Anyone willing to spend a day implementing the scheme I mentioned, or any variety, can tryout a new php/openssl CA we recently finished. its designed for massive, batch-based, cert issuing, based on mysql, php and mysql. It uses HTTP 1.1 forward caching as its technique for distributing certs to muscle users, one per hour as RSA keys rollover. The concept is an experiment in using chat relay theories - for mass distribution of critical realtime information over flaky relay channels
2 conditions:
(a) you have to donate results of the the 1 days work on openssl/muscle card integration to muscle; you must solve the cleartext private key problem, using any technique you like.
(b) you have to donate your experience of building the php/openssl/msql CA to the public domain, so I can figure how to package this work suitably for a future open source project.
Peter.
From: Carl Youngblood <[EMAIL PROTECTED]> Reply-To: MUSCLE <[EMAIL PROTECTED]> To: MUSCLE <[EMAIL PROTECTED]> Subject: Re: [Muscle] XCard documentation? Date: Thu, 06 May 2004 10:52:44 -0700
Peter Williams wrote:
Come on, folks. Dont give in to cleartext private keys.
Have openssl generate a cert, any cert. Use the cardedge to move the cert DER into an alloced region of the muscle's applet memory manager. Dont even decode the DER. At fixed byte offsets (use openssl to produce, its a pretty print option) for public key p, and sig s, insert the fixed size public key blob @p, then use the existing hash and signature methods on the EEPROM buffer to generate the cryptogram and overwrite the existing signature bytes @s. Output result via cardedge to the PC, and feed in to openssl -req -arg=use-certtemplate-not-PKCS#10
The applet really doesnt have to do very much it cannot already do: all that it needs to know is the offsets of the public and signature X.509 fields in the DER encoding. Everything else is there. Worry about generalization of key lengths and algs options later. Just do sha1WithRSA and 768bit RSA for now.
This sounds like a better way to do it, but I'm very much a novice when it comes to smartcards. I just barely got all the musclecard layers working with my reader. Would you mind providing a more detailed list of instructions for how do each of the steps you mentioned? Are there command-line utils that will allow me to do all this, or do I need to write some code? (I know I'll have to do it eventually, but I just want a simple solution that will get me up and running right now.)
Thanks, Carl << smime.p7s >> _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
