Great, thanks for the reply :) I've been googling all over, but I couldn't really find an explanation for this basic question. For some reason that baffles me, smart cards aren't popular even among the nerdy community :p
So, would I be correct in saying that you get no security benefit from changing the issuer domain key, except that whoever gets your card would be unable to use it for their own stuff? That actually sounds like a cruel 'feature', to poison the cards against competitors. (Prevent me from wiping out my visa card and installing MuscleCard on it, for example :p) I suppose perhaps there's some hypothetical scenario, though, where someone could secretly take your card, and install some malicious program on it, which stores their pin or otherwise does something tricky... Hm. On Tue, 2009-06-16 at 23:11 +0200, Sébastien Lorquet wrote: > Hi, > > GP keys are used to manage the card contents, ie add/remove applets > and packages. > > The worst an attacker can do is remove the applet instance along with > its data and reinstanciate it. But data allocated in the applet is > never readable from the outside, otherwise banks would not use chip > credit cards :-) > > You current keys are probably 404142434445464748494A4B4C4D4E4F, like > all development cyberflex cards :) > So they're not really secret until you change them using the PUT KEY > command. > but don't forget to write them down somwewhere in a secure place :-) > > In general if the card is for you only, you don't need to change the > security domain keys. > > Regards, > Sebastien > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
