|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hello, I have some trouble understanding the exact differences between a CSP (as known by CDSA) and a Tokend. My problem is the following: I have some code which operates as a kind of smartcard: it gives access to some certificates and private keys, and it may perform some cryptographic operations such as signatures or asymmetric decryption. Internally, this code uses an external storage server, and a custom user authentication scheme. This code works under Windows as a custom CSP for Microsoft's CryptoAPI. It also works under Unix systems using PKCS#11: we implement a PKCS#11 DLL which gets invoked when the application wants to sign or decrypt something. At my company, we wish to port our system to MacOS X, so that it integrates cleanly into the system. After some documentation reading, I got under the impression that: -- Internally, certificates and private keys are handled through a framework called CDSA (or CSSM), which is described by an open standard (1034 pages !). Containers for private keys and certificates can be plugged into the framework, provided that they are signed by the proper authorities. Whether such plugins must be dynamic libraries or a strange Mac-specific concept known as "bundle" is not clear not me; neither is who may sign plugins for CDSA. -- Applications use keychains, which are containers for certificates and private keys, or references to private keys. Apparently, there are links from keychains to CDSA, so that a certificate may be stored in a keychain, but the private key remains within a CSP (a CDSA plugin). -- There is a system known as "tokend", which accepts plugins and is supposed to be appropriate for physical tokens (such as smartcards). How tokend interacts with keychains or CDSA is quite unclear to me. I am trying to port our system to MacOS X, but I have trouble getting around the documentation. I am a seasoned Unix developper, but the MacOS world uses quite a bunch of terms and idioms that I don't understand yet. I am seeking advice. Does anybody knows a good introduction on the subject ? Thanks for any information, --Thomas Pornin _______________________________________________ Do not post admin requests to the list. They will be ignored. Apple-cdsa mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.