Patrick Valsecchi wrote:
>
>
> I don't have to store each signature of each bin into the smartcard. I won't
> have enough RAM for that! I'll store inside each executable and library the
> signed crypto hash. The kernel will check if the crypto hash is still the same
> and the smartcard will just check if the signature of the crypto hash.
>
I'm curious as to why the smartcard is being used for the crypto
verification as opposed to the boot-loader and subsequently the
executable loader. They might for example have a hard coded public key
or some root CA depending on how sophisticated you want to be. You of
course have to be very careful that the public key or certificate cannot
be replaced.
If there is some reason to use a smart card then that also has to be
handled carefully, otherwise someone could just replace it with
something that either always returns successful (for any signature) or
allows other (known) keys to sign the executables.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
