Re: [Opensc-devel] cards that only do SHA-1

[Thomas C. <cal...@gm...>]

Hi Daniel,

If I am not mistaken, most cards working with OpenSC do not perform
onboard hash computation (even if it is supported by the card's spec)
but rather use a software approach (using OpenSSL as a backend for
those operations).

Hence, this means that you should be able to use OpenSC's PKCS#11
middleware to perform CKM_SHA256_RSA_PKCS signatures even if the card
only supports plain RSA signatures (the padding is also generally
computed by the middleware).

Now if you require ECC support but your cards lack support, then you
need newer ones.

Hope this helps,

Thomas

On Tue, Jan 12, 2016 at 10:08 PM, Daniel Pocock <da...@po...> wrote:
>
>
> Hi,
>
> I've got a few cards in my drawer that I'm trying to identify.
>
> Spec sheets for some versions of these cards only mention SHA-1 while
> I've come across other spec sheets that mention SHA-256, I'm not sure if
> there are different versions of the same card, software updates or
> something else.
>
> The cards in question are Athena "ASECard Crypto" and the "CryptoFlex
> for Windows 32k"
>
> Can opensc tell me definitively if these cards have anything better than
> SHA-1 capability?
>
> With SHA-1 being considered insecure, is there any practical use for
> cards that don't have SHA-256 built-in already?  Can they be upgraded
> somehow to support newer hashes and/or adding ECC support?
>
> Regards,
>
> Daniel
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel