Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Martin Paljak (martinmartinpaljak.net)
Date: Mon Apr 23 2012 - 13:12:05 CDT
On Mon, Apr 23, 2012 at 20:45, Michael StJohns <mstjohnscomcast.net> wrote:
>>In practice the only common open source applet, MuscleApplet,
> There's also "CoolKey" derived from Muscle as well as a few open versions of the PIV II applet.
I'm aware of CoolKey. I'm not aware of any PIV II open source applets.
Do you have pointers/links?
As CoolKey is derived from Muscle, it has mostly the same problems.
>>from perfect for the on-card code, because:
>>a) it is in practice proprietary
> I'm not sure how you came to this conclusion. As far as I can tell, it uses no proprietary classes (and I'm not counting the GP and OP classes as proprietary) and I've been able to run it on at least 5 or 6 different cards. (I think its 4 different families including the old e-card stuff).
Yes, it is open source and adheres to JavaCard standards and is
usable(/portable) to different cards, even different javacard
revisions, but the *interface* it implements is
proprietary/legacy/non-standard, meaning that it is built 1:1 for
*-muscle* only. Thus proprietary for what its worth.
Muscle does not import OP/GP classes, thus it is "free" from that POV.
>>b) it is not really maintained
> Its true there is no real formal maintenance in place for this, but as I recall, there is a public repository, and as recently as last year or so a few fixes we're placed there. It's probably more correct to say there is no one formally responsible for such maintenance.
> Somewhat more annoying is the lack of a release cycle for the supporting C programs and drivers, especially with respect to Windows. Coolkey is somewhat supported on the Mac platform though.
I only know that Coolkey gets mentioned by a) dogtag/redhat folks b)
PIV/CAC folks where there is some host-side plugin under the same
umbrella, which does PIV/CAC.
IIRC all the muscle things were removed from Debian some time ago, if
that is a sign of anything.
> And I do have a copy of the version 2 applet which was supposed to replace v1, but doesn't seem to have ever made it to that point.
Interesting, what are the main differences?
>>c) unrelated to fact that it has code in OpenSC to support the card,
>>it has no resemblance with IOS7816-4/8/15, which OpenSC is tailored
>>towards. Which makes it an awkward target in OpenSC.
> It is correct it is not an -8 or -15 emulation applet. It *is* a -4 applet. AIRC, at the time MuscleApplet was written, -8 really hadn't gotten enough traction and -15 wasn't even a gleam in the drafter's eye.
-15 as a data format is maybe really not relevant here, but -8 dates
back to 1995, according to Wikipedia. I don't know what is supposed to
define 7816-4 support, but IMHO claiming that Muscle supports 7816-4
is as good as claiming that telnet supports HTTP because they both do
TCP/IP. But again, 7816-X is a nice ambiguous pile of things, which
nicely fits the "three blind men and elephant" story :)
>>Having a standards-compliant open source applet would be a huge
>>benefit, both for the ecosystem as well as OpenSC. But developing this
>>requires quite a lot of different resources (time, money, motivation
>>etc) and to date noone has shown interest in this.
> Maybe - but depending on your needs, it may just be simpler to buy -8 and -15 compliant cards.
In the context of JavaCards.
There are some notes on Muscle in OpenSC wiki, which might be of
interest to anyone interested in either OSS JavaCard applets or Muscle
Muscle mailing list