The applet does now support all cipher and signature algorithms of Java Card 2.2, that means RSA, DES, AES, DSA, EC.
Garbage Collection is supported for keys, signatures and ciphers, but at installation time this unfortunately consumes more memory than the static allocation of all necessary objects and it is not possible to enable all features. Hopefully this can be programmed more efficiently. Maximal size with all features is now over 22 kb. The applet now also support key policies like Peter Williams the last time proposed. Read this and give your comments: http://www.inf.tu-dresden.de/~ko189283/MuscleCard/MCardAppletChanges.html The applet is there: http://www.inf.tu-dresden.de/~ko189283/MuscleCard/ What is not done: 1.) Card data encryption Should the encryption of data stored on the card be possible? The transparent encryption can be done if the PIN is used also as key. But is this necessary? If the PIN is stolen, also the data is revealed. How secure is the storage in a smart card? A supplied other key from the outer world would introduce the problem, that this key must be available together with the PIN. This can limit the mobility. For objects the decryption on the card can be problematic because at least as much free space is needed for the decrypted data. This may not be always possible. 2.) Secure Channel support Open Platform / GlobalPlatform support by the applet. Secure channels are possible with this. But for this a Security Domain on the card must be established. Maybe for some operations the secured transmission can be required. For this the plug-in must execute a additional mutual authentication and encrypt and authenticate all data. Another possibility would be the use of the KeyAgreement support by Java Card. This is only supported by card with EC support. I don't have the overview if the API allows this easily. 3.) Renaming of objects Key, objects, ... could be renamed. E.g. If a key has number 5 is in the way and should be renamed to number 7. Useful? But this would probably mean an introduction of new API functions. 4.) Change of ACLs of objects and keys New API function would be necessary. 5.) Support of hash functions Hashes could be generated by the card. Necessary? Karsten _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
