[Muscle] Impossible to crypt using MuscleTool
Sylvain Ferey
s.ferey at wanadoo.fr
Fri Mar 21 16:50:49 PDT 2008
At 14:31 21/03/2008 -0700, you wrote:
>If you build the source of the applet, you can make getchallenge to build
>(and work).
>
>I dont really recall well, but I think I had to rewrite much of the
>applet's sign/verify/crypt functions to make them viable.
if one decides to perform some changes in the 0.9.8 applet, he may just
prefer to fully rewrite it !
at least it will be my choice.
the current applet:
- is 98% not ISO compliant, w/o any good reasons and with painful overload
for anyone writing a driver or plug-in that had some (even basic)
experience some smartcards.
- consume a lot of unused memory and enforces some unexpected rules,
for instance: an array for 10 Pins is created in constructor, who needs
10 Pins ???
the "setup applet" command requires 2 *user pins* + 2 "admins pins" to be
defined
(2 PINs with exactly same rules, 2 resetting PINs with exactly same
rules, what is
the goal of that ? I do consider it's meaningless)
- crypto is unsafe: only RSA X509 (RSA raw mode) is provided
- crypto is far incomplete: no DSA, no ECC, no AES
- crypto is confused: once you had used a key in one operation (says signing)
you can no longer use it for another operation (eg decrypting),
""fortunately""
encryption / decryption with RSA (eg wrapping, unwrapping) is not supported
and it performed with signing/verification operation (in so raw mode), that's
pure mistake and obfuscation.
these points are not closed, nor their purposes is to criticize the applet,
I asked several times if the applet is currently supported, and in case by
who (group or person) and didn't get any responses.
regards,
Sylvain.
More information about the Muscle
mailing list