Hi Pedro, there are several different ways to implement secure messaging. One path is the JavaCard SCP01, SCP02 and SCP03 suite of protocols, the other path are the ISO 7816-4 based secure messaging implementations. The later are mainly used in native card operating systems, signature cards and machine readable travel documents (Basic Access Control).
A good explanation of ISO secure messaging can be found in the CWA 18490 [1]. We've done an implementation for the OpenCard Framework (OCF) which can be found at [2]. Look at the IsoSecureChannel class. Andreas [1] ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf [2] http://www.openscdp.org/ocf/api/index.html Joao Pedro schrieb: > Hi all, > > I hope these are the correct mailing lists to discuss this matter. > (opensc-devel and muscle). > > I would like to implement secure messaging in the Muscle applet (and > OpenSC) when I have a little available time. > > Are there any good resources (books, documents, etc.) that explain how > to implement it? > > I understand that there are three modes of "operation": MAC; > Encryption; Mac + Encryption. > > Apparently there is also two methods of establishing the secure channel: > > 1. Using pre-shared symmetric keys (3DES); > 2. Using Diffie-Hellman to establish the keys and certificates to > authenticate both parties (I suppose in order to defeat possible > man-in-the-middle attacks). > > By the way, is there any way to establish a secure session without > mutual authentication. Could I just talk to the applet and use > Diffie-Hellman and a Certificate present on the card to establish the > keys and the applet's authenticity? I.e.: "applet authentication". > > Thank you, > Joao > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 171 8334920 --------- http://www.cardcontact.de _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
