1

Is login on the smart card implemented completely on the hardware chip Or it should be impelemented on both pkcs11 dll and smart card? and so how do they separated the chip functions for 3 type of user : user, CA, guest.
EDIT:
it helps me more, if you have a small sample code for both hardware and PKCS11 DLL as a start point

osyan
  • 1,784
  • 2
  • 25
  • 54
  • why the functional-programming tag? C++ isn't very functional – hdgarrood Oct 14 '12 at 01:36
  • I don't know about AVR, but that isn't what I'd consider functional. There's a good explanation [here](http://www.haskell.org/haskellwiki/Introduction#What_is_functional_programming.3F) – hdgarrood Oct 14 '12 at 14:35

1 Answers1

2
  • PKCS#11 has C_Login, which has to be implemented, obviously, for any reasonable interoperability.
  • Guest only opens a session, does not call C_Login. User vs CA is not really an option in PKCS#11 terms (they are both "users" of the token), there is arbitrary "user" vs "admin" in PKCS#11 (but you don't really have to implement both, if your model does not follow the PKCS#11 model)
  • The security device must implement any protective measures (the ability to "log in" or "unlock" some resources in the device being one of them) so yes, it is implemented in the chip.
  • Don't know what "user" means in your context but having three types of users in a single token and one of them being called "CA" sounds like a bad idea.
  • You actually answer your own question: a device is useless for an application without the middleware (PKCS#11) so both must implement "something".
Martin Paljak
  • 4,119
  • 18
  • 20
  • tnx. I know about 3 type of users, and i start to implement that. i edited my question. can you help me a bit on that – osyan Oct 18 '12 at 07:36
  • Sorry, the internet is full of code samples. Maybe to guide you more: you probably want to have different Slots (in PKCS#11 terms) for different users/uses. – Martin Paljak Oct 21 '12 at 13:25