Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Fri, Jul 23, 2010 at 17:14, Roberto Resoli wrote: >> As for me, there is no sense in SM keys embedded in the middleware. > > I am with you ... There would be no need for "me too" here, but I'll write it just for the record. > This interpretation seems even more valid looking at "Figure 8 - [

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Il giorno ven, 23/07/2010 alle 15.09 +0200, Viktor TARASOV ha scritto: > resoli - libero wrote: > > Il giorno lun, 21/06/2010 alle 11.05 +0200, Viktor TARASOV ha scritto: [...] > Actually, in the IAS/ECC branch of OpenSC there is an implementation of > the 'local' SM module. > The card supported b

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

resoli - libero wrote: > Il giorno lun, 21/06/2010 alle 11.05 +0200, Viktor TARASOV ha scritto: > >> resoli - libero wrote: >> >>> This thread is really interesting looking from an italian perspective. >>> >>> Viktor mentioned the fact that in Italian CNS card PIN and signature are >>> secu

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Fri, Jul 23, 2010 at 14:00, Anders Rundgren wrote: >> I'm not sure I understand entirely; so the system uses a digital >> signature, but would you know if it uses secure messaging too? > > They do not use SM.  If they did somebody would reverse engineer > the software and claim "victory" or som

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Emanuele Pucciarelli wrote: > Hi Anders, > > I'm very interested in these matters too. (Thanks, Roberto, for > starting the discussion here!) Fine! >>> Moreover, I'm rather curious about SM for digital signature outside >>> Italy; is it used at all? >> It is a used by for example Swedish governm

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Hi Anders, I'm very interested in these matters too. (Thanks, Roberto, for starting the discussion here!) >> Moreover, I'm rather curious about SM for digital signature outside >> Italy; is it used at all? > > It is a used by for example Swedish governments for citizens' on-line > tax-declaratio

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

resoli - libero wrote: > Il giorno lun, 21/06/2010 alle 11.05 +0200, Viktor TARASOV ha scritto: >> resoli - libero wrote: >>> This thread is really interesting looking from an italian perspective. >>> >>> Viktor mentioned the fact that in Italian CNS card PIN and signature are >>> secure messaging

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Il giorno lun, 21/06/2010 alle 11.05 +0200, Viktor TARASOV ha scritto: > resoli - libero wrote: > > This thread is really interesting looking from an italian perspective. > > > > Viktor mentioned the fact that in Italian CNS card PIN and signature are > > secure messaging protected, as reported by

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

2010/6/8 Martin Paljak : > 2010/4/30 Viktor TARASOV : >> Martin Paljak wrote: You mean to place 'light' (but fully functional) OpenSC into the applet ? >>> That would be a nice idea. But there's no (AFAIK) set standard or >>> requirements (other than what I know from online signature plu

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

resoli - libero wrote: > This thread is really interesting looking from an italian perspective. > > Viktor mentioned the fact that in Italian CNS card PIN and signature are > secure messaging protected, as reported by Emanuele Pucciarelli that > created also some patches[1] to support that cards in

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

This thread is really interesting looking from an italian perspective. Viktor mentioned the fact that in Italian CNS card PIN and signature are secure messaging protected, as reported by Emanuele Pucciarelli that created also some patches[1] to support that cards in OpenSC. Unfortunately the sm 3

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

2010/4/30 Viktor TARASOV : > Martin Paljak wrote: >>> You mean to place 'light' (but fully functional) OpenSC into the applet ? >>> >> That would be a nice idea. But there's no (AFAIK) set standard or >> requirements (other than what I know from online signature plugin >> requirements in Estonia)

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Martin Paljak wrote: > On Apr 29, 2010, at 11:03 , Viktor TARASOV wrote: > >> Martin Paljak wrote: >> >>> On Apr 29, 2010, at 08:43 , gilles Bernabé wrote: >>> >>> Oh interesting, but Java is much more heavy, if I remember correctly the Java plugin(JRE + JDK) is more than

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

I'm not a paranoid security freak, I just don't feel that a gazillion non-standard java applets all requiring a secure install is exactly thrilling. The Swedish BankID have recently scrapped their Java applet for custom native code. I believe all bets are off regarding the long-term outlook, And

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Apr 29, 2010, at 11:03 , Viktor TARASOV wrote: > Martin Paljak wrote: >> On Apr 29, 2010, at 08:43 , gilles Bernabé wrote: >> >>> Oh interesting, but Java is much more heavy, if I remember correctly the >>> Java plugin(JRE + JDK) is more than 40mb, the XPCOM plugin just takes some >>> kb onc

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Apr 29, 2010, at 18:32 , Anders Rundgren wrote: > Peter Stuge wrote: >> Anders Rundgren wrote: >>> What I *do* consider a problem is exposing PC/SC to browser code. >> >> What API would be OK? Is PKCS#11 much better? > > There should (IMO) not be any crypto API exposure in untrusted browser co

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Peter Stuge wrote: > Anders Rundgren wrote: >> What I *do* consider a problem is exposing PC/SC to browser code. > > What API would be OK? Is PKCS#11 much better? There should (IMO) not be any crypto API exposure in untrusted browser code. Mozillas's shows that you don't have to. Microsoft's C

