Il giorno gio, 18/10/2007 alle 14.37 +0000, Franz Brandl ha scritto: > that would correspond to the "unsafe environment" configuration of the > Austrian Citizen Card. However, this card may alternatively operate in > an "safe environment" mode where it does not require SM to use the > private signature key.
This sounds to me as "Trusted" and "Untrusted" environment in CWA 14890: ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf (8.2 Authentication environments) Are you referring to the same concept? > > Is it possible that the Italians require SM to be used for secure > signature in any case ? That would IMO dramatically reduce the > usability of the card (or the security of the SM key if it is spread > towards lots of signature applications) ... I think so; by the way, what "trusted environment" usage scenario do you see for a smart-card? The big problem in Italian actual CNS IMHO is not SM, but the way (pre-shared simmetric key) it is implemented. Roberto. > > Brandy > > > There is some access condition on the private key corresponding to > the > > 'qualified certificate'. That access condition refers to a SM BSO. > That SM > > BSO contains a secret symmetric key. you need to know that symmetric > key in > > order to make signatures with the qualified certificate. > > _______________________________________________ > > opensc-devel mailing list > > opensc-devel@lists.opensc-project.org > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > ______________________________________________________________________ > Explore the seven wonders of the world Learn more! > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
