Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Muscle] libpam-musclecard
From: Peter Williams (home_pwmsn.com)
Date: Sat Nov 19 2005 - 12:43:14 CST
so, this is the same model as an EMV card, in SDA mode, as recently
installed throughout the UK: check that an issuer's issuing-time signature
on a presented card can be re-validated today by an offline, trusted
host/reader with a trusted store of IA signature validation keys.
Given musclecard's have an ext-auth process (which approxiamate to the EMV's
DDA mode), why cannnot we go one step further, and have the host mutually
authenticate to the card, using a secret ext-auth key that is handled at the
same sensitivity level as the current IA verification keys (plus
>From: Matthias Barmeier <barmeierbarmeier.com>
>Reply-To: MUSCLE <musclelists.musclecard.com>
>To: MUSCLE <musclelists.musclecard.com>
>Subject: Re: [Muscle] libpam-musclecard
>Date: Fri, 18 Nov 2005 10:24:41 +0100
>Sorry, for the last mail but the README in the Debian package
>an incomplete configuration chapter. The chapter ends with:
>1. UserCert - the module will look in ~/.muscle/user.cert for the
>2. RootCert - the module will retreive the certificate from the smartcard
> and validate the signature by looking at the RootCA's
> certificate in /etc/root.cert. It will also check that the
> username corresponds to the username in the certificate.
>After loading and extracting the MusclePAM.zip from your source I have
>a more complete configuration instruction.
>Thanx a lot.
>Karsten Ohme schrieb:
> >Matthias Barmeier wrote:
> >>Hi again,
> >>does anyone out there has a link to a step-by-step guide
> >>from having a working muscle card to a working gdm/kdm/?dm login
> >>with that card ???
> >Is the README in MusclePAM not enough?
> >By the way, the root cert option is not working with this, because a
> >tool was missing to generate a certificate signing request. If you need
> >this, then look at the version at:
> >file PAMCardInit, but the other stuff is also a bit different, but
> >should compile against libmusclecard, although PIN pad support will be
> >missing. Everything should be build running "make" with the contained
> >Makefile (At the moment there is no correct autoconf/automake build
> >files contained.).
> >> Matthias
> >>Muscle mailing list
> >Muscle mailing list
>Muscle mailing list
Muscle mailing list