Il giorno mer, 08/09/2010 alle 22.26 +0200, jons...@terra.es ha scritto: ... > > I'm very curious about SM in DNIe , is it used in normal operations > by > > the card holder (passing PIN, PKCS1 encryption) ? > Yes.
Ok, the same happens for italian CNS cards. > > In that case, SM uses symmetric cryptograpy? > > And how SM static key > > distribution problem was solved? > > Well, there are two ways: > - For normal operations , a public/private key pair is stored in the > library file. > It's stupid, I agree. Moreover, the Spanish DGP (DNIe issuer) wants to > keep > keys secret... but everyone knows them and there are several programs > to extract > keys from binary files So, no symmetric keys in middleware, i guess that encryption keys are negotiated each session. I stress that in the italian CNS case the same *symmetric* encryption SM keys present on the card are released along with the libraries, so no chance to change them. In the spanish case there is one more level of indirection; in theory, public and private keys for SM in DNIe could be released on a per-user basis. This is clearly not possible in CNS case. > - Some special operations (i.e. change pin) requires a SSL connection > to > DGP to get encrypted apdu comands to open special channel with the > card. > these operations are not supported by dnie opensc code. > > AFAIK these methods are standard and defined in several documents > (no links now, sorry) > > So yes, as the italian case SM keys "are embedded in the middleware" The keys for generating them, if understand well, not the keys themselves; the italian situation is worse. Many thanks for these informations! bye, rob _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
