|
Take an example session object: the state of the
signing method, as 256 byte blocks of a 2Mb file are streamed through the
cryptomodule of one of the applet instances on the card..
In a javacard, the interim hash result created to
represent the current signing state is a session object stored in the flash; the
java APIs hides the value behind class and package -level acces controls, at
define time. But, the handle to that state may be public information, to be
signalled using PKCS11.
A more msc case is the IN and OUT objects - wihich
have mailbox semantics, in the cardedge communication protocol. The mailboxs are
stateful, and require syncrhonization. The OUT mailbox may, for example, store
an instance-generated nonce, for collection by the applet instance user and for
collection by the applet instance code. I'd expect this nonce to be handled as a
session object, in the sense of the original PKCS concept.
Note, that the PKCS design rule was that a user
with only read privileges may only create "public" session objects. If the
PKCS -model-complying token decides to offer a service for enumerating
public objects (including session objects), an anonymous user should be able to
list them. (This may mean listing their handles, rather than their values,
note).
Ill happily be a tester for a exe/a.out
simulator, with public or private feedback as desired. I have made a scripting
version of the muscleTool client on Windows, that talks socket protocol to my
own (heavy) simulator. Putting out a simple exe socket-based clients and an exe
socket-based simulators (with pre-installed, post-setup applet) would
promote adoption!
Peter.
----- Original Message -----
|
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
