openpace
Posted: Sat Apr 24, 2021 10:23 am
https://frankmorgner.github.io/openpace/
Welcome to OpenPACE’s documentation!
Summary
Cryptographic library for EAC version 2
Authors:
Frank Morgner
Dominik Oepen
License:
GPL version 3
Tested Platforms:
Windows
Linux (Debian, Ubuntu, SUSE, OpenMoko)
FreeBSD
Mac OS
Solaris
Android
Javascript
OpenPACE implements Extended Access Control (EAC) version 2 as specified in BSI TR-03110 [1]. OpenPACE comprises support for the following protocols:
Password Authenticated Connection Establishment (PACE):
Establish a secure channel with a strong key between two parties that only share a weak secret.
Terminal Authentication (TA):
Verify/prove the terminal’s certificate (or rather certificate chain) and secret key.
Chip Authentication (CA):
Establish a secure channel based on the chip’s static key pair proving its authenticy.
Furthermore, OpenPACE also supports Card Verifiable Certificates (CV Certificates) and signing requests as well as easy to use wrappers for using the established secure channels.
The handlers for looking up trust anchors during TA and CA (i.e. the CVCA and the CSCA certificates) can be customized. By default, the appropriate certificates will be looked up in the file system.
OpenPACE supports all variants of PACE (DH/ECDH, GM/IM), TA (RSASSA-PKCS1-v1_5/RSASSA-PSS/ECDSA), CA (DH/ECDH) and all standardized domain parameters (GFP/ECP).
OpenPACE is implemented as C-library and comes with native language wrappers for:
Python
Ruby
Javascript
Java
Go
Welcome to OpenPACE’s documentation!
Summary
Cryptographic library for EAC version 2
Authors:
Frank Morgner
Dominik Oepen
License:
GPL version 3
Tested Platforms:
Windows
Linux (Debian, Ubuntu, SUSE, OpenMoko)
FreeBSD
Mac OS
Solaris
Android
Javascript
OpenPACE implements Extended Access Control (EAC) version 2 as specified in BSI TR-03110 [1]. OpenPACE comprises support for the following protocols:
Password Authenticated Connection Establishment (PACE):
Establish a secure channel with a strong key between two parties that only share a weak secret.
Terminal Authentication (TA):
Verify/prove the terminal’s certificate (or rather certificate chain) and secret key.
Chip Authentication (CA):
Establish a secure channel based on the chip’s static key pair proving its authenticy.
Furthermore, OpenPACE also supports Card Verifiable Certificates (CV Certificates) and signing requests as well as easy to use wrappers for using the established secure channels.
The handlers for looking up trust anchors during TA and CA (i.e. the CVCA and the CSCA certificates) can be customized. By default, the appropriate certificates will be looked up in the file system.
OpenPACE supports all variants of PACE (DH/ECDH, GM/IM), TA (RSASSA-PKCS1-v1_5/RSASSA-PSS/ECDSA), CA (DH/ECDH) and all standardized domain parameters (GFP/ECP).
OpenPACE is implemented as C-library and comes with native language wrappers for:
Python
Ruby
Javascript
Java
Go