Il 19/08/2012 10:14, Anders Rundgren ha scritto: > Virtual smart cards have unlimited capacity and doesn't occupy space in > your pocket either. Then an USB token paired with some form of "unsecure" storage and have RSA capabilities and a button or a small keypad (display w/ touchscreen?) to enter consent/authorization code in a way that can't be intercepted/forged by software would be even better.
The "unsecure storage" could be easily encrypted under a private key that then gets encrypted under any number of "token public keys", so no "single point of failure" exists and that storage can easily be shared/copied to any number of tokens. (IIRC, something along this line should/could be in next OpenPGP token). This way you would have benefits of both virtual (practically "unlimited" number of certs/keys: if you use a 32G uSD as storage you'd have to spend your life receiving certs before filling it...) and real smart cards (bring it wherever you like, having full control). If such a token would be issued by govs (so coming with a "universally trusted" cert to certify that extra keys are generated by the token), it would be the really universal "card". I don't like those "vendor lock-ins". Maybe I saw too many burnt mobos, or just 'cause I prefer AMDs :), or simply it seems another way to introduce "crippled boot feature" and have users be happy with that (a "virtual smart card", implemented in SW, requires some form of "certified boot", so it only works with a "certified OS"), or reintroduce the dear old TPM (that have been cracked[1], BTW)... On the other hand, a token/card is platform-agnostic... [1] http://www.computerworld.com/s/article/9151158/Black_Hat_Researcher_claims_hack_of_chip_used_to_secure_computers_smartcards BYtE, Diego. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
