regarding p15 emulation support

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

regarding p15 emulation support

KAMAL KUMAR-2
Hi all,
I need clarification. Is P15 emulation provided only
for using certificates/keys from the card.

As i told you earlier, I am emulating p15 structures
for my card and trying to support operations like
loading of keypair and certificate to card.

Is there any card opensc implementation that emulates
P15 structures and also support these operations. Does
OpenSC restrain p15 emulation for only reading data.

Please give your opinion.

Regards,
Kamal.
--- "Douglas E. Engert" <[hidden email]> wrote:

>
>
> kamal kumar wrote:
> > Hi,
> >
> > I have one doubt regarding implementing
> >
>
sc_card_operations::update_binary(card,idx,buf,count,flag)

> > function in the card driver.
> >
> > Will this function delete all the file data after
> > idx+count offset.
>
> I don't know. All the emulations I have done where
> to read
> from a card. Initilization of my cards is done
> seperatly
> or by some other agency.
>
> >
> > Regards,
> > Kamal.
> >
> >
> >
> >
> >
> >
> >        
> >
>
____________________________________________________________________________________
> > Get the Yahoo! toolbar and be alerted to new email
> wherever you're surfing.
> >
>
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
> > _______________________________________________
> > opensc-devel mailing list
> > [hidden email]
> >
>
http://www.opensc-project.org/mailman/listinfo/opensc-devel

> >
> >
>
> --
>
>   Douglas E. Engert  <[hidden email]>
>   Argonne National Laboratory
>   9700 South Cass Avenue
>   Argonne, Illinois  60439
>   (630) 252-5444
>



       
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: regarding p15 emulation support

Andreas Jellinghaus-2
On Monday 09 July 2007 12:15:41 kamal kumar wrote:

> Hi all,
> I need clarification. Is P15 emulation provided only
> for using certificates/keys from the card.
>
> As i told you earlier, I am emulating p15 structures
> for my card and trying to support operations like
> loading of keypair and certificate to card.
>
> Is there any card opensc implementation that emulates
> P15 structures and also support these operations. Does
> OpenSC restrain p15 emulation for only reading data.

I'n not 100% sure, but i think the pkcs#15 emulation has so far only ben unsed
on pre-initialized cards that cannot be altered. thus it might support only
read only mode so far. but I might be wrong. Nils?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: regarding p15 emulation support

Tarasov Viktor
In reply to this post by KAMAL KUMAR-2
kamal kumar a écrit :

> Hi all,
> I need clarification. Is P15 emulation provided only
> for using certificates/keys from the card.
>
> As i told you earlier, I am emulating p15 structures
> for my card and trying to support operations like
> loading of keypair and certificate to card.
>
> Is there any card opensc implementation that emulates
> P15 structures and also support these operations. Does
> OpenSC restrain p15 emulation for only reading data.
>
> Please give your opinion.
>  

There was short discussion about the emulation of the pkcs15init part :
2006-09-29 [opensc-devel] Question: emulate pkcs15init

Kind wishes,
Viktor.


> Regards,
> Kamal.
> --- "Douglas E. Engert" <[hidden email]> wrote:
>
>  
>> kamal kumar wrote:
>>    
>>> Hi,
>>>
>>> I have one doubt regarding implementing
>>>
>>>      
> sc_card_operations::update_binary(card,idx,buf,count,flag)
>  
>>> function in the card driver.
>>>
>>> Will this function delete all the file data after
>>> idx+count offset.
>>>      
>> I don't know. All the emulations I have done where
>> to read
>> from a card. Initilization of my cards is done
>> seperatly
>> or by some other agency.
>>
>>    
>>> Regards,
>>> Kamal.
>>>
>>>
>>>
>>>
>>>
>>>
>>>        
>>>
>>>      
> ____________________________________________________________________________________
>  
>>> Get the Yahoo! toolbar and be alerted to new email
>>>      
>> wherever you're surfing.
>>    
> http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
>  
>>> _______________________________________________
>>> opensc-devel mailing list
>>> [hidden email]
>>>
>>>      
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>  
>>>      
>> --
>>
>>   Douglas E. Engert  <[hidden email]>
>>   Argonne National Laboratory
>>   9700 South Cass Avenue
>>   Argonne, Illinois  60439
>>   (630) 252-5444
>>
>>    
>
>
>
>        
> ____________________________________________________________________________________
> Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
> http://farechase.yahoo.com/
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>  

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: regarding p15 emulation support

Douglas E. Engert
In reply to this post by Andreas Jellinghaus-2


Andreas Jellinghaus wrote:
> On Monday 09 July 2007 12:15:41 kamal kumar wrote:
>> Hi all,
>> I need clarification. Is P15 emulation provided only
>> for using certificates/keys from the card.
>>
>> As i told you earlier, I am emulating p15 structures
>> for my card and trying to support operations like
>> loading of keypair and certificate to card.

