Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/CardContact/sc-hsm-embedded
PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and STARCOS based signature cards
https://github.com/CardContact/sc-hsm-embedded
Last synced: 13 days ago
JSON representation
PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and STARCOS based signature cards
- Host: GitHub
- URL: https://github.com/CardContact/sc-hsm-embedded
- Owner: CardContact
- License: bsd-3-clause
- Created: 2013-04-12T12:47:47.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2024-10-03T18:46:45.000Z (about 1 month ago)
- Last Synced: 2024-10-16T08:44:49.343Z (27 days ago)
- Language: C
- Homepage:
- Size: 21.5 MB
- Stars: 98
- Watchers: 14
- Forks: 31
- Open Issues: 10
-
Metadata Files:
- Readme: README
- Changelog: ChangeLog
- License: COPYING
- Authors: AUTHORS
Awesome Lists containing this project
README
sc-hsm-embedded PKCS#11 and CSP-Minidriver Module
=================================================Light-weight PKCS#11 library for using the SmartCard-HSM in Windows, Linux, MacOSX and embedded systems.
The module also supports various STARCOS based signature cards commonly used in Germany.
Purpose
-------
This module has been initially developed to support the integration of a SmartCard-HSM in
embedded systems with a little footprint. Rather than using a PC/SC daemon to manage
attached card readers and token, the smaller Card Terminal API (CT-API) can be used.Over time the project has grown into a fully featured PKCS#11 and Microsoft CSP-Minidriver crypto middleware.
Supported Hardware
------------------
The module can be compiled for Linux, Windows and MacOSX. It supports the SmartCard-HSM USB-stick
and SmartCard-HSM cards inserted into a CCID compliant reader. When using the PC/SC interface
any compliant reader can be used.The ctccid module uses standard functions from the CCID specification, so the driver may work
with other CCID compliant readers as well. However, the only reader used during tests is
the SCR 3310 and the USB-stick.Further documentation is available at
https://github.com/CardContact/sc-hsm-embedded/wiki
Installation (Linux)
--------------------
Download source and run* autoreconf -fi
* configure
* make
* make installRequired packages (Debian)
* libpcsclite1 - for PC/SC access to token
* libusb-1.0-0-dev - for CT-API access to token (--enable-ctapi)
* libssl-dev - for public key crypto support (from OpenSSL)
* libcurl4-openssl-dev - for RAMOverHTTP support (--enable-ram)Installation (Windows)
----------------------
Select the 32-Bit or 64-Bit version depending on your version of Windows.
Installing the provided .msi file will make the sc-hsm-pkcs11.dll and sc-hsm-minidriver.dll
available in windows/system32. Test tools are installed in %PROGRAMFILES%/CardContact/SmartCard-HSM.The 64-Bit version installs both, the 32-Bit and 64-Bit version of DLLs and test programs.
Build with Docker
-----------------
The included Dockerfile creates the build environmentTo mount the card reader for the container use
--mount type=bind,source=/var/run/pcscd,target=/var/run/pcscd
in your docker run command.
Firefox
-------
Open Firefox and Preferences/Privacy & Security, scroll down and press "Security Devices"
In the Device Manager press Load and enter "SmartCard-HSM" as module name
Select "sc-hsm-pkcs.dll" (Windows), "/usr/local/lib/sc-hsm-pkcs11.so" (Linux) or
/Library/sc-hsm-pkcs11/lib/sc-hsm-pkcs11.dylib" (Mac) as module filename.Thunderbird
-----------
Open Thunderbird and the Security Devices Manager
Select Load and enter "SmartCard-HSM" as Module Name
Select "sc-hsm-pkcs.dll" (Windows), "/usr/local/lib/sc-hsm-pkcs11.so" (Linux) or
/Library/sc-hsm-pkcs11/lib/sc-hsm-pkcs11.dylib" (Mac) as module filename.Uninstall
---------
Open the "Security Devices Manager"
Unload the entry under "SmartCard-HSM"Running the test program
------------------------
Open a console and change into the sc-hsm-pkcs11 directory.
Insert a SmartCard-HSM and entersc-hsm-pkcs11-test --module lib\sc-hsm-pkcs11.dll
For a STARCOS card you will need to define the token that shall be used for tests:
sc-hsm-pkcs11-test --module lib\sc-hsm-pkcs11.dll --token STARCOS.eUserPKI
Without a PIN given with the --pin parameter only tests are performed for which
no PIN is required.Debugging
---------
A debugging version of the PKCS#11 module is provided to aid debugging of
card and card reader problems.Please install the debug version and create a sc-hsm-embedded directory under
%HOME%/tmp on Linux/MacOSX and %HOMEDIR%/appdata/LocalLow on Windows.System applications running under root will write logfiles to /var/tmp/sc-hsm-embedded.
On Linux you will need to use configure with --enable-debug.
Release 2.11
------------
Add support for 4K version of the SmartCard-HSM (V3.x)
Add support for AES
Add support for TLS1.3Release 2.10
------------
Add write support for the SmartCard-HSM
Add CSP-Minidriver for Windows based applications
Add C_WaitForSlotEvent
Add public key operation with C_Verify*(), C_Encrypt*() and C_Digest*() functions
Removed support for obsolete Signtrust Cards.Release 2.9
-----------
Added ATRs for BNotK cardsRelease 2.8
-----------
Added support for ECC keys on DGN card
Added support for static slot ids
Fixed issue with leaked PIN value due to non-cleared buffers
Added multi-threading tests for ECCRelease 2.7
-----------
Added support for DGN HBA on Starcos 3.5Release 2.6
-----------
Disabled QES token when running under Firefox.Release 2.5
-----------
Added ATR for contactless SmartCard-HSMs.Release 2.4
-----------
Removed probing of applications on unrecognized cards.Release 2.3
-----------
Disabled QES2 on Signtrust 3.2 card as this is never used.
Added environment variable PKCS11_PREALLOCATE_VIRTUAL_SLOTS= to create virtual slots when the
primary slot is allocated for the first time. Without the flag a virtual slot is dynamically created if a
token with more than one PIN is detect. In that case the PKCS#11 module creates an additional virtual slot for
each additional PIN (usually the QES PINs). However, this dynamic behaviour collides with the way Firefox handles
the Friendly flag, which is only set for slots that are present at modul loading.Release 2.2
-----------
Added support for Signtrust Starcos 3.2 cardRelease 2.1
-----------
Added support for D-Trust Starcos 3.4 card
Added support for Signtrust Starcos 3.5 cardRelease 2.0
-----------
Added support for Bundesnotarkammer Starcos 3.5 card
Added support for PC/SC card reader