From: Carl Youngblood (carlyoungbloods.org)
Date: Thu May 06 2004 - 12:52:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Williams wrote:

> Come on, folks. Dont give in to cleartext private keys.
>
> Have openssl generate a cert, any cert. Use the cardedge to move the
> cert DER into an alloced region of the muscle's applet memory manager.
> Dont even decode the DER. At fixed byte offsets (use openssl to
> produce, its a pretty print option) for public key p, and sig s,
> insert the fixed size public key blob p, then use the existing hash
> and signature methods on the EEPROM buffer to generate the cryptogram
> and overwrite the existing signature bytes s. Output result via
> cardedge to the PC, and feed in to openssl -req
> -arg=use-certtemplate-not-PKCS#10
>
> The applet really doesnt have to do very much it cannot already do:
> all that it needs to know is the offsets of the public and signature
> X.509 fields in the DER encoding. Everything else is there. Worry
> about generalization of key lengths and algs options later. Just do
> sha1WithRSA and 768bit RSA for now.

This sounds like a better way to do it, but I'm very much a novice when
it comes to smartcards. I just barely got all the musclecard layers
working with my reader. Would you mind providing a more detailed list
of instructions for how do each of the steps you mentioned? Are there
command-line utils that will allow me to do all this, or do I need to
write some code? (I know I'll have to do it eventually, but I just want
a simple solution that will get me up and running right now.)

Thanks,
Carl

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]