Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Peter Williams (home_pwmsn.com)
Date: Sat Apr 05 2008 - 03:31:18 CDT
Please correct me if my mental model of the stack is incorrect:
1. muscle applet on javacard
2. opensc's muscle driver provides ISO EF/DF emulator (e.g. opensc-explorer tool)
3. pkcs15-init applies muscle driver to create #15 files on ISO filesystem using "pkcs#15 emulator"
4. opensc pkcs#11 library talks to pkcs#15 card (via muscle #15 emulator "muscle-profile" , leveraging muscle ISO emulator "muscle driver")
5. IDA CSP can talk to opensc PKCS#11
As it stands, using the IDA applet my card DOES Not have various PKCS#15 files produced by pkcs15 init (even tho many worrying error message are produced)
Does all this emulation of the PKCS#15 file-interface extend fully to the muscle cardedge's sign/verify/crypto/pins too?
Anyone done any "pragmatic" analysis of which is more appropriate for professional use: IDA CSP talkind to IDA-PKCS#11 talking directly to the cardedge, or IDA-CSP talking to opensc's PKCS#11 library that leverages all the PKCS#15 emulation?
My main goal is simple SSL client auth.
Muscle mailing list