cards that only do SHA-1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

cards that only do SHA-1

Daniel Pocock-2


Hi,

I've got a few cards in my drawer that I'm trying to identify.

Spec sheets for some versions of these cards only mention SHA-1 while
I've come across other spec sheets that mention SHA-256, I'm not sure if
there are different versions of the same card, software updates or
something else.

The cards in question are Athena "ASECard Crypto" and the "CryptoFlex
for Windows 32k"

Can opensc tell me definitively if these cards have anything better than
SHA-1 capability?

With SHA-1 being considered insecure, is there any practical use for
cards that don't have SHA-256 built-in already?  Can they be upgraded
somehow to support newer hashes and/or adding ECC support?

Regards,

Daniel


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cards that only do SHA-1

Thomas Calderon
Hi Daniel,

If I am not mistaken, most cards working with OpenSC do not perform
onboard hash computation (even if it is supported by the card's spec)
but rather use a software approach (using OpenSSL as a backend for
those operations).

Hence, this means that you should be able to use OpenSC's PKCS#11
middleware to perform CKM_SHA256_RSA_PKCS signatures even if the card
only supports plain RSA signatures (the padding is also generally
computed by the middleware).

Now if you require ECC support but your cards lack support, then you
need newer ones.

Hope this helps,

Thomas

On Tue, Jan 12, 2016 at 10:08 PM, Daniel Pocock <[hidden email]> wrote:

>
>
> Hi,
>
> I've got a few cards in my drawer that I'm trying to identify.
>
> Spec sheets for some versions of these cards only mention SHA-1 while
> I've come across other spec sheets that mention SHA-256, I'm not sure if
> there are different versions of the same card, software updates or
> something else.
>
> The cards in question are Athena "ASECard Crypto" and the "CryptoFlex
> for Windows 32k"
>
> Can opensc tell me definitively if these cards have anything better than
> SHA-1 capability?
>
> With SHA-1 being considered insecure, is there any practical use for
> cards that don't have SHA-256 built-in already?  Can they be upgraded
> somehow to support newer hashes and/or adding ECC support?
>
> Regards,
>
> Daniel
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel