Hi Lewis. Thanks for your reply.
I agree with what you say. My trouble comes from the fact that the public key
and private key validation processes are quite different, although the OCF
signatures are similar.
In the case of the public key validation, I guess the goal is to verify a
certificate (byteInfo) with the help of a certification authority public key on
the card (the validation key). Once a public key is certified on a Gemplus GPK
card, it can be used for crypto operations.
In the case of the private key validation, who signed the private key ? What's
more, does it make sense to validate a private key ? It can't be certified on a
GPK card.
Dominique
-----Original Message-----
From: Lewis McCarthy <[EMAIL PROTECTED]>
Sent: mardi 27 juillet 1999 20:37
To: DOMINIQUE MOREL
Cc: [EMAIL PROTECTED]
Subject: Re: [OCF] KeyImportCardService
Hi Dominique and all,
> has anyone implemented the KeyImportCardService interface ?
IBM has implemented the KeyImportCardService interface for their
Multi-Function Cards (MFCs). Their implementing class
MFCKeyImportService comes as part of the export-restricted
packages available for download from the OCF website.
I'm not aware of other implementations but would be interested
to hear of them.
> I can't see how to
> implement the importAndValidatePrivateKey method, since I don't know what
means
> the validation of a private key.
To establish trust in the incoming private key, the smartcard
uses a public key on the card to verify a signature computed over
the private key to be imported. (Presumably the private signing
key is already trusted, e.g. because it's part of a keypair
generated on the card.) The parameters of
importAndValidatePrivateKey() allow specification of:
* the destination card storage location for the private key (iff
the validation succeeds)
* the private key to be imported
* the signature value
* the card storage location of the public key to be used for
verifying the signature
I'm not certain of the interpretation of the keyInfo parameter.
My assumption is that it should correspond to the value of
key.getEncoded(), and further that the signature is computed over
keyInfo.
Regards
-Lewis
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
----------------------------------------------------------------
INFORMATION AUTOMATIC VIRUS CHECK (GEMPLUS) No virus known.
----------------------------------------------------------------
----------------------------------------------------------------
INFORMATION AUTOMATIC VIRUS CHECK (GEMPLUS) No virus known.
----------------------------------------------------------------
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
