[Pki-devel] [pki-devel][PATCH] 0091-SCP03 support for g&d 7 card.patch

Tue Apr 11 00:55:24 UTC 2017

looks fine.

ack.

Christina

On 03/29/2017 11:22 AM, John Magne wrote:
> [PATCH] SCP03 support for g&d sc 7 card.
>
> Ticket:
>
> https://pagure.io/dogtagpki/issue/1663 Add SCP03 support
>
>
> This allows the use of the g&d 7 card.
> This will require the following:
>
> 1. An out of band method is needed to generate an AES based master key.
> We do not as of yet have support with tkstool for this:
>
> Ex:
>
> /usr/lib64/nss/unsupported-tools/symkeyutil -d . -K -n new_master_aes -t aes -s 16
>
> 2. There are some new config params that can be adjusted to support either the 6.0 or 7.0 cards:
>
> Ex:
>
> tks.defKeySet._005=## tks.prot3   , protocol 3 specific settings
> tks.defKeySet._006=## divers= emv,visa2 : Values for the master key case, or > version one.
> tks.defKeySet._007=## diversVer1 = emv,visa2, or none. This is for developer or version one keyset
> tks.defKeySet._008=## devKeyType = DES3or AES. This is for the key type of developer or version one keys.
> tks.defKeySet._009=## masterKeyType = DES3 or AES. This is for the type of key for the master key.
> tks.defKeySet._010=##
> tks.defKeySet._011=## Only supports two tokens now: G&D Smart Cafe 6 and Smart Cafe 7, use these exact settings
> tks.defKeySet._013=## Smart Cafe 6 settings:
> tks.defKeySet._014=##    tks.defKeySet.prot3.divers=emv
> tks.defKeySet._015=##    tks.defKeySet.prot3.diversVer1Keys=emv
> tks.defKeySet._016=##    tks.defKeySet.prot3.devKeyType=DES3
> tks.defKeySet._017=##    tks.defKeySet.prot3.masterKeyType=DES3
> tks.defKeySet._018=##Smart Cafe 7 settings:
> tks.defKeySet._019=##    tks.defKeySet.prot3.divers=none
> tks.defKeySet._020=##    tks.defKeySet.prot3.diversVer1Keys=none
> tks.defKeySet._021=##    tks.defKeySet.prot3.devKeyType=AES
> tks.defKeySet._022=##    tks.defKeySet.prot3.masterKeyType=AES
> tks.defKeySet._023=##
> tks.defKeySet._024=##
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170410/b4da2871/attachment.htm>