Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Muscle] Smartk, a smart card framework for the Linux Kernel
From: Roberto Gassira' (robgasdia.unisa.it)
Date: Thu Jan 08 2004 - 04:14:07 CST
Ludovic Rousseau wrote:
>Le mercredi 07 janvier 2004 à 20:37:07, Roberto Gassira' a écrit:
>>I think that there are a lot of reason to implement a communication
>>channel with smart card in kernel mode.
>>An example is:
>>have you ever tried to write any kernel service that uses smart card to
>>store cryptographics keys with a userland lib or framework?
>What's the problem with the manipulation of keys in userland?
>As far as I know the kernel part of IPSec get its keys from user land
>programs for example.
>Your motivation for doing like this is for security or because of an
The motivations are :
- Security, because a secure kernel service, that uses smart card as key
storage, shouldn't exchange data
with an untrusted environment as the userland one.
An example is the WLF project (http://libeccio.dia.unisa.it/wlf/) for
the run-time integrity check of executables
that uses as repository a smart card for the keys.
- Implementation constraint, because using other frameworks from kernel
space is difficult. There are
a lot of solutions, but Smartk provides the easiest one.
Moreover, Smartk is fast, lite and small.
Muscle mailing list