I know it, but you can easily write a class implementing the org.globalplatform.SecureChannel interface to mimick the card manager's secure channel, and reuse host-side tools that "talk" this protocol :)<br><br>
<div class="gmail_quote">On Fri, Jul 17, 2009 at 3:07 PM, Miller, Timothy J. <span dir="ltr"><<a href="mailto:tmiller@mitre.org">tmiller@mitre.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
As I understand it, the symmetric key secured channel is for card management (e.g., PIN unblock, applet load, key injection, etc.), not for normal access.<br>
<br>
-- Tim<br>
<div><div></div><div class="h5"><br>
<br>
>-----Original Message-----<br>
>From: <a href="mailto:muscle-bounces@lists.musclecard.com">muscle-bounces@lists.musclecard.com</a> [mailto:<a href="mailto:muscle-">muscle-</a><br>
><a href="mailto:bounces@lists.musclecard.com">bounces@lists.musclecard.com</a>] On Behalf Of Sébastien Lorquet<br>
>Sent: Friday, July 17, 2009 7:56 AM<br>
>To: MUSCLE<br>
>Subject: Re: [Muscle] Protecting a PIN with keyed hashing?<br>
><br>
>the muscle applet is for global platform javacards right?<br>
><br>
>Then about the GP secure channel already implemented<br>
>(org.globalplatform.SecureChannel<br>
>org.globalplatform.GPSystem.getSecureChannel() ) in these cards for<br>
>secure messaging? it provides a mac+tdes encryption. also, writing a<br>
>software implementation is not difficult, if needed (to use other keys<br>
>than SD's ones)<br>
><br>
>sebastien<br>
><br>
>ps: the muscle applet also support strong authentication with a<br>
>challenge/response exchange. A 128 bits TDES key can be seen as a 16-<br>
>character PIN, that can be right padded with zeroes or other if needed.<br>
>what do you think of this?<br>
<br>
</div></div><br>_______________________________________________<br>
Muscle mailing list<br>
<a href="mailto:Muscle@lists.musclecard.com">Muscle@lists.musclecard.com</a><br>
<a href="http://lists.drizzle.com/mailman/listinfo/muscle" target="_blank">http://lists.drizzle.com/mailman/listinfo/muscle</a><br>
<br></blockquote></div><br>