On Sun, 21 Apr 2013 10:49:19 +0200 NdK <ndk.cla...@gmail.com> wrote: > Hello all. > > I'm planninng to start work on a "OpenGPGCard TNG" ( :) ) that allows: > - exportable keys only towards user-certified devices > - support for 2048 bit keys -- more if HW allows it > - storage for "many" (thought at least 18 to allow 1 key per year till > 2030) encryption keys (current + expired ones), plus regular signature > and auth keys, plus an extra auth key for RFID auth. > > What I'd like to achieve is that the user is in control of what to do > with his keys: choose if they're exportable or not, choose to allow > export only to other cards, choose if exported key can be re-exported, > etc. But that policy have to be chosen before generating/importing the > signature key: once a signature key is in-place, policy cannot be > altered any more. > That would allow the use of a single card/token per identity, with > keys that can be backed up but remain safe (well, technically the > user could choose to export against an insecure SW key container, but > it's his coice: why should I forbid it? And even if I'd forbid it, he > would simply generate the key in the SW key container then import to > the card, and sw RNGs are usually "less secure" than TRNGs in cards, > or even alter the applet to disable the check...). > > The applet will (obviously) be open-source. > The target card is any GP 2.1.1 (no need for extended APDUs -- they > will be simulated) -- I'll test on JCOP41 72k and SmartCafé Expert > 144k. > > Comments? Suggestions? Other missing features? > > BYtE, > Diego. >
Hello Diego, That certainly sounds interesting. I can volunteer to test it out once you have some workable code - I have a couple of Oberthur cards that are collecting the dust :) What I might be even more interested in is if you could describe the development process you use for working on a JavaCard applet - there's very little resources out there to get people up and running with such exotic topic. The added value would be ability for more people to chip in with contributions :) Best regards -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
