Menu
▾
▴
[Opensc-devel] FW: Question about OpenSC
|
From: David S. <DS...@da...> - 2016-01-19 09:12:11
|
I emailed this by mistake to the wrong address, I think. From: David Sills Sent: Monday, January 18, 2016 10:22 AM To: 'Jaroslav Imrich' Subject: RE: [Opensc-devel] Question about OpenSC Jaroslav: Thanks so much for your prompt reply. I pretty much started there. Of course, the Sun class is just a wrapper around a native provider (in my case, the OpenSC provider), so I was hoping to get some useful tips. However, perhaps there are not developers who have made this work. We have a client who wants to “smart-card-enable” their application. Essentially, they want to identify the user from the smart card (not something I immediately see how to do, either from Sun or OpenSC) and find whether or not their certificate (and the question of “which certificate?” is a valid one) is valid, possibly checking whether their PIN is correctly entered. That would substitute for their logging on to the application with a username and password. I know of no application that actually does this, so I am skeptical, but that is my charge for the moment. Thanks for trying to help! David From: Jaroslav Imrich [mailto:jar...@gm...] Sent: Monday, January 18, 2016 10:14 AM To: David Sills Cc: ope...@li...<mailto:ope...@li...> Subject: Re: [Opensc-devel] Question about OpenSC Hello David, seems like your primary problem is behaviour of SunPKCS11 provider so IMO you should take a look at "Java PKCS#11 Reference Guide" [0] which describes in detail how this provider operates. I remember that values of CKA_LABEL and CKA_ID attributes were very important and that SunPKCS11 provider didn't "show" private key which were not associated with the certificate. [0] http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html Kind Regards / S pozdravom Jaroslav Imrich http://www.jimrich.sk jar...@gm...<mailto:jar...@gm...> On Mon, Jan 18, 2016 at 3:40 PM, David Sills <DS...@da...<mailto:DS...@da...>> wrote: To whom it may concern: This is apparently not a mailing list for users, but I am a (potential) user with many questions. Is there a mailing list for me? I have successfully (more or less) got OpenSC working on my Windows 7 machine with a Dell Smart Card Reader Keyboard and pkcs11-tool seems to be able to detect keys (and thus certificates, I assume) on the card, but when I go through the Sun API (SunPKCS11) I get no aliases in the Keystore I generate, which makes it, of course, impossible to get at the data. (What I really want to know is, is the certificate expired?) Is this a common occurrence, and has anyone any kind of solution for it? Please redirect me if I am in the wrong list. Many thanks for your work in creating OpenSC. Thanks! David ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Opensc-devel mailing list Ope...@li...<mailto:Ope...@li...> https://lists.sourceforge.net/lists/listinfo/opensc-devel |
