List Info

Thread: reading public key from card
reading public key from card
country flaguser name
Turkey		 2007-10-02 11:20:22 
Hi,

pam_p11 module first makes the card sign some random data,
then extracts the 
public key, and signs it itself, then compares the
signatures. Public key is 
read by the sc_pkcs15_read_pubkey() function in the
pkcs15-pubkey.c file. 
This function blindly tries to read public key via calling 
sc_pkcs15_read_file() on the public key info's path value.

Now on AKIS cards, keys are stored in a special non-file
area. So there isn't 
a public key file, but key is accessed by its key_reference
value on the 
public key info structure.

I've added a new generic cardctl call,
SC_CARDCTL_READ_PUBLIC_KEY. When the 
length of the path is zero, sc_pkcs15_read_pubkey() calls
this with 
key_reference value. So cards can provide alternative
methods to read public 
keys. AKIS implementation is added too.

Now since this is a somewhat invasive patch, I need your
reviews.

_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
  
Re: reading public key from card
user name
 2007-10-02 14:34:09 
2007/10/2, Gürer Özen <gurerpardus.org.tr>:
> Hi,

Hello,

> pam_p11 module first makes the card sign some random
data, then extracts the
> public key, and signs it itself, then compares the
signatures. Public key is
> read by the sc_pkcs15_read_pubkey() function in the
pkcs15-pubkey.c file.
> This function blindly tries to read public key via
calling
> sc_pkcs15_read_file() on the public key info's path
value.
>
> Now on AKIS cards, keys are stored in a special
non-file area. So there isn't
> a public key file, but key is accessed by its
key_reference value on the
> public key info structure.
>
> I've added a new generic cardctl call,
SC_CARDCTL_READ_PUBLIC_KEY. When the
> length of the path is zero, sc_pkcs15_read_pubkey()
calls this with
> key_reference value. So cards can provide alternative
methods to read public
> keys. AKIS implementation is added too.
>
> Now since this is a somewhat invasive patch, I need
your reviews.

Why not call the function sc_pkcs15_read_key_by_ref() or
something similar?
Why use a complete struct sc_cardctl_public_key when only
the
pkey.key_ref is used?

I think I used something like that (also to read a public
key) but I
do not have the code available here to check.

Bye

-- 
  Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
country flaguser name
Turkey		 2007-10-02 14:51:42 
On Tuesday 02 October 2007 22:34:09 Ludovic Rousseau wrote:

> Why not call the function sc_pkcs15_read_key_by_ref()
or something similar?

Because upper level stuff (pkcs11 layer for example) calls
the 
sc_pkcs15_read_pubkey, and change needs to be done in only
one place this 
way.

> Why use a complete struct sc_cardctl_public_key when
only the
> pkey.key_ref is used?

Other fields (buf and len) are used to pass data back.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
user name
 2007-10-02 14:58:35 
2007/10/2, Ludovic Rousseau <ludovic.rousseaugmail.com>:
> Why use a complete struct sc_cardctl_public_key when
only the
> pkey.key_ref is used?

I now see why. I am not sure it is a good idea to have the
same
parameter for in and out arguments.
I would prefer something like:
sc_pkcs15_read_key_by_ref(sc_card_t *card, int key_ref, u8
*key,
size_t &key_len)

-- 
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
user name
 2007-10-02 15:01:21 
2007/10/2, Gürer Özen <gurerpardus.org.tr>:
> On Tuesday 02 October 2007 22:34:09 Ludovic Rousseau
wrote:
>
> > Why not call the function
sc_pkcs15_read_key_by_ref() or something similar?
>
> Because upper level stuff (pkcs11 layer for example)
calls the
> sc_pkcs15_read_pubkey, and change needs to be done in
only one place this
> way.

My question was in fact why use sc_card_ctl() instead of
sc_pkcs15_read_key_by_ref()
I don't know if a generic sc_pkcs15_read_key_by_ref() is
possible or
if each card driver must implement its own version.

-- 
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
country flaguser name
Turkey		 2007-10-02 15:13:00 
On Tuesday 02 October 2007 23:01:21 Ludovic Rousseau wrote:

> My question was in fact why use sc_card_ctl() instead
of
> sc_pkcs15_read_key_by_ref()
> I don't know if a generic sc_pkcs15_read_key_by_ref()
is possible or
> if each card driver must implement its own version.

Ah I see now. APDU commands are card specific in this case.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
country flaguser name
Turkey		 2007-10-03 05:12:26 
On Tuesday 02 October 2007 22:58:35 Ludovic Rousseau wrote:
> 2007/10/2, Ludovic Rousseau <ludovic.rousseaugmail.com>:
> > Why use a complete struct sc_cardctl_public_key
when only the
> > pkey.key_ref is used?
>
> I now see why. I am not sure it is a good idea to have
the same
> parameter for in and out arguments.
> I would prefer something like:
> sc_pkcs15_read_key_by_ref(sc_card_t *card, int key_ref,
u8 *key,
> size_t &key_len)

Btw, my first thought was, passing sc_pkcs15_pubkey_info
directly, then card 
driver could have read key_reference, then fill out the
required fields. But 
that would tie the upper layer (pkcs15) into the card
driver.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
country flaguser name
Turkey		 2007-10-06 07:16:24 
On Tuesday 02 October 2007 23:13:00 Gürer Özen wrote:
> On Tuesday 02 October 2007 23:01:21 Ludovic Rousseau
wrote:
> > My question was in fact why use sc_card_ctl()
instead of
> > sc_pkcs15_read_key_by_ref()
> > I don't know if a generic
sc_pkcs15_read_key_by_ref() is possible or
> > if each card driver must implement its own
version.
>
> Ah I see now. APDU commands are card specific in this
case.

What is the consensus now? Any other opinions on this
patch?
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: reading public key from card
country flaguser name
Turkey		 2007-10-13 18:59:07 
On Tuesday 02 October 2007 19:20:22 Gürer Özen wrote:

> I've added a new generic cardctl call,
SC_CARDCTL_READ_PUBLIC_KEY. When the
> length of the path is zero, sc_pkcs15_read_pubkey()
calls this with
> key_reference value. So cards can provide alternative
methods to read
> public keys. AKIS implementation is added too.
>
> Now since this is a somewhat invasive patch, I need
your reviews.

Still no other opinions yet? 

Btw, on the http://www.open
sc-project.org/opensc/ page, there is a recently 
added "south beach diet is cool" link which seems
like a spam thing.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
[1-9]

about | contact  Other archives ( Real Estate discussion Medical topics )