The exclusive promotional activities on JCOP J3H145 card and Feitian R301 Smartcard Reader are in full swing. Please check this page for details.

Adding PKCS#11 compatibility to smart card

JavaCard Applet Development Related Questions and Answers.
matteof93
Posts: 3
Joined: Thu Aug 01, 2019 5:50 am
Points :26
Contact:

Adding PKCS#11 compatibility to smart card

Post by matteof93 » Thu Aug 01, 2019 6:07 am

Hello, I am new to the world of smart cards and Java Card ecosystem. I am still trying to figure out how the ecosystem works, anyway my target is to add PKCS#11 compatibility and support to a smart card produced by Infineon, the card supports Java Card 3.

If I understood correctly, this should be the situation:
1) the PKCS#11 library runs on the computer and it is used by software installed on the computer (for example Mozilla Firefox)
2) the communication between the computer and the card is done using APDUs, which are handled by the PC/SC standard
3) on the card there is an applet that uses Java Card APIs in order to perform operations requested by the computer

The question is: how does the communication work between the PKCS#11 library and the applet that runs on the card? I mean the software on the pc may require to sign a file, so it calls an API from PKCS#11. Then I imagine that this API should send a request for the signature to the card, how is this request generated and sent to the card? How can the card understand which operation it should perform? Can all these operations be done simply by the commands specified in the PC/SC standard?

Most importantly: can I use whatever PKCS#11 library I want (for example OpenSC) or do I have to implement a library specifically compatible with my smart card?

I have been reading documentation about PKCS#11 and Java Card for the last week and the more I read the more I get confused.


matteof93
Posts: 3
Joined: Thu Aug 01, 2019 5:50 am
Points :26
Contact:

Re: Adding PKCS#11 compatibility to smart card

Post by matteof93 » Sun Aug 04, 2019 7:55 am

kuafu wrote:
Sat Aug 03, 2019 5:13 am
You need to knwo scp11 of GP, https://github.com/martinpaljak/GlobalP ... /docs/pdfs ,viewtopic.php?f=15&t=1692&hilit=scp11
Could you explain what SCP11 is and why I need it? Thanks

kuafu
Posts: 196
Joined: Thu Jun 25, 2015 2:09 am
Points :2351
Contact:

Re: Adding PKCS#11 compatibility to smart card

Post by kuafu » Sun Aug 04, 2019 8:16 am

My mistake, you didn't need to know scp11.
well

kuafu
Posts: 196
Joined: Thu Jun 25, 2015 2:09 am
Points :2351
Contact:

Re: Adding PKCS#11 compatibility to smart card

Post by kuafu » Sun Aug 04, 2019 8:18 am

You need to implement a library specifically compatible with my smart card. And you need to konw how the applet work in javacard.
well

matteof93
Posts: 3
Joined: Thu Aug 01, 2019 5:50 am
Points :26
Contact:

Re: Adding PKCS#11 compatibility to smart card

Post by matteof93 » Mon Aug 05, 2019 3:56 am

kuafu wrote:
Sun Aug 04, 2019 8:18 am
You need to implement a library specifically compatible with my smart card. And you need to konw how the applet work in javacard.
Ok so I need to implement a PKCS#11 library which is able to be interfaced with the relative javacard applet. Basically the library will implement the PKCS#11 APIs and, internally, these APIs will send some kind of commands to the card, so that the applet will read the command and perform the correct crypto operation.

Am I right?

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 10 guests

JavaCard OS : Disclaimer