[Muscle] Implementing Secure Messaging

Joao Pedro countzero at sapo.pt
Mon Jul 13 14:36:47 PDT 2009 

Thank you very much for this information, Andreas!

Best regards,
Joao

Andreas Schwier <andreas.schwier at cardcontact.de> wrote:

> Hi Pedro,
>
> there are several different ways to implement secure messaging. One path
> is the JavaCard SCP01, SCP02 and SCP03 suite of protocols, the other
> path are the ISO 7816-4 based secure messaging implementations. The
> later are mainly used in native card operating systems, signature cards
> and machine readable travel documents (Basic Access Control).
>
> A good explanation of ISO secure messaging can be found in the CWA 18490
> [1]. We've done an implementation for the OpenCard Framework (OCF) which
> can be found at [2]. Look at the IsoSecureChannel class.
>
> Andreas
>
> [1] ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf
> [2] http://www.openscdp.org/ocf/api/index.html
>
> Joao Pedro schrieb:
>> Hi all,
>>
>> I hope these are the correct mailing lists to discuss this matter.
>> (opensc-devel and muscle).
>>
>> I would like to implement secure messaging in the Muscle applet (and
>> OpenSC) when I have a little available time.
>>
>> Are there any good resources (books, documents, etc.) that explain how
>> to implement it?
>>
>> I understand that there are three modes of "operation": MAC;
>> Encryption; Mac + Encryption.
>>
>> Apparently there is also two methods of establishing the secure channel:
>>
>> 1. Using pre-shared symmetric keys (3DES);
>> 2. Using Diffie-Hellman to establish the keys and certificates to
>> authenticate both parties (I suppose in order to defeat possible
>> man-in-the-middle attacks).
>>
>> By the way, is there any way to establish a secure session without
>> mutual authentication. Could I just talk to the applet and use
>> Diffie-Hellman and a Certificate present on the card to establish the
>> keys and the applet's authenticity? I.e.: "applet authentication".
>>
>> Thank you,
>> Joao
>>
>>
>> _______________________________________________
>> Muscle mailing list
>> Muscle at lists.musclecard.com
>> http://lists.drizzle.com/mailman/listinfo/muscle
>
>
> --
>
>     ---------    CardContact Software & System Consulting
>    |.##> <##.|   Andreas Schwier
>    |#       #|   Schülerweg 38
>    |#       #|   32429 Minden, Germany
>    |'##> <##'|   Phone +49 171 8334920
>     ---------    http://www.cardcontact.de
>
>
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>

More information about the Muscle mailing list