Le mercredi 07 janvier 2004 � 20:37:07, Roberto Gassira' a �crit:The motivations are :
I think that there are a lot of reason to implement a communication channel with smart card in kernel mode.
An example is:
have you ever tried to write any kernel service that uses smart card to store cryptographics keys with a userland lib or framework?
What's the problem with the manipulation of keys in userland?
As far as I know the kernel part of IPSec get its keys from user land programs for example.
Your motivation for doing like this is for security or because of an implementation constraint?
Regards,
- Security, because a secure kernel service, that uses smart card as key storage, shouldn't exchange data
with an untrusted environment as the userland one.
An example is the WLF project (http://libeccio.dia.unisa.it/wlf/) for the run-time integrity check of executables
that uses as repository a smart card for the keys.
- Implementation constraint, because using other frameworks from kernel space is difficult. There are
a lot of solutions, but Smartk provides the easiest one.
Moreover, Smartk is fast, lite and small.
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
