From: Joao Pedro (countzerosapo.pt)
Date: Mon Jul 13 2009 - 13:17:33 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I hope these are the correct mailing lists to discuss this matter.
(opensc-devel and muscle).

I would like to implement secure messaging in the Muscle applet (and
OpenSC) when I have a little available time.

Are there any good resources (books, documents, etc.) that explain how
to implement it?

I understand that there are three modes of "operation": MAC;
Encryption; Mac + Encryption.

Apparently there is also two methods of establishing the secure channel:

1. Using pre-shared symmetric keys (3DES);
2. Using Diffie-Hellman to establish the keys and certificates to
authenticate both parties (I suppose in order to defeat possible
man-in-the-middle attacks).

By the way, is there any way to establish a secure session without
mutual authentication. Could I just talk to the applet and use
Diffie-Hellman and a Certificate present on the card to establish the
keys and the applet's authenticity? I.e.: "applet authentication".

Thank you,
Joao

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]