Developing JavaCard applet

Branko Majic branko at majic.rs
Fri May 3 09:53:45 CEST 2013 

On Sun, 21 Apr 2013 10:49:19 +0200
NdK <ndk.clanbo at gmail.com> wrote:

> Hello all.
> 
> I'm planninng to start work on a "OpenGPGCard TNG" ( :) ) that allows:
> - exportable keys only towards user-certified devices
> - support for 2048 bit keys -- more if HW allows it
> - storage for "many" (thought at least 18 to allow 1 key per year till
> 2030) encryption keys (current + expired ones), plus regular signature
> and auth keys, plus an extra auth key for RFID auth.
> 
> What I'd like to achieve is that the user is in control of what to do
> with his keys: choose if they're exportable or not, choose to allow
> export only to other cards, choose if exported key can be re-exported,
> etc. But that policy have to be chosen before generating/importing the
> signature key: once a signature key is in-place, policy cannot be
> altered any more.
> That would allow the use of a single card/token per identity, with
> keys that can be backed up but remain safe (well, technically the
> user could choose to export against an insecure SW key container, but
> it's his coice: why should I forbid it? And even if I'd forbid it, he
> would simply generate the key in the SW key container then import to
> the card, and sw RNGs are usually "less secure" than TRNGs in cards,
> or even alter the applet to disable the check...).
> 
> The applet will (obviously) be open-source.
> The target card is any GP 2.1.1 (no need for extended APDUs -- they
> will be simulated) -- I'll test on JCOP41 72k and SmartCafé Expert
> 144k.
> 
> Comments? Suggestions? Other missing features?
> 
> BYtE,
>  Diego.
> 

Hello Diego,

That certainly sounds interesting. I can volunteer to test it out once
you have some workable code - I have a couple of Oberthur cards that
are collecting the dust :)

What I might be even more interested in is if you could describe the
development process you use for working on a JavaCard applet - there's
very little resources out there to get people up and running with such
exotic topic. The added value would be ability for more people to chip
in with contributions :)

Best regards

-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20130503/55011c27/attachment.sig>

More information about the Gnupg-users mailing list