I have gone thru some lines of code and found that
(1) We can protect the 'update' access condition of the PK using a secret key(only).
Protection of the file by a secret code(s) is not possible(as of now). 'Read' access
conditions are not covered for obvious reasons. The createGeneratedPublicKeyFile() of
class GPKKeyManagementService needs a facelift.
Hence, in the line of code <kms.createGeneratedPublicKeyFile(generatedKeyFile,
ef_PINFile);>, if we replace ef_PINFile(I believe this is a secret code file) with a
secret key file, things might work.
(2) Also it looks like 'pin protection for the usage of private key' is not
implemented. The constructor of GPKRSAKeyFile needs to be modified to include this
feature.
I will try to put this in the concerned ears, and hope to get a quick solution.
----------
The wireless telegraph is not difficult to understand. The
ordinary telegraph is like a very long cat. You pull the tail in
New York, and it meows in Los Angeles. The wireless is the same,
only without the cat.
>-----Original Message-----
>From: Karl Scheibelhofer [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, July 12, 2000 9:21 PM
>To: OpenCard Mailingliste
>Subject: FW: [OCF] RSA/DSA key & secret codes
>
>
>-----Original Message-----
>From: Karl Scheibelhofer [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, July 12, 2000 12:38 PM
>To: Bartek Paszkowski
>Subject: RE: [OCF] RSA/DSA key & secret codes
>
>
>> I got stuck with a little problem: how to protect RSA/DSA keys by
>> a secret code? I use:
>>
>> kms.createGeneratedPublicKeyFile(generatedKeyFile, ef_PINFile);
>> kgs.generateKeyPair(null, generatedKeyFile, -1, null);
>>
>> where:
>> -> generatedKeyFile = new GPKSignatureUnwrapKeyFile(ef_RSAKey,
>> 1024, GPKRSAKeyFile.CERTIFIED_KEY);
>> ->ef_RSAKey & ef_PINFile = new CardFilePath(``:0200 : ...``);
>>
>> and it doesn't work (the key is not even created, there are no
>> any exceptions!).
>
>i have the same problem. the reason is:
>the GPK card services do not implement this feature. you cannot protect
>public key files with a secret code using the current GPK services. i
>suggested this improvement to gemplus serveral weeks ago.
>the development of the GPK card services did not make any progress for
>several months. i had contact to a developer there, but he
>switched to an
>other department. i tried to contact the people responsible now.
>unfortunately they didn't even answer my mails.
>the GPK services would really need several improvements and
>i'd like to make
>several suggestions. perhaps someone of the people from
>gemplus follows this
>mailing list.
>
>best regards
>
> Karl Scheibelhofer
>
>--
>
>Karl Scheibelhofer, <mailto:[EMAIL PROTECTED]>
>Institute for Applied Information Processing and Communications (IAIK)
>at Technical University of Graz, Austria, http://www.iaik.at
>Phone: (+43) (316) 873-5540
>
>
>
>---
>> Visit the OpenCard web site at http://www.opencard.org/ for more
>> information on OpenCard---binaries, source code, documents.
>> This list is being archived at
http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
