solutions-datasheets/athena-idprotect-client.pdf
>
> Regards,
>
> Daniel
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Sch├╝lerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Elliptic Curve support and suggested cards?

Douglas E. Engert
In reply to this post by Daniel Pocock


On 6/25/2013 5:59 AM, Daniel Pocock wrote:

>
> Hi,
>
> Can anybody comment on the Elliptic Curve support in OpenSC and which
> cards are suggested?
>
> I found this ticket about ECDSA with PIV card support but it is not
> clear if this is also supported for other cards now:
>
> https://www.opensc-project.org/opensc/ticket/295
>
> Is the PIV card concept only relevant to those in organisations that use
> PIV cards, or can these cards be useful for any arbitrary project?

Yes and no. The PIV standards from NIST were designed for the US government
and its contractors, which also defined Government ID info to be
in some objects, such as the FASC-N in the CHUID.

But there are PIV-I  (Interoperable) not issued by the US government, and
could be trusted somewhat.  And PIV-C (Compatible) cards that use the same
cards but not trusted by the US Government.

The the CHUID object on the card contains a GUID and a FASCN starting with 9999
that indicates that this is not a PIV but a PIV-C card.
The Smart Card Alliance has started calling them CIV cards.

Google for PIV-C  or piv-compatible smart cards
or CIV smart cards.

This is a nice starting point:
http://www.smartcardalliance.org/pages/publications-piv-i-for-non-federal-issuers

http://www.securitysystemsnews.com/article/civ-cards-just-piv-cards-commercial-market?page=0,0

http://www.quantumsecure.com/solutions/functional-solutions/civ-credential/


The same cards are used in each, its the information on the card
and the PKI used that is different. The OpenSC operates at the card level,
and is not concerned with the differences between PIV, PIV-I or PIV-C.
(as does the Microsoft Windows CAPI.)

The bare minimum card would have a PIV Authentication certificate and key
and a CHUID using the FASC-N=9999... and GUID.

The Microsoft CAPI has built in support for PIV, and expects a CHUID.


You will still need some type of card management system and cards.


>
> I found that some of the Athena cards offer ECC support, I understand
> these are on the OpenSC supported list, but it's not clear if the ECC
> support is in all variations of the card:
> http://www.athena-scs.com/docs/products-solutions-datasheets/athena-idprotect-client.pdf
>
> Regards,
>
> Daniel
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel