|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Schwier (andreas.schwier
cardcontact.de)
Date: Mon Jul 13 2009 - 14:26:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Pedro,
there are several different ways to implement secure messaging. One path
is the JavaCard SCP01, SCP02 and SCP03 suite of protocols, the other
path are the ISO 7816-4 based secure messaging implementations. The
later are mainly used in native card operating systems, signature cards
and machine readable travel documents (Basic Access Control).
A good explanation of ISO secure messaging can be found in the CWA 18490
[1]. We've done an implementation for the OpenCard Framework (OCF) which
can be found at [2]. Look at the IsoSecureChannel class.
Andreas
[1] ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf
[2] http://www.openscdp.org/ocf/api/index.html
Joao Pedro schrieb:
> Hi all,
>
> I hope these are the correct mailing lists to discuss this matter.
> (opensc-devel and muscle).
>
> I would like to implement secure messaging in the Muscle applet (and
> OpenSC) when I have a little available time.
>
> Are there any good resources (books, documents, etc.) that explain how
> to implement it?
>
> I understand that there are three modes of "operation": MAC;
> Encryption; Mac + Encryption.
>
> Apparently there is also two methods of establishing the secure channel:
>
> 1. Using pre-shared symmetric keys (3DES);
> 2. Using Diffie-Hellman to establish the keys and certificates to
> authenticate both parties (I suppose in order to defeat possible
> man-in-the-middle attacks).
>
> By the way, is there any way to establish a secure session without
> mutual authentication. Could I just talk to the applet and use
> Diffie-Hellman and a Certificate present on the card to establish the
> keys and the applet's authenticity? I.e.: "applet authentication".
>
> Thank you,
> Joao
>
>
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 171 8334920
--------- http://www.cardcontact.de
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]