Thanks Sébastien and everyone else who is participating!
Sébastien Lorquet <[email protected]> wrote:
the muscle applet is for global platform javacards right? Then about the GP secure channel already implemented (org.globalplatform.SecureChannel org.globalplatform.GPSystem.getSecureChannel() ) in these cards for secure messaging? it provides a mac+tdes encryption. also, writing
a
software implementation is not difficult, if needed (to use other keys than SD's ones)
I think secure messaging could work well (I'm still trying to understand all the mechanisms involved in it).
But, if I'm not mistaken, secure messaging involves the existence of pre-shared keys. They can be symmetric (3DES), or assymetric (RSA) + Diffie-Hellman parameters to establish the session keys. So, this could be a bit of a hassle for users? I.e. the middleware would have to know/generate these keys, etc.
sebastien ps: the muscle applet also support strong authentication with a challenge/response exchange. A 128 bits TDES key can be seen as a 16-character PIN, that can be right padded with zeroes or other if needed. what do you think of this?
It's an idea, but what are the security implications of just zero padding a PIN? It's an honest question :)
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
