Developing JavaCard applet
ndk.clanbo at gmail.com
Sun Apr 21 10:49:19 CEST 2013
I'm planninng to start work on a "OpenGPGCard TNG" ( :) ) that allows:
- exportable keys only towards user-certified devices
- support for 2048 bit keys -- more if HW allows it
- storage for "many" (thought at least 18 to allow 1 key per year till
2030) encryption keys (current + expired ones), plus regular signature
and auth keys, plus an extra auth key for RFID auth.
What I'd like to achieve is that the user is in control of what to do
with his keys: choose if they're exportable or not, choose to allow
export only to other cards, choose if exported key can be re-exported,
etc. But that policy have to be chosen before generating/importing the
signature key: once a signature key is in-place, policy cannot be
altered any more.
That would allow the use of a single card/token per identity, with keys
that can be backed up but remain safe (well, technically the user could
choose to export against an insecure SW key container, but it's his
coice: why should I forbid it? And even if I'd forbid it, he would
simply generate the key in the SW key container then import to the card,
and sw RNGs are usually "less secure" than TRNGs in cards, or even alter
the applet to disable the check...).
The applet will (obviously) be open-source.
The target card is any GP 2.1.1 (no need for extended APDUs -- they will
be simulated) -- I'll test on JCOP41 72k and SmartCafé Expert 144k.
Comments? Suggestions? Other missing features?
More information about the Gnupg-users