Erich Titl wrote:
> Which implies that you send cleartext to the device and get cyphertext
back. So the easiest way to tamper the message is to intercept it at
> the smartcard driver level :-) and modify it on the fly. If someone is
smart enough to fetch the key contents from memory while it is b
Alon
Alon Bar-Lev wrote:
>
...
>
> In terms of security, there is no point of using a device that store keys
> only to be extracted by applications.
> In order to secure your identity you must use a device that cannot be
> duplicated.
> This can be implemented only if the device does not allow
Erich Titl wrote:
> maybe I am completely off topic but I am using an ikey 1000 on a Windoze
box with standard openvpn. AFAIK the ikey 1000 provides a
> PKCS#11 interface which (at least on windoze) is handled by the
proprietary driver.
> This token only handles storage of the keys. I believe th
Alon
maybe I am completely off topic but I am using an ikey 1000 on a Windoze
box with standard openvpn. AFAIK the ikey 1000 provides a PKCS#11
interface which (at least on windoze) is handled by the proprietary driver.
This token only handles storage of the keys. I believe the engine is
onl
James Yonan wrote:
> Thanks for the interesting information on PKCS#11, OpenSSL, and
smartcards.
You are welcome... I now doing a phase on all open-source projects that uses
cryptographic but do not use smartcards... In a standard way... :)
> Any rough idea on what percentage of the cheaply avai
On Tue, 6 Sep 2005, Alon Bar-Lev wrote:
> Hello,
>
> I've seen some corresponding regarding this issue... But could
> not understand the formal position of the development team.
>
> It seems that currently openvpn does not support smartcards.
>
> I've noticed that a patch is available from Frit
