Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Muscle] XCard documentation?
From: Carl Youngblood (carlyoungbloods.org)
Date: Thu May 06 2004 - 12:52:44 CDT
Peter Williams wrote:
> Come on, folks. Dont give in to cleartext private keys.
> Have openssl generate a cert, any cert. Use the cardedge to move the
> cert DER into an alloced region of the muscle's applet memory manager.
> Dont even decode the DER. At fixed byte offsets (use openssl to
> produce, its a pretty print option) for public key p, and sig s,
> insert the fixed size public key blob p, then use the existing hash
> and signature methods on the EEPROM buffer to generate the cryptogram
> and overwrite the existing signature bytes s. Output result via
> cardedge to the PC, and feed in to openssl -req
> The applet really doesnt have to do very much it cannot already do:
> all that it needs to know is the offsets of the public and signature
> X.509 fields in the DER encoding. Everything else is there. Worry
> about generalization of key lengths and algs options later. Just do
> sha1WithRSA and 768bit RSA for now.
This sounds like a better way to do it, but I'm very much a novice when
it comes to smartcards. I just barely got all the musclecard layers
working with my reader. Would you mind providing a more detailed list
of instructions for how do each of the steps you mentioned? Are there
command-line utils that will allow me to do all this, or do I need to
write some code? (I know I'll have to do it eventually, but I just want
a simple solution that will get me up and running right now.)
Muscle mailing list
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature