Please see my reply below. All the card related explanations are for GPK...
Warm Regards
----------
Trust, but verify.
- Anonymous
>-----Original Message-----
>
>Hi, folks.
>I am new to OCF and smart cards, but I already have a big assignment on them. I
>am trying to devise a process in which a client receives an empty smart card and
>"initializes" his/her card through the Internet on a server. The idea is that a
>web page downloads an applet on the client and the applet generates (or asks the
>card to generate) a key pair (if the card generates it, better)
Possible. You can use OCF and GPK card to achieve this. The card has the capability to
generate keys 'onboard'.
>and the applet generates a PKCS#10 CSR (certificate signing request) and
>sends it to the server to sign. Then the server signs it and returns a complete
>certificate that the applet asks the card to store.
>The problem is, the Java 1.2.2 APIs don't seem to have anything similar to a CSR
>class or generator. I think I saw something about a sun.security package that
>would have it. Also keytool can do it on a command line, but I would rather do
>it inside the applet. I am coming to the conclusion that I will have to create a
>CSR "by hand", i.e. following the PKCS#10 recipe, and ASN.1 DER seems so complicated!
Yeah! You have to weave it(the CSR) by hand. There are a few ASN.1 libraries available
using which you can do it but yeah! it is tedious, I have tried it. I succeeded in
sending a request and obtaining a certificate, but I got stranded in signing some data
;-).
If you are looking for libraries, you can try the one which I used, and which can be
obtained from http://www.forge.com.au/products/crypto/forge-1_32.zip. I will leave the
license aspects to yourselves.
If you are looking ofr info on ASN.1 DER codings, a nice way to start is to read the
docs
(1) A Layman's Guide to a Subset of ASN.1, BER, and DER
(2) Some Examples of the PKCS Standards
from RSA which are very helpful.
>Any help appreciated. Also please point out any security flaws anyone sees in the
>process.
>Regards,
>Douglas
>
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
