Il 13/02/2014 23:20, Werner Koch ha scritto:
[JavaCards]
> I am not interested in those small applications on the smartcard as long
> as I can't scrutinize the real code, i.e. the OS. Whether those
> applications are written for a p-code system (JavaCard, BasicCard) or
> for the native CPU doesn'
On Thu, 13 Feb 2014 21:36, ndk.cla...@gmail.com said:
> I've been able to work on JavaCards w/o having to sign anything (except
I am not interested in those small applications on the smartcard as long
as I can't scrutinize the real code, i.e. the OS. Whether those
applications are written for a
Il 13/02/2014 21:29, Peter Lebbing ha scritto:
> Although I think there's a trend towards more openness, and I learned a while
> ago that you can get crypto-capable JavaCards these days without requiring an
> NDA.
I've been able to work on JavaCards w/o having to sign anything (except
the transac
On 13/02/14 21:13, Luis Ressel wrote:
> You've got to sign an NDA to learn about the implementation of this
> security device which is supposed to be open?
You need an NDA to get the SDK, and you can't disclose the source code for your
application. You don't need the implementation details of a sm
On Thu, 13 Feb 2014 19:32:19 +0100
Werner Koch wrote:
> ... of the specs. Not of the concrete implementation. I hesitated to
> sign an NDA and thus have no more insight into this than most others.
You've got to sign an NDA to learn about the implementation of this
security device which is supp
On Thu, 13 Feb 2014 14:32, pe...@digitalbrains.com said:
> Considering that Werner was involved in the creation of the OpenPGP card, I
> think the on-card RNG isn't blindly trusted.
... of the specs. Not of the concrete implementation. I hesitated to
sign an NDA and thus have no more insight in
On 2014-02-13 15:45, Hauke Laging wrote:
How do you want to create a key on the card without an RNG?
What in fact happens is that the key is generated on the PC, and it is
both sent to the card using the same mechanism as 'keytocard' and backed
up to a file on the PC. This is because it is im
Am Do 13.02.2014, 14:32:56 schrieb Peter Lebbing:
> If you create keys on the card [...], the included RNG is not used
How do you want to create a key on the card without an RNG?
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/Ope
On 13/02/14 12:13, Kostantinos Koukopoulos wrote:
> Of course in the end it still comes down to the question of how much we
> trust ZeitCorp, but I have no positive reason not to. Using these cards has
> risk of course but much smaller than the potential for increased security.
If you create keys
On Fri, Feb 7, 2014 at 8:42 AM, Kostantinos Koukopoulos <
koukopoulos+gnupg-us...@gmail.com> wrote:
>
> Makes sense, So does anyone know the version of BasicCard used for openpgp
> cards? Or who to contact with this question? I asked at the distributor (
> kernelconcepts.de) and they said they cou
On Wed, Feb 5, 2014 at 10:01 AM, Michael Anders wrote:
>
>
> In my opinion a (good) PRNG seeded properly under user control is no
> problem.
> If -as the FAQ seems to tell- it is primed during production, beyond
> user control, this implies that normal users have to fully trust the
> manufacturer
> Hello,
> Aparrently the OpenPGP card is based on BasicCard [1] and from the
> BasicCard FAQ [2] I read:
> "For Enhanced BasicCards, the card has no hardware generator. The Enhanced
> BasicCards contain a unique manufacturing number which cannot be read from
> outside the card. The Rnd function u
Hello,
Aparrently the OpenPGP card is based on BasicCard [1] and from the
BasicCard FAQ [2] I read:
"For Enhanced BasicCards, the card has no hardware generator. The Enhanced
BasicCards contain a unique manufacturing number which cannot be read from
outside the card. The Rnd function uses this numb
13 matches
Mail list logo
