David & Co:
The muscleCard applet for the JavaCard has an interesting, incomplete implementation
of one feature: KeyTries. When formatting the device, setup creates "maxtry" values
for each Key object, as if one would later test that attempts
to creat/import/? a key should occur within the trial allowance. No such verification
ever takes place, however: this control array is unused in the public code.
I do notice that another state management routine, also unused:
private void LoginStrongIdentity(byte key_nb);
Please, correct my assumption: the design allowed, and an earlier implementation
provided, for initializating and somehow presenting a symemtric key, such that one could
log in "Strongly" to the device, upon showing knowledge of and initialization
of a crypto key. Perhaps this was an implementation of the
secure messaging TOE function? Were there ever ACL checking routines
that checked for "strong logon", prior to allowing access to some APDU handlers?
Peter.
Get reliable dial-up Internet access now with our limited-time introductory offer. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
