Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Muscle] Smartk, a smart card framework for the Linux Kernel
From: Ludovic Rousseau (ludovic.rousseaufree.fr)
Date: Thu Jan 08 2004 - 14:15:11 CST
Le jeudi 08 janvier 2004 à 16:57:33, Roberto Gassira' a écrit:
> On Thu, 8 Jan 2004, Jesse I Pollard wrote:
> > Not that fast - access to a serial interface will reduce your application
> > startup to a MAXIMUM of one every 2 to 3 seconds. A USB interface should
> > speed that up to about one every 1/2 second.
> Correct, but SmartK is modular, you can easily develop a IO module that
> supports the USB port instead of the serial port.
I may have missed an important point but you only need to access the
smart card to _sign_ a binary. The verification (using the public key)
can be done by the kernel without the smart card. The kernel just has to
get the public key from the smart card (or from somewhere else) at start
up. So the performances of the smart card is not a real problem.
> On the other hand, the majority of readers communicate through the
> /dev/ttySBx devices, that are handled by means of the "USB-Serial
> converter" feature.
I have never seen such a reader yet. Do you have a reference or URL just
for my curiosity?
> 2) The management of public and private keys is a critical issue as
> well as the security of keys repository. Smart cards are suitable to be
> a robust solution for the key storage.
You can also boot on a CDROM or a read-only partition to be sure your
executables and config files have not been modified. Once you get your
public key and the needed infrastucture you can verify your binary and
mount a read-write partition.
> 3) The integration of a kernel-level architecture and a user-level
> smart card interface is unsafe and unpratical.
That's still to be demonstrated.
I don't know how you can use a Unix system if you don't trust at least
some processes/programs in user space.
That's an interesting discussion I think.
Dr. Ludovic Rousseau Ludovic.Rousseaufree.fr
-- Normaliser Unix c'est comme pasteuriser le camembert, L.R. --
Muscle mailing list