<html xmlns="http://www.w3.org/1999/xhtml" xmlns:html="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
SslChoice – OpenSC
</title><style type="text/css">
@import url(trac.css);
</style></head><body><div id="content" class="wiki">
<div class="wikipage searchable">
<h1 id="SSLChoices">SSL Choices</h1>
<p>
If you want to write an SSL enabled application and use smart cards for client authentication,
you need a library that offers this. Here we list SSL libraries we know and whether they work
with OpenSC.
</p>
<p>
We aim to provide example code, but so far there is none.
</p>
<h2 id="Windows">Windows</h2>
<p>
If you plan a windows only application and want to develop with Visual C/C++/C#/.Net you can use those. As far as we know you don't need to do anything special to enable using smart card in your application, as the Crypto API and a CSP module will take care of everything.
</p>
<h2 id="MacOSX">Mac OS X</h2>
<p>
In theory the same situation (use Mac OS X developer tools, use the Apple CDSA/CSP API).
</p>
<p>
In practice there is no bridge between OpenSC and the Apple CDSA/CSP API, so currently you won't be able to use OpenSC. But work is in progress, see <a href="http://www.opensc-project.org/sca/wiki/OpenscTokend" shape="rect">http://www.opensc-project.org/sca/wiki/OpenscTokend</a>.
</p>
<h2 id="Linux">Linux</h2>
<p>
There are many different crypto libraries such as OpenSSL, GnuTLS, LibNSS, cryptlib, QCA and others. We will try to discuss each.
</p>
<p>
<a class="ext-link" href="http://www.openssl.org/" shape="rect"><span class="icon"> </span>OpenSSL</a> has an easy way to integrate smart card support. Our sister project
<a href="http://www.opensc-project.org/libp11/" shape="rect">libp11</a> has code to make using OpenSC PKCS#11 module with OpenSSL quite easy and should include example code for using SSL with client certificate authentication using a smart card soo. Also the <a href="http://www.opensc-project.org/engine_pkcs11" shape="rect">engine_pkcs11</a> project has a so called engine so you can change any code using OpenSSL to move the crypto operation from your CPU to your smart card with only a few small changes. Wpa_supplicant is an example of an application using OpenSSL and this engine for smart card support.
</p>
<p>
<a class="ext-link" href="http://www.gnu.org/software/gnutls/" shape="rect"><span class="icon"> </span>GnuTLS</a> unfortunatly lacks any ability to redirect crypto
operations to a module. Thus we don't know of any way to enable smart card support in a GnuTLS based application.
</p>
<p>
<a class="ext-link" href="http://www.mozilla.org/projects/security/pki/nss/" shape="rect"><span class="icon"> </span>NSS</a> is the netscape security layer used in applications like Mozilla, Firefox and Thunderbird. It includes support for using PKCS#11 modules like the OpenSC PKCS#11 module, but we don't have example code how to do that right now.
</p>
<p>
<a class="ext-link" href="http://www.cs.auckland.ac.nz/~pgut001/cryptlib/" shape="rect"><span class="icon"> </span>cryptlib</a> is a library by Peter Gutmann and seems to implement every crypto standard we ever heard of, including smart card support using PKCS#11 modules. However we are not sure what the license of this library is, and we have no experience in using it or writing applications that use smart cards with it.
</p>
<p>
<a class="ext-link" href="http://delta.affinix.com/qca/" shape="rect"><span class="icon"> </span>QCA</a> is the Qt Cryptographic Architecture is an addon for Qt that adds crypto operations. QCA has been moved to the kdesupport part of the kde source code and will be part of the next KDE release. As far as we know some recent versions of QCA include the ability to use PKCS#11 modules such as OpenSC, but we don't know the details yet. Feedback is very welcome.
</p>
</div>
</div><div class="footer"><hr></hr><p><a href="index.html">Back to Index</a></p></div></body></html>
distrib
>
Fedora
>
13
>
x86_64
>
media
>
updates
>
by-pkgid
>
64d7525dee9596ae0eae9ecd4241861b
>
files
>
124