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Anders Rundgren wrote: > What I *do* consider a problem is exposing PC/SC to browser code. What API would be OK? Is PKCS#11 much better? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/l

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

gilles Bernabé wrote: > > > 2010/4/29 Anders Rundgren > > > I doubt that SCP01 (is that what you refer to or what?) is useful > in browsers but I leave that for you guys to find out :-) > > Gemalto has/is also pushing this concept though: > >

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

2010/4/29 Anders Rundgren > I doubt that SCP01 (is that what you refer to or what?) is useful > in browsers but I leave that for you guys to find out :-) > > Gemalto has/is also pushing this concept though: > > http://w2spconf.com/2009/papers/s4p4.pdf > > My opinion is that you need a subsystem i

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Martin Paljak wrote: > On Apr 29, 2010, at 08:43 , gilles Bernabé wrote: > >> Oh interesting, but Java is much more heavy, if I remember correctly the >> Java plugin(JRE + JDK) is more than 40mb, the XPCOM plugin just takes some >> kb once installed. >> > > The ups and downs of Java have

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

gilles Bernabé wrote: > Hello, > Oh Victor I've recently realized a Firefox plugin with XPCOM C++, > for the moment I've implemented a scriptable interface that permit to > send APDUs from the Javascript code, > so you can do HTTP GET and POST(in Javascript) to exchange APDUs with > a server. > I

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

I doubt that SCP01 (is that what you refer to or what?) is useful in browsers but I leave that for you guys to find out :-) Gemalto has/is also pushing this concept though: http://w2spconf.com/2009/papers/s4p4.pdf My opinion is that you need a subsystem in the browser, like an upgraded to actua

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Apr 29, 2010, at 08:43 , gilles Bernabé wrote: > > Oh interesting, but Java is much more heavy, if I remember correctly the > Java plugin(JRE + JDK) is more than 40mb, the XPCOM plugin just takes some kb > once installed. The ups and downs of Java have been interesting, but these days, with

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Oh interesting, but Java is much more heavy, if I remember correctly the Java plugin(JRE + JDK) is more than 40mb, the XPCOM plugin just takes some kb once installed. 2010/4/29 Martin Paljak > On Apr 29, 2010, at 00:06 , gilles Bernabé wrote: > > > > Hello, > > Oh Victor I've recently realized

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Apr 29, 2010, at 00:06 , gilles Bernabé wrote: > > Hello, > Oh Victor I've recently realized a Firefox plugin with XPCOM C++, > for the moment I've implemented a scriptable interface that permit to send > APDUs from the Javascript code, > so you can do HTTP GET and POST(in Javascript) to exch

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Hello, Oh Victor I've recently realized a Firefox plugin with XPCOM C++, for the moment I've implemented a scriptable interface that permit to send APDUs from the Javascript code, so you can do HTTP GET and POST(in Javascript) to exchange APDUs with a server. It's a very basic plugin, but it's the

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Hi, Martin Paljak wrote: > On Apr 21, 2010, at 20:25 , Viktor TARASOV wrote: > >> I would like to start a new OpenSC sub-project, forked from the current >> trunk, >> that should be an experimental branch for the implementation of >> SecureMessaging, MultiApplication, >> combined ACLs, etc. >

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Martin Paljak wrote: > > I'm happy to help set up git hosting on opensc-project.org. > > The nature of git does not need a central git repository. But releases do, so there's usually a single repo someplace that is a little bit more official than everything else. > If git would be to used, I'd

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

On Apr 22, 2010, at 08:46 , Peter Stuge wrote: > Andreas Jellinghaus wrote: >> b) use git/hg/bazar with svn bridge to import current opensc repository >> and all future changes to it, and develop in git/hg/bazaar. you can >> publish your codebase on one of the popular hosts (github, launchpad,

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Hello, On Apr 21, 2010, at 20:25 , Viktor TARASOV wrote: > I would like to start a new OpenSC sub-project, forked from the current > trunk, > that should be an experimental branch for the implementation of > SecureMessaging, MultiApplication, > combined ACLs, etc. > > At the beginning this sub-

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Andreas Jellinghaus wrote: > b) use git/hg/bazar with svn bridge to import current opensc repository >and all future changes to it, and develop in git/hg/bazaar. you can >publish your codebase on one of the popular hosts (github, launchpad, >the mercurial hub whose name I don't remember

Re: [opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

I think it is a great idea to implement these things! forking a project is easy (every "cp -r ..." is a fork from my point of view), but merging can be hard, depending on the tools you use. thus my advice: a) stay in opensc svn, but simply do svn cp https:///svn/opensc/trunk \

[opensc-devel] Sub-project for OpenSC with secure messaging and multi-applications

Hi, I would like to start a new OpenSC sub-project, forked from the current trunk, that should be an experimental branch for the implementation of SecureMessaging, MultiApplication, combined ACLs, etc. At the beginning this sub-project should support the cards natively compatibles with PKCS#15