On 3/23/2012 2:59 PM, Martin Paljak wrote:
> Hello,
>
> On Tue, Feb 21, 2012 at 16:46, Douglas E. Engert wrote:
>> It does not define a load key or any finalize
>> commands which would be needed by a production card management system.
Martin, You really are catching up on your mail!
>
> I don'
Hello Anders,
On Tue, Feb 21, 2012 at 19:40, Anders Rundgren
wrote:
> I have "played" with the idea of creating a "secure stack-machine" for
> performing arbitrary cryptographic operations on result-data but I couldn't
> figure out how this would work without introducing vulnerabilities. :-(
Thi
Hello,
On Tue, Feb 21, 2012 at 16:46, Douglas E. Engert wrote:
> It does not define a load key or any finalize
> commands which would be needed by a production card management system.
I don't know about PIV internals, but maybe the "finalize" step is
automatic or not needed at all (meaning that
On 2012-02-21 18:16, Douglas E. Engert wrote:
>
>>> Pushing the ECDH Key Agreement to the token for use by the token
>>> looks very interesting.
>>
>
> I meant based on your slides it looks like that is what you would like
> to do as a new operation.
>
>> I'm not sure I understand what you are
On 2/21/2012 9:53 AM, Anders Rundgren wrote:
> On 2012-02-21 16:17, Douglas E. Engert wrote:
>>
>>
>> On 2/21/2012 6:01 AM, Anders Rundgren wrote:
>>> On 2012-02-20 23:22, Douglas E. Engert wrote:
On 2/20/2012 3:41 PM, Anders Rundgren wrote:
> On 2012-02-20 21:40, Peter Stuge w
On 2012-02-21 16:17, Douglas E. Engert wrote:
>
>
> On 2/21/2012 6:01 AM, Anders Rundgren wrote:
>> On 2012-02-20 23:22, Douglas E. Engert wrote:
>>>
>>>
>>> On 2/20/2012 3:41 PM, Anders Rundgren wrote:
On 2012-02-20 21:40, Peter Stuge wrote:
> Anders Rundgren wrote:
>> I don't know
On 2/21/2012 6:01 AM, Anders Rundgren wrote:
> On 2012-02-20 23:22, Douglas E. Engert wrote:
>>
>>
>> On 2/20/2012 3:41 PM, Anders Rundgren wrote:
>>> On 2012-02-20 21:40, Peter Stuge wrote:
Anders Rundgren wrote:
> I don't know what USB P11 is, can you send me a pointer?
It's
On 2/21/2012 1:51 AM, Anders Rundgren wrote:
> On 2012-02-20 23:23, Jean-Michel Pouré - GOOZE wrote:
>
>> IMHO, CCID is superior as it is really plug-and-play under all systems.
>> Of course, CCID is needed, but it could be installed under all systems
>> by default. The last versions of libccid
On 2012-02-20 23:22, Douglas E. Engert wrote:
>
>
> On 2/20/2012 3:41 PM, Anders Rundgren wrote:
>> On 2012-02-20 21:40, Peter Stuge wrote:
>>> Anders Rundgren wrote:
I don't know what USB P11 is, can you send me a pointer?
>>>
>>> It's my old idea of implementing PKCS#11 directly over USB.
On 2012-02-20 23:23, Jean-Michel Pouré - GOOZE wrote:
> IMHO, CCID is superior as it is really plug-and-play under all systems.
> Of course, CCID is needed, but it could be installed under all systems
> by default. The last versions of libccid with udev really rocks. Pure
> plug-and-play never exi
Dear Peter,
> http://libusb.org/wiki/FAQ#CanIcreateadriverlessdeviceusingHIDclass
I wron't discuss as I don't know if improving HID for GNU/Linux is
really time consuming.
> Do you know how it is used by CryptoAPI and/or PKCS#11 applications?
CSP and PKCS#11.
Just contact me privately and I can
Hi!
Jean-Michel Pouré - GOOZE wrote:
> > It's my old idea of implementing PKCS#11 directly over USB. Issues
> > have been pointed out, and they would have to be solved of course.
>
> Feitian offers two ranges of products: CCID (ePass2003 and other
> products) and HID over USB (ePass2001 and othe
Douglas E. Engert wrote:
> I have not tried this, but check out this token too:
>
> http://www.goldkey.com/usb-smart-card-with-piv.html
>
> Built-in PIV Support
> Basic functionality and support for PIV cards and tokens already
> exists in Microsoft Windows®, Mac OS® X, and many Linux® dist
Anders Rundgren wrote:
> > It's my old idea of implementing PKCS#11 directly over USB. Issues
> > have been pointed out, and they would have to be solved of course.
>
> Maybe you would like to have an STM32F215-based token?
> 160 MHz, 128K RAm 1M Flash, USB HS, True RNG, AES
> It may happen this y
Dear Peter,
> It's my old idea of implementing PKCS#11 directly over USB. Issues
> have been pointed out, and they would have to be solved of course.
Feitian offers two ranges of products: CCID (ePass2003 and other
products) and HID over USB (ePass2001 and other products).
At Gooze, we have HI
On 2/20/2012 3:41 PM, Anders Rundgren wrote:
> On 2012-02-20 21:40, Peter Stuge wrote:
>> Anders Rundgren wrote:
>>> I don't know what USB P11 is, can you send me a pointer?
>>
>> It's my old idea of implementing PKCS#11 directly over USB. Issues
>> have been pointed out, and they would have to b
On 2012-02-20 21:40, Peter Stuge wrote:
> Anders Rundgren wrote:
>> I don't know what USB P11 is, can you send me a pointer?
>
> It's my old idea of implementing PKCS#11 directly over USB. Issues
> have been pointed out, and they would have to be solved of course.
Maybe you would like to have an
Anders Rundgren wrote:
> I don't know what USB P11 is, can you send me a pointer?
It's my old idea of implementing PKCS#11 directly over USB. Issues
have been pointed out, and they would have to be solved of course.
> Although PKCS #11 is good it is not particularly popular on Windows.
> It is e
On 2012-02-19 19:11, Peter Stuge wrote:
> Anders Rundgren wrote:
>> You didn't hear my presentation at FOSDEM 2012 but it was about
>> creating a token with a standard API so that you would as a
>> customer be able to just plug it in.
>
> This is an advantage of USB P11. In Windows 8 and later the
Anders Rundgren wrote:
> You didn't hear my presentation at FOSDEM 2012 but it was about
> creating a token with a standard API so that you would as a
> customer be able to just plug it in.
This is an advantage of USB P11. In Windows 8 and later there doesn't
even have to be a driver installed, si
On 2012-02-19 13:32, Jean-Michel Pouré - GOOZE wrote:
>> Anders Rundgren wrote:
>>> For non-government tokens like the excellent Feitian Epass2003
>>> I would consider another approach: Updating the firmware to
>>> emulate PIV so that we can put the middleware aside once and
>>> for all.
>> I agree
21 matches
Mail list logo
