Menu
▾
▴
Re: [Opensc-devel] Crypto Chip Support imaginable ?
|
From: Marx, P. <Pet...@kn...> - 2016-06-15 13:18:35
|
Hi Andreas, there is no more chance to introduce something like the NXP A700 to the board design, so I'm stuck with the ATMEL... A smaller stack could be an option, but a read-only implementation could be insufficient, as provisioning process and in-field usage would take different paths, tools and methods. But this has to be clarified. Reading though your sc-hsm-embedded link, I don't get an idea what kind of drivers/modules need to be implemented to get that stuff work with the ATMEL chip, may it be through a Linux device or directly. Could you give some hints here ? Peter -----Original Message----- From: Andreas Schwier [mailto:and...@ca...] Sent: Tuesday, June 14, 2016 12:15 PM To: ope...@li... Subject: Re: [Opensc-devel] Crypto Chip Support imaginable ? Hi Peter, I'd recommend to use a Secure Element platform like the NXP A700 which has a JavaCard Operating System and can run JavaCard applets implementing PKI functions. That way you get an embedded smartcard controller that has the security attributes you are looking for. You could use one of the available JavaCard applets that work with OpenSC, e.g. * the IsoApplet [2], * the myEID Applet [3] or * (of course) our SmartCard-HSM Applet [4]. If you want to go with the Atmel chip, integrating a stack smaller than OpenSC might be simpler. I'd recommend to take a look at our sc-hsm-embedded project, which is a lightweight PKCS#11 stack for embedded scenarios. Andreas [1] http://www.nxp.com/products/identification-and-security/authentication/secure-authentication-microcontroller:A700X_FAMILY [2] https://github.com/philipWendland/IsoApplet [3] https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card [4] http://www.smartcard-hsm.com/ [5] https://github.com/CardContact/sc-hsm-embedded On 06/14/2016 11:42 AM, Marx, Peter wrote: > I'm IT architect in a big IoT project. I'm looking for getting PKCS#11 support for Java applications on Linux, so i can get rid of the keystore files of e.g. Apache ActiveMQ. TLS certificates and keys shall be created/stored in hardware instead. > > But I can't use Smartcards. The idea is to use a cryptochip on the mainboard (headless Linux field unit) like the ATMEL ATECC108A. The chip is on I2C bus and is e.g. accessible from Linux as a device. > > I had asked ATMEL about software support for their chips beyond the embedded level. But they can only provide a Linux I2C reference implementation of the HAL, nothing in the direction of a PKCS#11 module. And an OpenSSL add-on is available. > > Not having in-depth knowledge from PKCS#11 wrapper down to the chip my questions are: > > > - What components have to be developped to make a cryptochip look as Smartcard to OpenSC > > - Has this been done before ? > > - Can this be purchased or is it available for free ? > > - Can this be done in native Java or is some C/C++ wrapping with JNI needed ? > > - What effort would this be ? > > - In case there is no open solution: who knows a company which could deliver a solution ? > > Peter > > Knorr-Bremse IT-Services GmbH > Sitz: Muenchen > Geschaeftsfuehrer: Helmut Draxler (Vorsitzender), Harald Jessen, > Harald Schneider Registergericht Muenchen, HR B 167 268 > > This transmission is intended solely for the addressee and contains confidential information. > If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. > Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like. > > > > ---------------------------------------------------------------------- > -------- What NetFlow Analyzer can do for you? Monitors network > bandwidth and traffic patterns at an interface-level. Reveals which > users, apps, and protocols are consuming the most bandwidth. Provides > multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make > informed decisions using capacity planning reports. > https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- --------- CardContact Systems GmbH |.##> <##.| Schülerweg 38 |# #| D-32429 Minden, Germany |# #| Phone +49 571 56149 |'##> <##'| http://www.cardcontact.de --------- Registergericht Bad Oeynhausen HRB 14880 Geschäftsführer Andreas Schwier ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Opensc-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/opensc-devel Knorr-Bremse IT-Services GmbH Sitz: Muenchen Geschaeftsfuehrer: Helmut Draxler (Vorsitzender), Harald Jessen, Harald Schneider Registergericht Muenchen, HR B 167 268 This transmission is intended solely for the addressee and contains confidential information. If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like. |
