Hi. I recently bought some cards which use GlobalPlatform (Cyberflex 64k v2) I've already found instructions on your mailing list to install muscle on these exact model of cards, and that's what I intend to do.
I've noticed that GlobalPlatform requires the establishment of a secure channel in order to modify applications on the card, which uses a key. If this key is known to some other party who got ahold of my card, or accessed my computer with the card in my drive, what would they be able to do? Is it strictly used for managing which applets are on the card? Would they be able to extract my private keys from muscle? I would prefer it if a private key stored by muscle was permanently irretrievable, even by someone who holds the issuer domain key and can install/remove muscle or other applications. I want to have some measure of confidence that nobody could ever extract my private key. So my question is, should I change the issuer domain key after I'm done installing muscle?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
