On 03/08/2011 21:25, Martin Paljak wrote:
>> And what about smartphones? "Standard" Java is more likely to be adapted
>> than proprietary interfaces.
> I don't believe that current smartphone platform vendors will embrace PKCS#11
> as we know it on the desktop. At least I hope they will not. It w
On 03/08/2011 19:40, helpcrypto helpcrypto wrote:
>> Well... The user should be responsible for selecting the "best" slot.
>> That IMHO shouldn't be a "slot" in the first place, but just a
>> certificate. The browser should only filter certs so that only
>> acceptable ones are proposed to the user
Hello,
On Aug 3, 2011, at 6:22 PM, NdK wrote:
>> On Windows, you could also use the Windows CAPI via the SunMSCAPI,
>> and OpenSC on Windows can still be used via the OpenSC mindriver.
> Still proprietary solutions.
> And what about smartphones? "Standard" Java is more likely to be adapted
> than
2011/8/3 NdK :
> On 03/08/2011 16:16, Douglas E. Engert wrote:
>> You say you are using FF, so have you looked at JSS?
>> http://www.mozilla.org/projects/security/pki/jss/
How can you say so, if JSS is not recommended/supported for Java Applets?
(as said in the infamous bug
https://bugzilla.mozilla
On 03/08/2011 16:16, Douglas E. Engert wrote:
> You say you are using FF, so have you looked at JSS?
> http://www.mozilla.org/projects/security/pki/jss/
Nope. Proprietary (available only for FF).
> As I read this, it is a java interface to NSS, and thus avoid the
> sunPKCS11 and its limitations, bu
You say you are using FF, so have you looked at JSS?
http://www.mozilla.org/projects/security/pki/jss/
As I read this, it is a java interface to NSS, and thus avoid the
sunPKCS11 and its limitations, but still allow the use of OpenSC.
On Windows, you could also use the Windows CAPI via the SunMSC
2011/8/3 NdK :
> Then why I get *exaxtly* one slot per PIN (and in the slot name there's
> the label I associated with the PIN? Maybe it's opensc-specific, but I
> doubt.
must be opensc is adding an slot for each application/pin. You should
check this with someone/martin, but im pretty sure is this
Il 03/08/2011 13:35, helpcrypto helpcrypto ha scritto:
>> And (more general question) why a slot identifies a pin? What about
>> "insecure" keys and their certs? See below.
> An slot doesnt need to have a PIN, as stated on PKCS#11 standard.
Then why I get *exaxtly* one slot per PIN (and in the slo
2011/8/3 NdK :
> The wallet must allow for use of a smart card or a simple password
> (obviously highly sensitive passwords will have to be restricted to
> stronger method). Not really different at the programmatic level, since
> I can store "anything" in the "encryptedPrivateKey" field: an actual
Il 03/08/2011 11:08, helpcrypto helpcrypto ha scritto:
> As i understand, you want to develop like a wallte, where password
> stored on server (crypted) are copied to clipboard (altough a simply
> CTRL+V will display it), to let the user authenticate in toher
> services. Right?
Yup. Right. Ctrl-V
2011/8/3 NdK :
> Il 03/08/2011 09:32, helpcrypto helpcrypto ha scritto:
> I need to implement a multiuser web password manager that allows users
> to group-share passwords (so Linux sysadmins don't have access to
> Windows passwords -- yes, I know AD, it's just an example).
> Server NEVER knows pla
Il 03/08/2011 09:32, helpcrypto helpcrypto ha scritto:
> Do yo code on assembly for you web pages? PCSC should be used only
> if your smartcard doesnt have a higher level of abstraction possible
> (like opensc)
I'd even prefer higher APIs, since doing security really well is hard.
>> I usually d
Hello,
with Windows 7 (64 bit) and opensc 0.12.2 the command
pkcs15-tool --reader 0 --read-public-key 45
gives the right result but afterwards a message from the
Windows system pops up:
"pkcs15-tool funktioniert nicht mehr"
(That translates to "pkcs15-tool doesn't work any more")
This is no
If any of you dont agree with any of the following, just let me know.
>>>- should I avoid SunPKCS11 and base my program on "simple" PC/SC?
Absolutely not.
Do yo code on assembly for you web pages? PCSC should be used only if
your smartcard doesnt have a higher level of abstraction possible
(like
14 matches
Mail list logo
