Adding PKCS#11 compatibility to smart card
Posted: Thu Aug 01, 2019 6:07 am
Hello, I am new to the world of smart cards and Java Card ecosystem. I am still trying to figure out how the ecosystem works, anyway my target is to add PKCS#11 compatibility and support to a smart card produced by Infineon, the card supports Java Card 3.
If I understood correctly, this should be the situation:
1) the PKCS#11 library runs on the computer and it is used by software installed on the computer (for example Mozilla Firefox)
2) the communication between the computer and the card is done using APDUs, which are handled by the PC/SC standard
3) on the card there is an applet that uses Java Card APIs in order to perform operations requested by the computer
The question is: how does the communication work between the PKCS#11 library and the applet that runs on the card? I mean the software on the pc may require to sign a file, so it calls an API from PKCS#11. Then I imagine that this API should send a request for the signature to the card, how is this request generated and sent to the card? How can the card understand which operation it should perform? Can all these operations be done simply by the commands specified in the PC/SC standard?
Most importantly: can I use whatever PKCS#11 library I want (for example OpenSC) or do I have to implement a library specifically compatible with my smart card?
I have been reading documentation about PKCS#11 and Java Card for the last week and the more I read the more I get confused.
If I understood correctly, this should be the situation:
1) the PKCS#11 library runs on the computer and it is used by software installed on the computer (for example Mozilla Firefox)
2) the communication between the computer and the card is done using APDUs, which are handled by the PC/SC standard
3) on the card there is an applet that uses Java Card APIs in order to perform operations requested by the computer
The question is: how does the communication work between the PKCS#11 library and the applet that runs on the card? I mean the software on the pc may require to sign a file, so it calls an API from PKCS#11. Then I imagine that this API should send a request for the signature to the card, how is this request generated and sent to the card? How can the card understand which operation it should perform? Can all these operations be done simply by the commands specified in the PC/SC standard?
Most importantly: can I use whatever PKCS#11 library I want (for example OpenSC) or do I have to implement a library specifically compatible with my smart card?
I have been reading documentation about PKCS#11 and Java Card for the last week and the more I read the more I get confused.