Thanks Karsten, I really appreciate your detailed explanations. Now let me inform you:
JCOP21id cards that we have are 32kB EEPROM. They fully support Garbage collection. The card has FIPS 140-2 certified version of the BlueZ PKCS#15 application included in ROM mask (so the complete EEPROM space remains free for application use). For this PKCS#15 version, some restrictions apply but I won't write all of this to you now because it is all well described in http://www.zurich.ibm.com/jcop/download/specs/BlueZ-PKCS15.pdf. I shall only mention that the main restriction is that any read, update and erase operations on secret or private key files are only allowed if secure messaging is used. The complete secure messaging protocol is explained in chapter 12 of this pdf and all the cryptographic operations for secure messaging are as defined in Open Platform. During my opensc testing, I have successfully sent some of sm required commands thanks to help of Chaskiel Grundman. The main reason I went to opensc is the CSP11 open source project that is using opensc PKCS#11 library (but it could use some other PKCS#11 library as the Muscle one for example). I know there is CSP for Muscle but this is not open source so I can not use it... regards, dejan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karsten Ohme Sent: Tuesday, August 23, 2005 6:43 PM To: MUSCLE Subject: Re: [Muscle] JCOP21id with secure messaging support Gambin Dejan wrote: > Thanks Karsten, > > The thing is, I am not too much familiar with MUSCLE, we were using > opensc in a project to test smartcard enabled PKI applications so we > need to hold the certificates with the keypair on the card. Also, we > were using javacard based cards because of future needs of building > javacard applications on it. Before the test we have bought a number > of JCOP21id cards but they are not fully supported because of secure > messaging requirement. Read this: http://www.inf.tu-dresden.de/~ko189283/MuscleCard/MuscleCardArticle.html > > So I just wanted to know if maybe this is supported in Muscle to help > me implement it in opensc or maybe to make me go to Muscle. What are > the main differences between the Muscle and opensc? I have heard > Muscle has some limitations regarding my "cryptograhic needs"? Sorry > to bother you... http://www.inf.tu-dresden.de/~ko189283/MuscleCard/MCardAppletChanges.htm l I don't know how fast you need a solution, but this will be ready in some time. (The Garbage Collection does not work at the moment, aside from this everything is functional.) Look in the section ComputeCrypt to see the supported cipher and signature algorithms. Also the rest should give an insight what the applet can do. Look in the section TODO, where I propose another solution instead the OpenPlatform Secure Channel protocol. Elliptic Curves is also still missing. With some time I will include the code, but I know no card, which supports EC. But, obey, how much memory does the JCOP21id card have? Does it support Garbage Collection? Because of the memory limitation it will not be possible to allow all algorithms. Karsten > > thanks very much > > regards > > dejan gambin > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Karsten Ohme > Sent: Monday, August 22, 2005 11:14 PM > To: MUSCLE > Subject: Re: [Muscle] JCOP21id with secure messaging support > > > Gambin Dejan wrote: > >>Hi, >> >>would like to know if JCOP21id is fully supported by Muscle regarding >>the secure messaging/channel requirement? Is this protocol implemented > > >>in Muscle? If it is, where in the code? > > > No. > > >>I have a number of JCOP21id cards that I need to fully suport. > > > What is your task? > > You want to use the secure channels? What means need? Is the integrity > and confidentiality really important? Is the card user the same like the > > card issuer (Else this does not work, because the user has access to > the > > secret keys of the card issuer and can install untrusted applications. > Aside from this, this means that the user has to enter every time these > secret keys or at least a pass phrase for the encryption of the keys (if > > these keys are stored encrypt on a media) (storing this keys in plain > text would violate any idea of this system.) at each computer system. At > > the keyboard. In an untrusted environment the system knows the keys > and > the whole secure channel system is broken ...) > > If you are adept with this technology then you certainly know all the > above things and an adaption of MuscleCard is possible. > > Karsten > > >>thanks very much >> >>regards, dejan >> >>_______________________________________________ >>Muscle mailing list >>[email protected] >>http://lists.drizzle.com/mailman/listinfo/muscle > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
