Thank you very much for this information, Andreas!
Best regards,
Joao
Andreas Schwier <[email protected]> wrote:
Hi Pedro,
there are several different ways to implement secure messaging. One path
is the JavaCard SCP01, SCP02 and SCP03 suite of protocols, the other
path are the ISO 7816-4 based secure messaging implementations. The
later are mainly used in native card operating systems, signature cards
and machine readable travel documents (Basic Access Control).
A good explanation of ISO secure messaging can be found in the CWA 18490
[1]. We've done an implementation for the OpenCard Framework (OCF) which
can be found at [2]. Look at the IsoSecureChannel class.
Andreas
[1] ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf
[2] http://www.openscdp.org/ocf/api/index.html
Joao Pedro schrieb:
Hi all,
I hope these are the correct mailing lists to discuss this matter.
(opensc-devel and muscle).
I would like to implement secure messaging in the Muscle applet (and
OpenSC) when I have a little available time.
Are there any good resources (books, documents, etc.) that explain how
to implement it?
I understand that there are three modes of "operation": MAC;
Encryption; Mac + Encryption.
Apparently there is also two methods of establishing the secure channel:
1. Using pre-shared symmetric keys (3DES);
2. Using Diffie-Hellman to establish the keys and certificates to
authenticate both parties (I suppose in order to defeat possible
man-in-the-middle attacks).
By the way, is there any way to establish a secure session without
mutual authentication. Could I just talk to the applet and use
Diffie-Hellman and a Certificate present on the card to establish the
keys and the applet's authenticity? I.e.: "applet authentication".
Thank you,
Joao
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 171 8334920
--------- http://www.cardcontact.de
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
