From: Wim L. <wi...@hh...> - 2010-05-09 07:00:32
|
On 5/7/10 8:22 AM, jean daniel aussel wrote: > looks like a nice development to share, although as Ludovic mentioned > an alternative is to use the pkcs#11 python wrapper. Would be > interested to have a look and see what can be incorporated as 3rd > party contribution to pyscard, since I guess this would be a quite > substantial sample of pyscard usage. I'll clean up some more of the cruft and put it somewhere then (or mail it to this list?). There are basically three things that might be of interest: - a PIV module and class that provides methods roughly corresponding to the card commands defined in SP800-73-3 part 2, and some routines for dealing with various PIV (or other DoD smartcard) data structures; - an example script that does various things to/with a PIV card; - a fairly generic BER/DER helper class that grew out of a collection of parsing/formatting functions; it's arguably not smartcard-specific and presumably duplicates code in other projects, but it's what the PIV code needed. :) Some parts might be better off as separate modules in pyscard --- the routines for dealing with ISO7816's oddball SIMPLE-TLV format, and the command/response chaining support (which seems like it could be implemented as an error checker, but I don't really grok pyscard's architecture well enough to see how to do that). On 5/7/10 7:03 AM, Ludovic Rousseau wrote: > Why don't you use a PKCS#11 library like OpenSC [1] to abstract your > PIV card [2]? Well, largely because I wanted to understand how to interact with the smartcard's native interface, not just with the PKCS#11 abstraction. But also because opensc's pkcs11 adapter didn't work for me out-of-the-box --- I think it was a combination of an installation error and needing to initialize the card further before it would be recognized, but its failures are quite cryptic, so I'm not really sure. (And, well, I used my PIV code + pyscard to do the necessary initialization.) I also find that using Python to explore an unfamiliar interface is more pleasant than digging through layer after layer of C shared libraries, each one of which throws away the underlying library's diagnostic information :/ |