Hi Dave,
I propose a pair of changes of the "official" PCSC Specs into my
implementation:
1. Problem: the specs allow you to specify an "algorythm identifier" for
the key generation, which can have the values:
. AT_KEYEXCHANGE
. AT_SIGNATURE
and other parameters, but THERE ARE NO WAYS to specify the key type,
i.e. RSA/DSA/DES/...
Solution: I've added the KP_KEY_TYPE parameter, to be set in
CRYPTPROV.SetParam(...), BEFORE key generation;
2. Problem: the specs allow you to set cryptographic parameters in the
CRYPTKEY class but NOT in the CRYPTPROV class, but some parameters
should be set BEFORE key generation, such as KP_PERMISSIONS and
KEY_TYPE
Solution: Allowed to set cryptographic parameters directly into the
CRYPTPROV.SetParam(...). The CSP stored these parameters as default
parameters when a new key is generated, and then one can customize
key
operations (i.e. DES cipher mode, ...) with CRYPTKEY.SetParam(...)
3. The CSP stores default parameters for each algorythm identifiers,
i.e. default keyexchange params, default signature params, etc...
4. Added
. AT_CRYPT
as alg_id to allow the creation/use of keys for data hiding.
5. Added
. CRYPT_SIGN
. CRYPT_VERIFY
to key permissions: a signature key (-pair) should have sign/verify
permissions, while a keypair used to hide data should have
encrypt/decrypt
permissions.
If anyone wants to give an opinion, it is well accepted, thanks.
Hi all,
Tommaso Cucinotta.
--
+----------------------------------------+
| Ing. Tommaso Cucinotta |
+----------------------------------------+
| Scuola Superiore di Studi Universitari |
| e Perfezionamento S.Anna |
| |
| Pisa Italy |
+----------------------------------------+
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