You can use a combination of a card-<yourcard>.c
and pkcs15-<yourcard>.c modules. The pkcs15-<yourcard>.c
handles the emulation.

The card-<yourcard>.c frontends the iso7816.c to handle
any card specific commands.

You can also do some special scripts and use the
opensc-tool -s xxxxx to preform a specific APDU sequence.
This works if your operation can done with one APDU command
per session.

Or as in my case I needed to authenticate to the card using
3des before doing some operations like generate a key pair
on the card, and save the public key to a file.

The piv-tool is a modified version of opensc-tool with some
extra options. It ends up calling the card-piv.c  without using
the pkcs15 emulation.

piv-tool can then load the certificate to the card.

You could write your own <yourcard>-tool.c and do something similar.

>>
>> Is there any card opensc implementation that emulates
>> P15 structures and also support these operations. Does
>> OpenSC restrain p15 emulation for only reading data.
>
> I'n not 100% sure, but i think the pkcs#15 emulation has so far only ben unsed
> on pre-initialized cards that cannot be altered. thus it might support only
> read only mode so far. but I might be wrong. Nils?
>
> Regards, Andreas
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: regarding p15 emulation support

KAMAL KUMAR-2
Hi all,
Thanks for your replys.

I have already done some implementation for my card.
But I am facing problem when trying to provide
operations like loading of keys and certificates to
card using opensc-pkcs11 module with p15 structure
emulated.
 
I have given the issues and the fix i made to solve
them below.
 
1. I first tired loading of keys and certificate
operation, in card which already had one certificate
and key pair.
 
When loading the key pair and certificates, the
opensc-pkcs#11 module, tries to write the PuKDF,PrKDF,
CDF pkcs#15 structures to card. I solved it by just
returning success. Emulated p15 structures has
"11001101" path.
 
2. The second issue was occurring when trying to load
the key pair and certificate to the card, which is
empty. The load operation was failing in this
scenario. I debugged the source and found that since
the card is empty, opensc is not emulating the p15
structures and trying to read it from the card.
 
I solved it by adding a dummy public key,private key
and certificate object, so that opensc emulate the
corresponding p15 files.
 
I like to know how other cards that are emulating p15
files solve these issues. Does opensc provide any
standard way to solve these issues?
 
Regards,
Kamal.



 
--- "Douglas E. Engert" <[hidden email]> wrote:

>
>
> Andreas Jellinghaus wrote:
> > On Monday 09 July 2007 12:15:41 kamal kumar wrote:
> >> Hi all,
> >> I need clarification. Is P15 emulation provided
> only
> >> for using certificates/keys from the card.
> >>
> >> As i told you earlier, I am emulating p15
> structures
> >> for my card and trying to support operations like
> >> loading of keypair and certificate to card.
>
> You can use a combination of a card-<yourcard>.c
> and pkcs15-<yourcard>.c modules. The
> pkcs15-<yourcard>.c
> handles the emulation.
>
> The card-<yourcard>.c frontends the iso7816.c to
> handle
> any card specific commands.
>
> You can also do some special scripts and use the
> opensc-tool -s xxxxx to preform a specific APDU
> sequence.
> This works if your operation can done with one APDU
> command
> per session.
>
> Or as in my case I needed to authenticate to the
> card using
> 3des before doing some operations like generate a
> key pair
> on the card, and save the public key to a file.
>
> The piv-tool is a modified version of opensc-tool
> with some
> extra options. It ends up calling the card-piv.c
> without using
> the pkcs15 emulation.
>
> piv-tool can then load the certificate to the card.
>
> You could write your own <yourcard>-tool.c and do
> something similar.
>
> >>
> >> Is there any card opensc implementation that
> emulates
> >> P15 structures and also support these operations.
> Does
> >> OpenSC restrain p15 emulation for only reading
> data.
> >
> > I'n not 100% sure, but i think the pkcs#15
> emulation has so far only ben unsed
> > on pre-initialized cards that cannot be altered.
> thus it might support only
> > read only mode so far. but I might be wrong. Nils?
> >
> > Regards, Andreas
> > _______________________________________________
> > opensc-devel mailing list
> > [hidden email]
> >
>
http://www.opensc-project.org/mailman/listinfo/opensc-devel

> >
> >
>
> --
>
>   Douglas E. Engert  <[hidden email]>
>   Argonne National Laboratory
>   9700 South Cass Avenue
>   Argonne, Illinois  60439
>   (630) 252-5444
>



       
____________________________________________________________________________________
Choose the right car based on your needs.  Check out Yahoo! Autos new Car Finder tool.
http://autos.yahoo.com/carfinder/
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel