Re: NPAPI plugin use case: native chipcard reader

Hi guys, Sorry for being mute, I had to work on other stuff. To answer the questions: our current setup uses an NSAPI plugin to handle all the authentication stuff. PIN (as you have guessed) is only used to "open up" the chipcard, all the cryptography magic happens inside the card's chip. We

NPAPI plugin use case: native chipcard reader

Hi, We are working for a bank that implements a plugin for signing login and transactions in an e-banking solution. This is a key part of the application, it supports the three major browsers (FF and IE through npapi, Chrome through native messaging). When we investigated the problem

Re: NPAPI plugin use case: native chipcard reader

On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch wrote: > Are you effectively saying that you use crypto for signing financial > transactions, and the PIN is used for authenticating the user but not > involved in the actual signature/crypto algorithm? Therefore, if a

Re: NPAPI plugin use case: native chipcard reader

Are you effectively saying that you use crypto for signing financial transactions, and the PIN is used for authenticating the user but not involved in the actual signature/crypto algorithm? Therefore, if a user finds a way to invoke the same crypto without providing the PIN, they can effect

Re: NPAPI plugin use case: native chipcard reader

On Mon, Oct 12, 2015 at 5:01 AM, Gijs Kruitbosch wrote: > On 12/10/2015 12:34, Eric Rescorla wrote: > >> On Mon, Oct 12, 2015 at 4:22 AM, Gijs Kruitbosch < >> gijskruitbo...@gmail.com> >> wrote: >> >> Are you effectively saying that you use crypto for signing financial