Gambin Dejan wrote:
Thanks Karsten, I really appreciate your detailed explanations. Now let
me inform you:
JCOP21id cards that we have are 32kB EEPROM. They fully support Garbage
collection. The card has FIPS 140-2 certified version of the BlueZ
PKCS#15 application included in ROM mask (so the complete EEPROM space
remains free for application use). For this PKCS#15 version, some
restrictions apply but I won't write all of this to you now because it
is all well described in
http://www.zurich.ibm.com/jcop/download/specs/BlueZ-PKCS15.pdf. I shall
only mention that the main restriction is that any read, update and
erase operations on secret or private key files are only allowed if
secure messaging is used. The complete secure messaging protocol is
explained in chapter 12 of this pdf and all the cryptographic operations
for secure messaging are as defined in Open Platform.
Does IBM offer a PKCS#11 library implementing the connection to BlueZ?
The PKCS#11 solution uses the CardEgde applet. So you would not use
BlueZ. So you must decide for a design. The advantage of the CardEdge
applet is, that it is more flexible.
During my opensc testing, I have successfully sent some of sm required
commands thanks to help of Chaskiel Grundman. The main reason I went to
opensc is the CSP11 open source project that is using opensc PKCS#11
library (but it could use some other PKCS#11 library as the Muscle one
for example). I know there is CSP for Muscle but this is not open source
so I can not use it...
Yes this seems to be a reason to use OpenSC. A free solution is here
missing for MuscleCard. Would it be a solution to extend OpenSC to
support OpenPlatform? For OpenPlatform there is a free library
available, which should simplify the integration.
Karsten
regards, dejan
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karsten Ohme
Sent: Tuesday, August 23, 2005 6:43 PM
To: MUSCLE
Subject: Re: [Muscle] JCOP21id with secure messaging support
Gambin Dejan wrote:
Thanks Karsten,
The thing is, I am not too much familiar with MUSCLE, we were using
opensc in a project to test smartcard enabled PKI applications so we
need to hold the certificates with the keypair on the card. Also, we
were using javacard based cards because of future needs of building
javacard applications on it. Before the test we have bought a number
of JCOP21id cards but they are not fully supported because of secure
messaging requirement.
Read this:
http://www.inf.tu-dresden.de/~ko189283/MuscleCard/MuscleCardArticle.html
So I just wanted to know if maybe this is supported in Muscle to help
me implement it in opensc or maybe to make me go to Muscle. What are
the main differences between the Muscle and opensc? I have heard
Muscle has some limitations regarding my "cryptograhic needs"? Sorry
to bother you...
http://www.inf.tu-dresden.de/~ko189283/MuscleCard/MCardAppletChanges.htm
l
I don't know how fast you need a solution, but this will be ready in
some time. (The Garbage Collection does not work at the moment, aside
from this everything is functional.)
Look in the section ComputeCrypt to see the supported cipher and
signature algorithms. Also the rest should give an insight what the
applet can do.
Look in the section TODO, where I propose another solution instead the
OpenPlatform Secure Channel protocol.
Elliptic Curves is also still missing. With some time I will include the
code, but I know no card, which supports EC.
But, obey, how much memory does the JCOP21id card have? Does it support
Garbage Collection? Because of the memory limitation it will not be
possible to allow all algorithms.
Karsten
thanks very much
regards
dejan gambin
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karsten Ohme
Sent: Monday, August 22, 2005 11:14 PM
To: MUSCLE
Subject: Re: [Muscle] JCOP21id with secure messaging support
Gambin Dejan wrote:
Hi,
would like to know if JCOP21id is fully supported by Muscle regarding
the secure messaging/channel requirement? Is this protocol implemented
in Muscle? If it is, where in the code?
No.
I have a number of JCOP21id cards that I need to fully suport.
What is your task?
You want to use the secure channels? What means need? Is the integrity
and confidentiality really important? Is the card user the same like
the
card issuer (Else this does not work, because the user has access to
the
secret keys of the card issuer and can install untrusted applications.
Aside from this, this means that the user has to enter every time
these
secret keys or at least a pass phrase for the encryption of the keys
(if
these keys are stored encrypt on a media) (storing this keys in plain
text would violate any idea of this system.) at each computer system.
At
the keyboard. In an untrusted environment the system knows the keys
and
the whole secure channel system is broken ...)
If you are adept with this technology then you certainly know all the
above things and an adaption of MuscleCard is possible.
Karsten
thanks very much
regards, dejan
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
