[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Smarcard application



On Jan 10, 2008, at 3:35 PM, Stephen Hamilton wrote:

Now for the part you just mentioned--if I am doing this at too low of level, I need to stop now--I don't want to make this harder than it should be. What include file does the pkcs11 interface for coolkey come in? I grepped the coolkey files cky* in my usr/ include, and didn't see C_GetAttribute. I found it in coolkey.cpp, however it isn't in my include anywhere--do I need to be programming in C++, and if so, what do I need to include to access it?

Virtually any crypto relatively complete library that supports X.509 should support PKCS#11. That includes NSS and OpenSSL among others. These libraries usually use dynamic loading to load a specific PKCS#11 engine (coolkey, muscle, opensc, soft-pkcs11, etc.--also, that this makes things like OpenSC's pkcs11-spy possible, which is incredibly useful for debugging). With the right library, you can use the crypto library for operations and not worry about where keys are stored and processed--you point the lib at the PKCS#11 engine as a configuration detail, and the rest happens automagically. :)

The added abstraction makes for portable implementations; you won't be tied to card edge protocols.

Since you're using the CAC you need to stick with a FIPS validated crypto library--either the FIPS version of OpenSSL (if you can find someone who has it) or the FIPS version NSS (3.6, IIRC) if you're working on UNIX. On Windows, you code to CAPI and the system installed middleware (usually ActivClient) figures it out.

If you're supporting a DoD contract, you can get help from one of the service offices, including pointers to toolkits & etc. Since I support the AF PKI SPO in my day job, I can get you POCs if you need it. I'm also *very* curious as to exactly what you're doing with the CAC. Feel free to email me off-list.

-- Tim

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net