Comments (6)
This question/issue interested me only for one reason, the only pkcs#11 implementation that supports unwrap/wrap in opensc is in card-myeid.c. What card-sc-hsm.c
supports is a proprietary call that is not available from the pkcs#11 interface.
This has nothing to do with the CreateObject
operation. As a rule, the token stores the /private/ key in a special file. This file is not normally readable, but it allows to perform a /private/ operation. The description of the /private key/ of this file is the subject of pkcs#15 .. and here it depends on the token whether it supports pkcs#15 or has another interface that has a mapping of this description (from an object) to some pkcs#15 description within the framework of opensc.
from opensc.
This operation is called unwrapping and is supported by PKCS#11. The code in sc-hsm driver has several mentions of "unwrap" so I believe this should work. You should be able to make some rough tests with pkcs11-tool (see --unwrap
option and examples at the end of the manual page.
from opensc.
I looked at the src/libopensc/card-sc-hsm.c
code, wrap/unwrap is supported here using the sc_card_ctl()
call. Calling this code is not possible in the normal way from pkcs11-tool
, but a specific call that appears to be supported by sc-hsm-tool
must be used. (man sc-hsm-tool
).
from opensc.
@popovec does that also mean for CreateObject call over PKCS11 interface? Importing key programaticaly with a template was giving me trouble, so I abandoned it.
from opensc.
sc-hsm-tool itself also has options for wrapping/unwrapping keys
from opensc.
https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM
from opensc.
Related Issues (20)
- pkcs11-tool should provide an option to get slot information as pkcs11-uri HOT 1
- pkcs11-tool: extend for printing the PKCS#11 URI for the objects
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
- Compilation error HOT 3
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
- RSA padding in release 0.25.1 HOT 3
- French eID - reading HOT 1
- OpenSC Minidriver Does Not Display the Second Key Container of JPKI Card When certutil -scinfo Is Executed HOT 30
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.