Hello,
Thanks for your answer. The IAIK toolkit seems very interesting, though I
haven't taken the time to try it yet.
Could you give me any links to this VCAD you mentioned? I couldn't find it on my
usual search engines.
About the applet security issue, I intend to use the Java plug-in from Sun, so
that I can use Java 1.2 classes and also standardize the JVM in all supported
browsers (I think most of the browsers used are supported by Sun's plug-in). I
intend to have my applets signed as I believe this makes things easier. Maybe
the browser owner will have to set up something manually, like permissions, but
I don't know exactly how to manage that yet.
Let's see how it evolves.
Regards,
Douglas
[EMAIL PROTECTED]
05/10/2000 21:40
To: Douglas Atique/BR/ABNAMRO/NL@ABNAMRO
cc:
Subject: Re: [OCF] Certificate requests
Hello,
Have you thought about the other security implications, i.e., an applet
requiring access to a client file? (namely the opencard.properties file) I
am just experimenting at the moment, so i decided to avoid this applet
security problem until my next phase. I know that there is a way around
this, there have been a number of questions relating specifically to this,
with mention to the java.policy file.
At another site, http://jcewww.iaik.tu-graz.ac.at/, you can purchase a Java
Cryptography Extension that has a lot of cryptographic and X.509 classes.
They have evaluation copies too, so you can decide whether you actually need
the extension.
Also, I would look up the VCAD work that was done at a university in Israel.
Although this does not have everything that you would need, it gives a nice
introduction to the architecture. But it seems that you might have your head
around this one already. They include references to the stokebroker demo
(demostrates setting up certificate on card and retrieving from card - keep
in mind that they replace a smartcard with a diskette - but the concept is
the same).
I hope that this is of some help to you. Let me know how you get on with the
java applet security issue. You might save me a large headache in a couple
of months.
Regards,
Robyn
>From: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: [OCF] Certificate requests
>Date: Thu, 5 Oct 2000 13:23:07 -0300
>
>
>
>
>Hi, folks.
>I am new to OCF and smart cards, but I already have a big assignment on
>them. I
>am trying to devise a process in which a client receives an empty smart
>card and
>"initializes" his/her card through the Internet on a server. The idea is
>that a
>web page downloads an applet on the client and the applet generates (or
>asks the
>card to generate) a key pair (if the card generates it, better) and the
>applet
>generates a PKCS#10 CSR (certificate signing request) and sends it to the
>server
>to sign. Then the server signs it and returns a complete certificate that
>the
>applet asks the card to store.
>The problem is, the Java 1.2.2 APIs don't seem to have anything similar to
>a CSR
>class or generator. I think I saw something about a sun.security package
>that
>would have it. Also keytool can do it on a command line, but I would rather
>do
>it inside the applet. I am coming to the conclusion that I will have to
>create a
>CSR "by hand", i.e. following the PKCS#10 recipe, and ASN.1 DER seems so
>complicated! Any help appreciated. Also please point out any security flaws
>anyone sees in the process.
>Regards,
>Douglas
>
>
>
>
>---
> > Visit the OpenCard web site at http://www.opencard.org/ for more
> > information on OpenCard---binaries, source code, documents.
> > This list is being archived at http://www.opencard.org/archive/opencard/
>
>! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
>! to
>! [EMAIL PROTECTED]
>! containing the word
>! unsubscribe
>! in the body.
>
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
