> CIE does not use "Secure Channel" implementation by means of secure > messaging, at least not for normal use of the card (which carries only > Authentication Certificates and not Non-Repudiation, so it is not used > to create legally binding Electronic Signatures).
> The version in trunk is covering only that use of the card (https client > auth for instance), and in fact Emanuele took away SM implementation >that Viktor Tarasov is implementing in a general way. > I'm very curious about SM in DNIe , is it used in normal operations by > the card holder (passing PIN, PKCS1 encryption) ? Yes. > In that case, SM uses symmetric cryptograpy? > And how SM static key > distribution problem was solved? Well, there are two ways: - For normal operations , a public/private key pair is stored in the library file. It's stupid, I agree. Moreover, the Spanish DGP (DNIe issuer) wants to keep keys secret... but everyone knows them and there are several programs to extract keys from binary files - Some special operations (i.e. change pin) requires a SSL connection to DGP to get encrypted apdu comands to open special channel with the card. these operations are not supported by dnie opensc code. AFAIK these methods are standard and defined in several documents (no links now, sorry) So yes, as the italian case SM keys "are embedded in the middleware" Juan Antonio
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
