Android的SSL使用智能卡通过PKCS#11 [英] Android SSL with a Smart Card through PKCS#11
问题描述
这个问题诞生的原因是,我完全失去了,所以请原谅琐碎的和毫无意义的部分。
The reason that this question was born is that I am totally lost, so please forgive the trivial and senseless parts.
我有一个Android应用程序,web服务,一个microSD智能卡(移动安全卡)。我需要知道我怎么可以使用该卡使用SSL安全地与Web服务进行通信。重建和闪烁的操作系统是不是一种选择。
I have an Android app, a web-service, a MicroSD smart card (mobile security card). I need to know how can I use the card with ssl to securely communicate with the web-service. Rebuilding and flashing the OS is not an option.
我所知道的:
- 使用与MSC 来通信的API
- 如何编写/小应用程序部署到MSC
- 如何调用Web服务
- The API used to communicate with the MSC
- How to write/deploy applets to the MSC
- How to call a web-service
我不知道的:
- SSL
- 太多有关证书和密码(从大学只有阴暗的东西学术)
- 我应该如何的事情走到一起,哪些用于完成此
谋换的Android 有OpenSC教程和图书馆,但操作系统需要修补了点。有没有办法避免这一点,仍然使用该解决方案?
seek-for-android has an OpenSC tutorial and library, but the OS needs to be patched for that. Is there a way to avoid that and still use the solution?
我知道我可能是更远这个一个小小的研究,但我的截止日期是相当接近(几天),所以我需要帮助,太多的帮助,很快..谢谢你在前进!
I know I could be much further into this with a little research, but my deadline is quite close (a few days), so I need help, much help, and very soon.. Thank you in advance!
编辑:
更具体地说:
我从捷放一个智能卡的SD卡; Devrient公司,与Java卡操作系统和精美小应用程序和开发工具。我还收到一个机器人服务与卡(小程序)与APDU协同通信。这是一个相当低的水平,它acceps字节codeS的命令和数据。
I have a Smart Card SD card from Giesecke & Devrient, with Java Card OS and fine applets and dev tools. I also recieved an android service to communicate with the card (the applets) with APDUs. This is quite low-level, it acceps byte codes as commands and data.
我需要通过SSL验证来调用Web服务。现在我知道SSL使用(可以使用),硬件令牌与PKCS#11接口。
I need to call a web-service via SSL authentication. Now I know that SSL uses (can use) hardware tokens with PKCS#11 interfaces.
有一个名为项目寻求换机器人与引导修补操作系统和拥有在智能卡标准的PKCS#11接口(我相信这将是OpenSC)。我不能修补操作系统。
There is a project called seek-for-android with a guide to patch the OS and have a standard PKCS#11 interface over the smart card (I believe this would be OpenSC). I CAN'T patch the OS.
所以,再一次的问题:
- 就可以在Android SSL实现使用(自定义)PKCS#11在某些方面的接口,如果是,怎么样? (例如可能与一些安全提供商)
- 我可以使用OpenSC(和链接的指南中提到其他的东西)的没有的修补操作系统(例如提取库和包括它在我的应用程序)?
- 总之,我应该怎么链接低级智能卡和高水平的SSL之间的差距?我恳请您对此的任何材料。
- Can the Android SSL implementation use (custom) PKCS#11 interfaces in some way, if yes, how? (e.g. possibly with some security providers)
- Can I use OpenSC (and other stuff mentioned in the linked guide) without patching the OS (e.g. extract the libs and include it in my application)?
- Overall, how should I link the gap between the low-level smart card and the high level SSL? I kindly ask you for any material regarding this.
推荐答案
由于这是封装的一个microSD卡我认为在特殊的SD卡的API基地的读写操作内智能卡的一种特殊形式。这样的操作可能会或可能不会在Android上是可用的没有root权限。
As this is a special form of a Smart-Card encapsulated inside a microSD-card I assume that the API bases on special SD-Card read and write operations. Such operation may or may not be usable on Android without root access.
这取决于一定的执行API的。通常这样的microSD卡已经自带了Android库(因为它是最开放的相关移动平台)从供应商。你应该问那里获得更多信息。
That depends on the certain implementation of the API. Usually such a microSD card already comes with Android libraries (as it is the most open relevant mobile platform) from the vendor. You should ask there for getting more information.
这篇关于Android的SSL使用智能卡通过PKCS#11的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
