At 11:33 PM 6/16/2009, Daniel Benoy wrote: >So the card user could put an applet on the card that used up all the >space, and that would be bad for the card issuer? Are there any other >reasons a business would keep their key secret?
Say you insert your card into a hacked machine. Hacked machine erases your company's applet and your keys. Card is useless. Hacked machine "TERMINATES" your card (see GlobalPlatform specs). Card is useless. You start hacking on the card and accidentally delete the company applet and your cert - company has to go through the process of re-issuing which is time and money. You claim the card is lost - company reissues you a new one, but you erase and repurpose the card. 100 unissued cards are stolen from the company locker and erased, sold and repurposed. The keys are a way of locking the card to the issuers purpose. They impose policy on the end user that the end user can't defeat. Mike >Can you download applet code? I guess that would be a good reason. > >On Wed, 2009-06-17 at 02:40 +0200, Sébastien Lorquet wrote: >> That's not cruel, that's a business and security practice: imagine >> that card free space is sorta "rented" by card owners to application >> providers :-) >> And allowing to install evil applications on already issued cards is >> always a bad thing, even if it cannot harm other on-card >> applications : There's an applet firewall that enforces strict data >> sharing rules, who usually prevent any bit to cross application >> boundaries! >> >> Sebastien >> >> On Wed, Jun 17, 2009 at 1:30 AM, Daniel Benoy <[email protected]> >> wrote: >> Great, thanks for the reply :) I've been googling all over, >> but I >> couldn't really find an explanation for this basic question. >> For some >> reason that baffles me, smart cards aren't popular even among >> the nerdy >> community :p >> >> So, would I be correct in saying that you get no security >> benefit from >> changing the issuer domain key, except that whoever gets your >> card would >> be unable to use it for their own stuff? That actually sounds >> like a >> cruel 'feature', to poison the cards against competitors. >> (Prevent me >> from wiping out my visa card and installing MuscleCard on it, >> for >> example :p) >> >> I suppose perhaps there's some hypothetical scenario, though, >> where >> someone could secretly take your card, and install some >> malicious >> program on it, which stores their pin or otherwise does >> something >> tricky... Hm. >> >> >> On Tue, 2009-06-16 at 23:11 +0200, Sébastien Lorquet wrote: >> > Hi, >> > >> > GP keys are used to manage the card contents, ie add/remove >> applets >> > and packages. >> > >> > The worst an attacker can do is remove the applet instance >> along with >> > its data and reinstanciate it. But data allocated in the >> applet is >> > never readable from the outside, otherwise banks would not >> use chip >> > credit cards :-) >> > >> > You current keys are probably >> 404142434445464748494A4B4C4D4E4F, like >> > all development cyberflex cards :) >> > So they're not really secret until you change them using the >> PUT KEY >> > command. >> > but don't forget to write them down somwewhere in a secure >> place :-) >> > >> > In general if the card is for you only, you don't need to >> change the >> > security domain keys. >> > >> > Regards, >> > Sebastien >> > >> >> > _______________________________________________ >> > Muscle mailing list >> > [email protected] >> > http://lists.drizzle.com/mailman/listinfo/muscle >> >> _______________________________________________ >> Muscle mailing list >> [email protected] >> http://lists.drizzle.com/mailman/listinfo/muscle >> >> >> _______________________________________________ >> Muscle mailing list >> [email protected] >> http://lists.drizzle.com/mailman/listinfo/muscle > > >_______________________________________________ >Muscle mailing list >[email protected] >http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
