Peter Williams wrote:
(a) Its quite appropriate for a crypto interface to decode the cert,
verify its signature and chain of control, and then store components on
the javacard for use within the card's crypto boundary. Verify cert
control data once, trust the card n times during protocol runs to
perform signature verifications based on trusted parameters in the
objects.
That would be appropriate if the device were not portable and removable.
Unfortunately, you may never count on the card in the terminal being
the same on which the (verified) cert information was stored into, thus,
from the standpoint of certs, the host-system (IMHO) should always
verify certs (along the chain, if necessary). The only information the
host can rely on is the information needed for verification of certs
and signatures for the CA, i.e. the root PK cert. This does not mean the
card is acting merely as a file-store: it is the only device in the
world knowing (and being able to use) the private key, of course !
If you authenticate the device with a crypto challenge-response before
any use, the music changes ....
Due to the lack of RSA-digesting in the original MuscleCard Applet, I'd
like to know if anyone developed that piece of code. If yes, please tell
me where I can find it. If not, I would make this (very little) update
to the Applet.
Also, did anyone make useful changes to the Applet that were not (yet)
posted on this list ?
Bye,
T.
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
