Either way, its a day or less work for your average Indian PhD programmer. The last way would not require any modifications of the javacard applet, I suppose. Im just trained in secure device theory, so its hard for me to volunteer to make a crytodevice into a generic hash signer, without knowing whats its signing! I used to using signing for control purposes.
The problem is that the cryptodevice does not know what it signs in both methods. It does not matter if it signs the hash or the real data. Important is that the user knows what he signs. This depends on the document viewer being used. Ideally the document viewer would be included in the crypto device. So the user could be really sure what he is about to sign. A german university is currently developing such a device where the cryptodevice can control the monitor and keyboard. So the user can be sure no trojan lets him sign the wrong document.
As long as a cryptodevice has no included trusted viewer it is equally secure in my opinion if you sign a hash or real data.
best regards,
Christian
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
