Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKCS#11 JCE on Apple JRE 5.0


On 13.6.2005, at 23.31, Scott Kovatch wrote:


On Jun 13, 2005, at 2:23 PM, Harri Hohteri wrote:

Will it be added in the future?

I was just investigating this in the past week or so, in between WWDC stuff. It's worth noting that Mac OS X already has smart card support built into it via the Keychain, so once we get our keychain- based keystore implementation fully up to speed that should be all that's needed to support smart cards in your Java app or applet.

I have been discussing about the PKCS#11 support on opensc-devel mailing list and there are more problems to this than just having Java to support Keychain. And also I'd prefer using PKCS#11 JCE wrapper as it is supposed to be standard on all JRE 5.0 installations. A little bit less of a platform dependent code...

Harri

P.S. my post to opensc-devel on Sun May 22 12:23:50 EEST 2005

What I've found (there is lousy amount of documentation about tokend
at apple dev site):

Comprehensive smart card support
A new tokend daemon works with securityd to access smart cards and similar devices, allowing them to seamlessly participate in system and application authentication activities. Token handlers are provided for the U.S. government Common Access Cards, MUSCLE PC/SC, and pkcs-11. [1]

It is weird that Apple doesn't list and doesn't include the BelPIC plug-in with 10.4 although there is one available [2].

In 10.4 there are listed the following plugins at
/usr/libexec/SmartCardServices/services
GSCISPlugin.bundle
mscMuscleCard.bundle
commonAccessCard.bundle
slbCryptoflex.bundle

There is also pkcs#11 thing at /usr/libexec/SmartCardServices/pkcs11
pkcs11.bundle which could be the pkcs#11 token handler mentioned by Apple.

What I don't understand is that Dave said is
>10.4.1 actually has a plugin layer that is higher level than Muscle,
called tokend

as I though that although the plugin layer is at higher level than
pcsc-lite it is still basicly the same plugin mechanism there is for
muscle (or is there one?, I'm not sure).

There is tool called pcsctool at /usr/bin/pcsctool which allows the
user to select the approriate token driver for the inserted card:

[imacg4:~] hhohteri% /usr/bin/pcsctool
Select the approprate token driver:
-----------------------------------
  1.     commonAccessCard.bundle
  2.     GSCISPlugin.bundle
  3.     mscMuscleCard.bundle
  4.     slbCryptoflex.bundle
-----------------------------------
Enter the number:

I have found no documentation how to attach pkcs#11 provider into this
tokend (if this is what it really is). So for having PKCS#15 card
supported with tokend I should either know how to configure opensc to
it via pkcs#11 or implement a special pkcs#15 plugin which could
possibly be derived from the BelPIC plugin.

Harri

[1] http://images.apple.com/macosx/pdf/MacOSX_UNIX_TB.pdf
[2] http://darwinsource.opendarwin.org/10.4/Tokend-11/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden

This email sent to email@hidden
References: 
 >PKCS#11 JCE on Apple JRE 5.0 (From: Harri Hohteri <email@hidden>)
 >Re: PKCS#11 JCE on Apple JRE 5.0 (From: Scott Kovatch <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.