Peter Williams wrote:
Come on, folks. Dont give in to cleartext private keys.
Have openssl generate a cert, any cert. Use the cardedge to move the cert DER into an alloced region of the muscle's applet memory manager. Dont even decode the DER. At fixed byte offsets (use openssl to produce, its a pretty print option) for public key p, and sig s, insert the fixed size public key blob @p, then use the existing hash and signature methods on the EEPROM buffer to generate the cryptogram and overwrite the existing signature bytes @s. Output result via cardedge to the PC, and feed in to openssl -req -arg=use-certtemplate-not-PKCS#10
The applet really doesnt have to do very much it cannot already do: all that it needs to know is the offsets of the public and signature X.509 fields in the DER encoding. Everything else is there. Worry about generalization of key lengths and algs options later. Just do sha1WithRSA and 768bit RSA for now.
This sounds like a better way to do it, but I'm very much a novice when it comes to smartcards. I just barely got all the musclecard layers working with my reader. Would you mind providing a more detailed list of instructions for how do each of the steps you mentioned? Are there command-line utils that will allow me to do all this, or do I need to write some code? (I know I'll have to do it eventually, but I just want a simple solution that will get me up and running right now.)
Thanks, Carl
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
