-
Notifications
You must be signed in to change notification settings - Fork 32
PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and STARCOS based signature cards
License
CardContact/sc-hsm-embedded
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
sc-hsm-embedded PKCS#11 and CSP-Minidriver Module ================================================= Light-weight PKCS#11 library for using the SmartCard-HSM in Windows, Linux, MacOSX and embedded systems. The module also supports various STARCOS based signature cards commonly used in Germany. Purpose ------- This module has been initially developed to support the integration of a SmartCard-HSM in embedded systems with a little footprint. Rather than using a PC/SC daemon to manage attached card readers and token, the smaller Card Terminal API (CT-API) can be used. Over time the project has grown into a fully featured PKCS#11 and Microsoft CSP-Minidriver crypto middleware. Supported Hardware ------------------ The module can be compiled for Linux, Windows and MacOSX. It supports the SmartCard-HSM USB-stick and SmartCard-HSM cards inserted into a CCID compliant reader. When using the PC/SC interface any compliant reader can be used. The ctccid module uses standard functions from the CCID specification, so the driver may work with other CCID compliant readers as well. However, the only reader used during tests is the SCR 3310 and the USB-stick. Further documentation is available at https://github.com/CardContact/sc-hsm-embedded/wiki Installation (Linux) -------------------- Download source and run * autoreconf -fi * configure * make * make install Required packages (Debian) * libpcsclite1 - for PC/SC access to token * libusb-1.0-0-dev - for CT-API access to token (--enable-ctapi) * libssl-dev - for public key crypto support (from OpenSSL) * libcurl4-openssl-dev - for RAMOverHTTP support (--enable-ram) Installation (Windows) ---------------------- Select the 32-Bit or 64-Bit version depending on your version of Windows. Installing the provided .msi file will make the sc-hsm-pkcs11.dll and sc-hsm-minidriver.dll available in windows/system32. Test tools are installed in %PROGRAMFILES%/CardContact/SmartCard-HSM. The 64-Bit version installs both, the 32-Bit and 64-Bit version of DLLs and test programs. Build with Docker ----------------- The included Dockerfile creates the build environment To mount the card reader for the container use --mount type=bind,source=/var/run/pcscd,target=/var/run/pcscd in your docker run command. Firefox ------- Open Firefox and Preferences/Privacy & Security, scroll down and press "Security Devices" In the Device Manager press Load and enter "SmartCard-HSM" as module name Select "sc-hsm-pkcs.dll" (Windows), "/usr/local/lib/sc-hsm-pkcs11.so" (Linux) or /Library/sc-hsm-pkcs11/lib/sc-hsm-pkcs11.dylib" (Mac) as module filename. Thunderbird ----------- Open Thunderbird and the Security Devices Manager Select Load and enter "SmartCard-HSM" as Module Name Select "sc-hsm-pkcs.dll" (Windows), "/usr/local/lib/sc-hsm-pkcs11.so" (Linux) or /Library/sc-hsm-pkcs11/lib/sc-hsm-pkcs11.dylib" (Mac) as module filename. Uninstall --------- Open the "Security Devices Manager" Unload the entry under "SmartCard-HSM" Running the test program ------------------------ Open a console and change into the sc-hsm-pkcs11 directory. Insert a SmartCard-HSM and enter sc-hsm-pkcs11-test --module lib\sc-hsm-pkcs11.dll For a STARCOS card you will need to define the token that shall be used for tests: sc-hsm-pkcs11-test --module lib\sc-hsm-pkcs11.dll --token STARCOS.eUserPKI Without a PIN given with the --pin parameter only tests are performed for which no PIN is required. Debugging --------- A debugging version of the PKCS#11 module is provided to aid debugging of card and card reader problems. Please install the debug version and create a sc-hsm-embedded directory under %HOME%/tmp on Linux/MacOSX and %HOMEDIR%/appdata/LocalLow on Windows. System applications running under root will write logfiles to /var/tmp/sc-hsm-embedded. On Linux you will need to use configure with --enable-debug. Release 2.11 ------------ Add support for 4K version of the SmartCard-HSM (V3.x) Add support for AES Add support for TLS1.3 Release 2.10 ------------ Add write support for the SmartCard-HSM Add CSP-Minidriver for Windows based applications Add C_WaitForSlotEvent Add public key operation with C_Verify*(), C_Encrypt*() and C_Digest*() functions Removed support for obsolete Signtrust Cards. Release 2.9 ----------- Added ATRs for BNotK cards Release 2.8 ----------- Added support for ECC keys on DGN card Added support for static slot ids Fixed issue with leaked PIN value due to non-cleared buffers Added multi-threading tests for ECC Release 2.7 ----------- Added support for DGN HBA on Starcos 3.5 Release 2.6 ----------- Disabled QES token when running under Firefox. Release 2.5 ----------- Added ATR for contactless SmartCard-HSMs. Release 2.4 ----------- Removed probing of applications on unrecognized cards. Release 2.3 ----------- Disabled QES2 on Signtrust 3.2 card as this is never used. Added environment variable PKCS11_PREALLOCATE_VIRTUAL_SLOTS=<n> to create <n> virtual slots when the primary slot is allocated for the first time. Without the flag a virtual slot is dynamically created if a token with more than one PIN is detect. In that case the PKCS#11 module creates an additional virtual slot for each additional PIN (usually the QES PINs). However, this dynamic behaviour collides with the way Firefox handles the Friendly flag, which is only set for slots that are present at modul loading. Release 2.2 ----------- Added support for Signtrust Starcos 3.2 card Release 2.1 ----------- Added support for D-Trust Starcos 3.4 card Added support for Signtrust Starcos 3.5 card Release 2.0 ----------- Added support for Bundesnotarkammer Starcos 3.5 card Added support for PC/SC card reader
About
PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and STARCOS based signature cards
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published