Ismael Valladolid Torres wrote:
We're trying to add cryptographic support to GSM cards. What we're thinking is
> hacking some cryptographic application so it reads wirelessly its support
files
> from a card inserted in a mobile phone and registered into the network.
At first what we need is to make clear the scope where OpenSC is to be used and
> the scope where Musclecard is to be used.
OpenSC reports that it's to be used with "traditional" smartcards with a file
> system, and suggests to avoid Java enabled cards, as they don't have a
filesystem.
But OpenSC also provides a way to write your own emulation driver that will
emulate
the file system or selected files on a card. The files do not have to exist on
the card
and you emulator gets to intercept all requests. The NIST 800-73-1 PIV card
that I am
working on is an example. Most PIV card vendors are using Java cards with the
PIV applet
preloaded. 800-73 defines the AID and the commands the applet must respond to
which
are object based, not file based. The card-piv.c and pkcs15-piv.c
emulate a pkcs15 type file system with a fixed set of emulated files for the
certs,
pubkeys, prvkeys and data objects on the card. Pubkeys do not exist on the card,
the pubkey is obtained from the cert and emulated to look like there is a
pubkey file.
> But indeed GSM cards operators here are using are Java cards and do have a
filesystem.
> Only from Java Card 2.2.2 on a filesystem is excluded (this means AFAIK that
the package
> javacard.frameworkx is no longer available, am I right?)
You may not need to deal with Java. It depends in the applet on the card.
So OpenSC *could* be used with current GSM cards.
Moreover Musclecard reports being available to Java cards, which include current GSM cards.
> Does this mean Musclecard don't make use of the filesystem in any way?
Also, Musclecard implements PKCS #11 where OpenSC implements PKCS #15. What are the differences
> from a practical point of view between #11 and #15?
But OpenSC implements a PKCS#11 on top of the PKCS#15. The opensc-pkcs11.so
can be used
by Mozilla for example.
Also, is a cryptoprocessor in the smartcard needed for using also Musclecard
and OpenSC?
Yes and no. If private keys are stored on the smartcard such that they can not
be read off
the card, then to use them you must use the cryptoprocessor on the card. (That
is the
point of using a smartcard vs a memory card. You can't read the key, and thus
have to use
the card to respond to some authentication challenge in real time, thus proving
you
are in possession of the card.)
Summarizing: Given that we need cryptographic support into a current GSM Java card,
>should we go for OpenSC or for Musclecard?
Any ideas, comments or suggestions are welcome.
Cordially, Ismael
------------------------------------------------------------------------
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
