At 23:47 11/03/2008 +0100, you wrote:
Amanda Ortega schrieb:
I have created two pairs of keys:
- Putting 0x0000 for all the ACLs (private key 0 and public key 2);
- Putting the ACLs recommended by muscleTools when creating the keys
(private key 1 and public key 3).
The ACL for private keys should disallow at least read, only the usage
should be allowed by PIN. Like RSA PRIVATE CRT 1 1024 in your
list. For the public key the settings in RSA PUBLIC 3 1024 are OK.
hmmm, for debug purposes when the applet / tool fail to perform the encrypt
operation, being able to read the components of the private key would be
very usefull.
you are right that a live card should not be settled this way.
Where can I obtain a documentation about the meaning of the ACLs?
It is a 16 bit mask. 0xFFFF means nobody can do it, 0x0000 always. Or I
have mixed it the wrong way. Every bit in the 16 bit mask is for the PIN
required to operate on the key, e.g. 0x0001 would allow PIN 1 to operate.
incorrect, only the 8 lower bits are used by PIN id '0' to '7'
the high bits (8 to 15) are used by "strong authentication", ie INS 38h
(external authenticate) for which the applet 0.9.8 throws an exception
9C05h (something like feature not supported), so with that (official ?)
applet bits 8 to 15 are never used.
Sylvain.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
