On Sun, Sep 30, 2012 at 5:48 AM, NdK wrote:
> Il 29/09/2012 09:01, Frank Cusack ha scritto:
>
> > I knew something that didn't need "trusted software" (in the PC)
> should
> > exist. And Finally I found it:
> > http://www.ftsafe.com/product/e
On Sat, Sep 29, 2012 at 12:40 AM, Anders Rundgren wrote:
> Right. There is no point in installing applications in the SE;
> applications are installed on top of the OS.
> The SE only needs to keep keys (like smart cards in reality do ..) .
That's a very limited use of the SE.
Keys OTOH will
On Fri, Sep 21, 2012 at 11:58 PM, Andreas Jellinghaus
wrote:
>
> Am 20.09.2012 21:06 schrieb "Anders Rundgren" :
>
> >
> >
> http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html
> >
> > Very interesting IMHO.
>
> Agree, thanks for sharing.
>
> >
> > According to the author
On Thu, Jan 19, 2012 at 1:10 AM, Anders Rundgren
wrote:
>
> This is since long solved problem. It is an intrinsic part of
> GlobalPlatform
> where you don't really use CSR's and PoP's but a session-key to secure
> that you
> are really talking to the card.
>
> On http://webpki.org/auth-token-4-th
sit there
waiting for key generation.
On Thu, Jan 19, 2012 at 12:03 AM, Christian Hohnstaedt <
christ...@hohnstaedt.de> wrote:
> On Wed, Jan 18, 2012 at 11:30:36PM -0800, Frank Cusack wrote:
> > verify. There is no way for the user to add that signed data to a
> software
> > CSR
On Wed, Jan 18, 2012 at 11:04 PM, Christian Hohnstaedt <
christ...@hohnstaedt.de> wrote:
> On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote:
> > In a CSR, how is it proven that the key resides on a smart card (and is
> not
> > exportable)? In my understandi
In a CSR, how is it proven that the key resides on a smart card (and is not
exportable)? In my understanding, the CSR is signed by the private key of
the (to be) cert itself. Thus that signature only proves that the
requester actually possesses the private half, not that the private key
resides o
