On 23.03.2006, at 4:04, Shawn Willden wrote:
To clarify: Given that users will refuse to re-enter their PIN
hundreds of
times every day, using the approach mentioned by David Corcoran to
address
the multi-user access issue means that some higher-level mechanism
must be
implemented to cache the PIN so that each time the application
needs to
perform a PIN-protected operation it can re-present the PIN. If many
different user-level applications use the smart card, then it's
necessary to
either have each of them cache the PIN (requiring the user to enter
the PIN
once per application) or else create some sort of a PIN-caching
daemon which
they all connect to. More likely, it would become the smart card
interface
daemon. That's unwieldy and also requires the PIN to be kept
around in RAM
all the time, which is uncomfortable from a security perspective
(though not
fatal).
Another sidenote:
Many eID cards have to keys and thus two pins: one for
authentication, one for digital signature.
The card in .ee (800 000 cards handed out to folks) does it this way.
The authentication key requires a pin
only once and one can use the key untill you remove or reset the
card. Digital signature key requires a pin for every operation. This
is enforced on the card.
Then there are CSP-s, where as a CSP works much like a 'smart card
daemon'. Especially on OS X, where the CDSA subsystem uses a 'tokend'
daemon that is responsible for card communication, and is 'the
application'. Tokend talks to the CDSA subsystem that is responsible
for everything crypto on os x.
For cryptographic operations this is the right way, as applications
don't have to know from where exactly the signatures come from or
operations are done, they just 'talk to cdsa'
If you add a pinpad reader, it still works (though pinpad support on
os x does not exist currently, AFAIK)
as you enter your pin once for the authentication key when you insert
your card / access it for the first time,
the internal state of the card becomes 'authenticated' and CDSA takes
care of stuff like restricting access to the once authenticated card
to processes of only a single user and so on. No pin cache, you enter
a pin only once.
The concept of having applications talking directly to smartcards or
having to deal with 'smart card centric pkcs#11 issues' is, at least
for generic cryptocards and eID cards, IMHO a stupid design.
Of course, i can not talk about more compicated smartcard
applications and setups.
--
Martin Paljak / [EMAIL PROTECTED]
martin.paljak.pri.ee / ideelabor.ee
+372 515 64 95
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
