Re: [Muscle] re: X509Certificate (and PGP certs) on Muscle Tokens

Mon, 26 Jul 2004 12:15:41 -0700

The tool looks like muscletool. It just stringifies the indication coming through the Muscle API.

The extra objects remind me of similar objects on the Fortezza cards - objects than are used in NSA's card (and now presumably ICC) provisioning system and local CA (whose name has probably changed, for the nth time).


From: Todd Denniston <[EMAIL PROTECTED]>
Reply-To: MUSCLE <[EMAIL PROTECTED]>
To: MUSCLE <[EMAIL PROTECTED]>, Vinnie Moscaritolo <[EMAIL PROTECTED]>
Subject: Re: [Muscle] re: X509Certificate (and PGP certs) on Muscle Tokens
Date: Mon, 26 Jul 2004 13:33:20 -0500

Vinnie,
Would you mind telling me what program(s) did you use to get the information
out of a CAC card below?
Was the CAC card one of the US DOD CAC cards (by active card or the later
Schlumberger), or from some other situation?

Thanks.

Vinnie Moscaritolo wrote on Tue, 18 May 2004 12:22:05 -0700:
> some notes on how the objects on card are managed.
> -----------
<SNIP>
> -----------------------------
>
> for example on a CAC card you will see the following:
>
>    ID     Size   READ     WRITE   DELETE
>    -----  -----  ------   ------  ------
>    C3     672    ALWAYS   NEVER   NEVER
>    C5     672    ALWAYS   NEVER   NEVER
>    C7     641    ALWAYS   NEVER   NEVER
>    c7     48     ALWAYS   NEVER   NEVER
>    c3     45     ALWAYS   NEVER   NEVER
>    c5     45     ALWAYS   NEVER   NEVER
>    k7     245    ALWAYS   NEVER   NEVER
>    k3     245    ALWAYS   NEVER   NEVER
>    k5     245    ALWAYS   NEVER   NEVER
> (some other stuff for PINS )
>
> MSCListKeys()
> Key  Type            Bits  mode   dir     READ    WRITE  USE
> ---  --------------  ----  ----   ----    ------  -----  ------
>    3  RSA Private     1024  0001   ---d    NEVER   NEVER  PIN #1
>    5  RSA Private     1024  0001   s---    NEVER   NEVER  PIN #1
>    7  RSA Private     1024  0001   s---    NEVER   NEVER  PIN #1
>
> c7 48 Bytes - p11 data
>   CKA_CERTIFICATE_TYPE  ( 4) :     0: 0000 0000
> ....
>   CKA_CLASS             ( 4) :     0: 0100 0000
> ....
>   CKA_LABEL             ( 8) :     0: 4964 656E 7469 7479
> Identity
>   CKA_ID                ( 1) :     0: 07
> .
> ----------
>
> c3 45 Bytes - p11 data
<SNIP>
> ----------
>
> CAC Notes:
> 1)   C3, C5, C7 will be the approp x.509 certs
>
> 2)  you will have to get the CKA_MODULUS  from the certs,
>         since the  k3,k5 and k7 objects will read zero...
>
> 3)  CKA_CLASS is byte wrong endian on CAC cards it seems, something to
> do with Mozilla bug..
> ------------

--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle



_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to