Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
CSP, tokend and keychains
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CSP, tokend and keychains

Hello,

I have some trouble understanding the exact differences between a CSP
(as known by CDSA) and a Tokend.

My problem is the following: I have some code which operates as a kind
of smartcard: it gives access to some certificates and private keys,
and it may perform some cryptographic operations such as signatures or
asymmetric decryption. Internally, this code uses an external storage
server, and a custom user authentication scheme.

This code works under Windows as a custom CSP for Microsoft's CryptoAPI.
It also works under Unix systems using PKCS#11: we implement a PKCS#11
DLL which gets invoked when the application wants to sign or decrypt
something.

At my company, we wish to port our system to MacOS X, so that it
integrates cleanly into the system. After some documentation reading,
I got under the impression that:

-- Internally, certificates and private keys are handled through a
framework called CDSA (or CSSM), which is described by an open standard
(1034 pages !). Containers for private keys and certificates can be
plugged into the framework, provided that they are signed by the proper
authorities. Whether such plugins must be dynamic libraries or a strange
Mac-specific concept known as "bundle" is not clear not me; neither is
who may sign plugins for CDSA.

-- Applications use keychains, which are containers for certificates
and private keys, or references to private keys. Apparently, there are
links from keychains to CDSA, so that a certificate may be stored in a
keychain, but the private key remains within a CSP (a CDSA plugin).

-- There is a system known as "tokend", which accepts plugins and is
supposed to be appropriate for physical tokens (such as smartcards). How
tokend interacts with keychains or CDSA is quite unclear to me.


I am trying to port our system to MacOS X, but I have trouble getting
around the documentation. I am a seasoned Unix developper, but the MacOS
world uses quite a bunch of terms and idioms that I don't understand
yet. I am seeking advice. Does anybody knows a good introduction on
the subject ?

Thanks for any information,


	--Thomas Pornin
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.