[Smartsign-devel] Sign-MCard New Package Release
Status: Pre-Alpha
Brought to you by:
kefren
From: Tommaso C. <ke...@ti...> - 2002-03-22 16:05:11
|
Hi all, The new package Sign-MCard has just been released on the Smart Sign web-site. You can download it from: http://smartsign.sourceforge.net It basically allows to calculate and verify digital signatures in PKCS#7 format on generic files, using command line utilities. It is built upon the MuscleCard framework, so it works with all the smartcards that are supported by the MuscleCard project (examples are all JavaCard enabled smartcards and the SLB Cryptoflex card). The utilities have default configuration options that allow it to interoperate with the CardEdge-Token PKCS#11 module from the SmartSign project. Please, submit any comment, suggestion or request to the SmartSign mailing lists: mailto:sma...@li... mailto:sma...@li... Detailed information about the package follows. Bye, Tommaso. ********************************************************* Sign/verify command line utilities for M.U.S.C.L.E. Cards ============================================================ This package provides a couple of command line utilities that allow you to calculate a digital signature of a generic file using the key and public key certificate stored on your smart card, and verify it against the original file. Actually the verify utility does not need any smartcard. An additional utility, `loadkey_mcard', is provided in order to easily transfer an already generated private key from your host machine to the smartcard. REQUIREMENTS ------------------------------------------------------------ This package requires PCSC-Lite from M.U.S.C.L.E. project and MuscleCard framework (release 1.0.1, actually) with proper smartcard reader's driver installed for your reader and card's plugin for your card. It also requires a MuscleCard supported card, that is a card for which a MuscleCard plugin has been developed (Schlumberger's Cyberflex 32K MuscleCard Applet or Gemplus' 211/PK with MuscleCard Applet or Cryptoflex 16K, actually). Please, check out the MuscleCard web site for an up-to-date list of supported cards: http://www.musclecard.com. This utility compiles correctly on RedHat 6.x based systems, but not on a RedHat 7.2 system, because on these systems OpenSSL comes in the "Engine" flavour. Compilation is still possible on such systems by configuring the package with a custom OpenSSL installation obtained compiling without the "Engine" capability. The custom installation can be specified with the `--with-openssl=' switch to the configure script. This utility can also work without smartcards at all, if the user's private key and certificate are stored on the hard disk as files in standard OpenSSL format. In this case, MuscleCard and PCSC Lite are still required to be installed on your system in order to link the executables. USAGE ------------------------------------------------------------ Just type: user > sign_mcard --help user > verify_mcard --help Here is an example usage: user > sign_mcard -in file.txt -out file.p7 -sc Please, enter smartcard PIN: ******* ... In order to load an already existing private key from your host machine to your smartcard, type: user > loadkey_mcard <keyfile.der> <key_nb> <pin_nb> Key file must be DER-encoded. In order to use digital signatures, you also have to load onto your smartcard your public key certificate, DER-encoded. You can do it by using XCardII from the MuscleCard site. LICENSE ------------------------------------------------------------ This package has been obtained as a modification of the OpenSSL utility "sign" by Eric Young. Changes have been done by Tommaso Cucinotta as part of the SmartSign project (http://smartsign.sourceforge.net). Before compiling and using this package, please assure to agree with the terms stated into the LICENSE file. All of the additional modules that were necessary to integrate the MUSCLE Card framework into this package, provided as separate files, are part of the SmartSign project and retain the original SmartSign software license. As a further note, please note that redistribution of this package is only allowed if the original authors, enumerated in the AUTHORS file, are clearly cited in every documentation and advertising material that is eventually added to the package itself. INSTALLATION ------------------------------------------------------------ (see also the REQUIREMENTS section) user > ./configure user > make root # make install TECHNICAL NOTES ------------------------------------------------------------ The signing utility relies on the user's private key being stored onto the smartcard. Use of such key should be PIN protected. It also relies on the user's public key certificate to be stored DER-encoded into an object. This object does not need to be PIN protected. Default key number, object identifier and PIN number are customizable by editing the proper section of Makefile.in, then (re-)configuring. The default values are also overridable by using command line options. See the help message from sign_mcard for details. The verify utility does not require the smartcard at all. It only needs the original data, the root public key cert and the PKCS#7 signature of the data. The signature is stored as a PKCS#7 blob and includes the user's public key certificate. ********************************************************* -- ,------------------------------------------------. | Dr. Tommaso Cucinotta <t.c...@ss...> | >------------------------------------------------< ! Scuola Superiore di Studi Universitari ! ! e Perfezionamento S.Anna ! ! Pisa Italy ! `------------------------------------------------' |