epass2003 ecc certificates

classic Classic list List threaded Threaded
2 messages Options
tan
Reply | Threaded
Open this post in threaded view
|

epass2003 ecc certificates

tan
hello all

I'm trying to load ecdsa certs w/ 256bit ecc keys onto a epass2003 usb token. I am under the impression that opensc 0.13 should support this from reading the release notes.

When I list algorithms using the "$ opensc-tool --list-algorithms",  there is no mention of ec algorithms whereas trying the same commands with a gemalto PIV Card2.0 does.

I realise that this may be better categories within the "user" category but this one looked more active. Please advise if this needs to be reposted.

I can provide more configuration/testing detail regarding profiles (pkcs12+onepin specified in commandline - epass2003 profile I'm assuming is used implicity according to documentation) and certificate type (in .p12 containers) but there seems little point if the driver doesn't support the capabilities.

look forward to hearing a reply
thanks in advance
Tom
Reply | Threaded
Open this post in threaded view
|

Re: epass2003 ecc certificates

Douglas E Engert


On 3/2/2015 6:20 AM, tan wrote:
> hello all
>
> I'm trying to load ecdsa certs w/ 256bit ecc keys onto a epass2003 usb
> token. I am under the impression that opensc 0.13 should support this from
> reading the release notes.

Card drivers needed to be modified to support ECC for both ECDSA and ECDH.
In 0.13.0 it looks like only PIV, MYEID and SC-HSM had any ECC support.

>
> When I list algorithms using the "$ opensc-tool --list-algorithms",  there
> is no mention of ec algorithms whereas trying the same commands with a
> gemalto PIV Card2.0 does.

The PIV driver was the first to support ECC. Looks like the epass2003 was not
modified in 0.13.0.


>
> I realise that this may be better categories within the "user" category but
> this one looked more active. Please advise if this needs to be reposted.
>
> I can provide more configuration/testing detail regarding profiles
> (pkcs12+onepin specified in commandline - epass2003 profile I'm assuming is
> used implicity according to documentation) and certificate type (in .p12
> containers) but there seems little point if the driver doesn't support the
> capabilities.
>
> look forward to hearing a reply
> thanks in advance
> Tom
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/epass2003-ecc-certificates-tp15164.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel