[Opensc-devel] Crypto Chip Support imaginable ?

[Marx, P. <Pet...@kn...>]

I'm IT architect in a big IoT project. I'm looking for getting PKCS#11 support for Java applications on Linux, so i can get rid of the keystore files of e.g. Apache ActiveMQ. TLS certificates and keys shall be created/stored in hardware instead.

But I can't use Smartcards. The idea is to use a cryptochip on the mainboard (headless Linux field unit) like the ATMEL ATECC108A. The chip is on I2C bus and is e.g. accessible from Linux as a device.

I had asked ATMEL about software support for their chips beyond the embedded level. But they can only provide a Linux I2C reference implementation of the HAL, nothing in the direction of a PKCS#11 module. And an OpenSSL add-on is available.

Not having in-depth knowledge from PKCS#11 wrapper down to the chip my questions are:


-          What components have to be developped to make a cryptochip look as Smartcard to OpenSC

-          Has this been done before ?

-          Can this be purchased or is it available for free ?

-          Can this be done in native Java or is some C/C++ wrapping with JNI needed ?

-          What effort would this be ?

-          In case there is no open solution: who knows a company which could deliver a solution ?

Peter

Knorr-Bremse IT-Services GmbH
Sitz: Muenchen
Geschaeftsfuehrer: Helmut Draxler (Vorsitzender), Harald Jessen, Harald Schneider
Registergericht Muenchen, HR B 167 268

This transmission is intended solely for the addressee and contains confidential information.
If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. 
Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like.