Menu
▾
▴
Re: [Opensc-devel] Feitian FTCOS/PK-01 w/ OpenSC
|
From: Markus K. <ko...@rr...> - 2013-05-17 08:34:16
|
Hi, On 05/16/2013 02:07 PM, Jean-Michel Pouré - GOOZE wrote: > If you are planning to use the Feitian PKI under Windows and Linux at the same time, > you should only use OpenSC tools to initialize the card and write certificates. > In this case, do not use Feitian tools to initialize the card and write certificates. I do use OpenSC to initialize and write certificates - but the Feitian CSP does not work reading OpenSC written cards for me (in case the key is not generated on the card). The Feitian PKI Manager screenshots attached were just to show the difference in cards written with OpenSC and Feitian tools. I want to write cards with OpenSC, as I'm required to be able to write pkcs12 files as well as generate the key on the card, sign the certificate request and write the certificate to the card. OpenSC makes both easy, I can call pkcs15-tool, and use the openssl pkcs11 engine via m2crypto to sign a csr with a key created on the card. From the docs, I was positive this is supposed to work: * Cards initialized under GNU/Linux are read-only under Windows CAPI/CSP. * Ability to use proprietary drivers in conjunction with OpenSC. > If you are running only Windows, please use Feitian initialization tools, > PKCS11 library and mini-driver. But then don't use OpenSC. I'll have to give the OpenSC mini-driver a shot, just due to the fact there is nobody assisting me in reading OpenSC written cards with the Feitian CSP. > In short, the Feitian smartcard has all needed drivers for Windows and Linux, > but you not mix open-source software (OpenSC) with proprietary software (Feitian). > Make a choice and stick to it. As I said - I was hoping to be able to write with OpenSC on linux and read with Feitian CSP on Windows. The Feitian CSP 'just works' for not OpenSC initialized/written cards, getting the MiniDriver to work is slightly more than just installing OpenSC. > If you are planning to use the card under all systems, you should prefer OpenSC. I will - if I can make it work. MfG Markus Kötter |
