在 CAPI/CNG 中替换 PKCS #11 智能卡数据 Object
[英]Replacement of PKCS #11 Smart Card Data Object in CAPI/CNG
问题描述
There are 3 main PKCS #11 objects (Key, Certificate, Data), I found replacement for key and certificate objects in CAPI/CNG, but I didn't found replacement for creating data object on smart card using CAPI/CNG
有 3 个主要的 PKCS #11 对象(密钥、证书、数据),我在 CAPI/CNG 中找到了密钥和证书对象的替代品,但我没有找到使用 CAPI/CNG 在智能卡上创建数据 object 的替代品
PKCS #11 Data Object documentation here https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__10__5__DATA__OBJECTS.html PKCS #11 数据 Object 文档在此处https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__10__5__DATA__OBJECTS.ZFC35FDC70D5FC69D53EZ8A822C
1 个解决方案
解决方案1
1 已采纳 2020-05-21 18:30:54
PKCS#11 or rather Cryptoki is a specification to control a secure token. PKCS#11 或更确切地说是 Cryptoki 是控制安全令牌的规范。 Sometimes it can make sense to store other sensitive data such as password in a token.有时将其他敏感数据(例如密码)存储在令牌中可能是有意义的。 Furthermore, sometimes data is used to interact with schemes themselves, such as the "Info" parameter for key derivation functions, although commonly such data is provided as parameter to the PKCS#11 method invocation.此外,有时数据用于与方案本身进行交互,例如密钥派生函数的“Info”参数,尽管这些数据通常作为参数提供给 PKCS#11 方法调用。
CAPI/CNG is much more oriented towards providing cryptographic operations for applications. CAPI/CNG 更倾向于为应用程序提供加密操作。 It makes kind of sense that generic data objects are not supported;不支持通用数据对象是有道理的; such objects can already be present in the software itself after all.毕竟,此类对象可能已经存在于软件本身中。 As such, it is less need to store it on a secure device.因此,无需将其存储在安全设备上。 If there is a method to retrieve such data from a secure token then I haven't seen it.如果有一种方法可以从安全令牌中检索此类数据,那么我还没有看到它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.