PGP and Smartcards?

Zeljko Vrba zvrba at globalnet.hr
Mon Jul 25 17:05:51 CEST 2005


Werner Koch wrote:
>
> Well for the OpenPGP card you don't need any filesystem as we onjly
> use the get/put data commands.  Thus a simple offset,length table is
> what you need.  Well, you know that of course.
>
Yeah, I know that very well :) It took me a bit of time to correctly
implement the coding/decoding of composite objects, but this stuff is
now fully working.

>
>>Why I didn't finish the development - because I've found some
>>discrepancies between the GPG code, OpenPGP card spec and the PKCS#1
>
> Care to elaborate on this?
>
Uff, I would have to look it up to be exact. It has to do with PKCS#1
padding block types. For example, in my signing function I'm not using
the Java Signature class (which produces one kind of PKCS#1 block type)
but the Cipher class and encrypt method (which produces another kind of
PKCS#1 block type) AFAIR, I've lost quite a bit of time on figuring out
what was wrong (reading the specs, everything should have fit perfectly)
and in the moment of despair I've just changed it to use encrpytion with
the private key instead of signature.

Before the change GPG complained about invalid signature, but after, the
thing magically worked!

It may have to do with Sun's cref emulation but nevertheless..

 >
> I am still interested to have reference implementation for java card
> although I can't help very much with the implementation but I know all
>
thanks, but I don't need any help with the implementation. if I just bit
the bullet I believe I could finish it up in a week to be completely
functional. I'm having more of a logistic trouble:

- I should buy the JCOP development toolkit (ok, that's no problem)
- buy from somewhere else a smart-card reader (also shouldn't be a problem)
- install Java, which is not trivial on FreeBSD. installing linux on my
laptop is not really an option (too much data to move around). hmph,
maybe a boot CD+10GB ext2 "disk file" on FAT32 for the linux :)
- install Eclipse 3 (since the JCOP toolkit is an Eclipse plugin)
- learn to use Eclipse
- patch (again! - I've done it so it can talk to cref, but I don't think
I've brought the patch with me when I moved :/ ) GPG somehow to talk to
the emulated smart-card so I can test the applet without actually
downloading it to the card until it's finally finished
- and FINALLY, make the applet fully-functional

I think that all of the above work exceeds the effort needed to finish
the applet :(

I'm extremly lazy to do all of the above grunt-work and if I start now,
maybe I'll get it finished in 6 months :) then I can start working on
the applet :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050725/a3544b46/signature.pgp


More information about the Gnupg-users mailing list