Erich Titl wrote:
> Which implies that you send cleartext to the device and get cyphertext
back. So the easiest way to tamper the message is to intercept it at
> the smartcard driver level :-) and modify it on the fly. If someone is
smart enough to fetch the key contents from memory while it is b
Alon
Alon Bar-Lev wrote:
>
...
>
> In terms of security, there is no point of using a device that store keys
> only to be extracted by applications.
> In order to secure your identity you must use a device that cannot be
> duplicated.
> This can be implemented only if the device does not allow
Erich Titl wrote:
> maybe I am completely off topic but I am using an ikey 1000 on a Windoze
box with standard openvpn. AFAIK the ikey 1000 provides a
> PKCS#11 interface which (at least on windoze) is handled by the
proprietary driver.
> This token only handles storage of the keys. I believe th
Alon
maybe I am completely off topic but I am using an ikey 1000 on a Windoze
box with standard openvpn. AFAIK the ikey 1000 provides a PKCS#11
interface which (at least on windoze) is handled by the proprietary driver.
This token only handles storage of the keys. I believe the engine is
onl
