Re: [Fed-Talk] Using Digital Signature with CAC with Acrobat
Re: [Fed-Talk] Using Digital Signature with CAC with Acrobat
- Subject: Re: [Fed-Talk] Using Digital Signature with CAC with Acrobat
- From: Paul Nelson <email@hidden>
- Date: Mon, 02 Jul 2007 14:18:01 -0500
- Thread-topic: [Fed-Talk] Using Digital Signature with CAC with Acrobat
I'm wondering why simple data signing is that complicated, that you can't
use both (to cover cards that don't have TokenD)?
You would just need to get the available cards via PKCS11, then the
Keychain, then remove duplicates.
Paul
on 7/2/07 1:53 PM, Timothy J. Miller at email@hidden wrote:
> On Jul 2, 2007, at 1:44 PM, charles mae wrote:
>
>> But, from my discussions with Shawn, the issue is with the CAC card
>> which is ³known² to the Mac OS and the drivers have already been
>> pre-loaded. The CAC is made to work specifically via tokend where
>> the OS takes ownership of the card and expects all apps to go via
>> the keychain and negate the use of the older PKCS #11 interface
>> which needs to be loaded from each apps.
>
> While Paul is right that it's not flawless, it works for the most
> part. :) I can demonstrate access to a CAC via PKCS#11 *and* tokend
> on the same system at the same time (though not, strictly speaking,
> simultaneously; pcscd serializes simultaneous requests).
>
>> We thought that we could just provide PKCS #11 support which works
>> with non Mac known readers where you would just load the drivers.
>
> I just mailed you off-list but I'll repeat it here: IMHO PKCS#11 is
> nice (if it would work; Reader doesn't successfully load the module)
> but Keychain would be better. Keychain API would get you access to
> user-held software certificates from the login (or other) keychains,
> which PKCS#11 can't touch. In addition, Keychain will be more
> flexible with non-PKCS#11 crypto tokens (assuming a tokend is
> installed, natch).
>
> -- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden