[Pki-devel] [pki-devel][PATCH] 0090-First-cut-of-scp03-support.-Supports-the-g-d-smartca.patch
John Magne
jmagne at redhat.com
Mon Mar 13 19:40:40 UTC 2017
First cut of scp03 support. Supports the g&d smartcafe out of the box.
Developer keyset token operations and key change over supported.
Caveats.
-The diversification step going from master key to card key uses DES3 as required for the token.
-After that point, everything is scp03 to the spec with minor excpetions so far.
Supports 128 bit AES for now. Will resolve this.
Minor config tweaks:
TPS
Symmetric Key Changeover
Use this applet for scp03:
RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc
TKS:
Symmetric Key Changeover
tks.mk_mappings.#02#03=internal:new_master
tks.defKeySet.mk_mappings.#02#03=internal:new_master
Use the uncommented one because scp03 returns a different key set data string.
ToDo:
-Support the rest of the AES sizes other than 128.
-Support optional RMAC apdu.
-Test and adjust the config capability for other tokens.
-Support AES master key. Right now the standard key ends up creating AES card and session keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0090-First-cut-of-scp03-support.-Supports-the-g-d-smartca.patch
Type: text/x-patch
Size: 196629 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170313/081b62e3/attachment.bin>
More information about the Pki-devel
mailing list