microSD

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

microSD

J.Witvliet

Indeed, one of them is: http://www.go-trust.com/products/microsd-java/

They state:

-FIDO Ready

-GO-Trust PKI Applet is available with PKCS#11 support in Android, Windows and Linux.

 

So why should I still need a dev-kit?

If one should need to develop their own application on de card: obviously, but otherwise, when FIDO-ready?

Specially if they claim their Applet has pkcs11 support…

 

I read:

FIDO (Fast IDentity Online) Alliance (www.fidoalliance.org), an industry consortium revolutionizing online authentication with the first standards-based specifications. At RSA, Yubico and NXP will demonstrate the FIDO Ready YubiKey NEO with U2F (Universal Second Factor) standards, which are founded on the recently published FIDO specifications.

U2F is an open authentication standard initiative focused on scaling high security smart card technology beyond government and enterprise to every internet user.

 

 

Hans

 

From: helpcrypto helpcrypto [[hidden email]]
Sent: maandag 7 april 2014 11:47
To: Witvliet, J, DMO/OPS/I&S/HIN
Subject: Re: [Opensc-devel] microSD

 

On Mon, Apr 7, 2014 at 11:39 AM, <[hidden email]> wrote:

Hi,

 

Anybody around who has any (pos/neg) experience with smartcards packed in the form of a microSD?

 

I tried to obtain some samples before, but these appear to be vaporware…

Recently I came across two others: those from “tyfone” and from “go-trust”

Both of those companies are mainly smartphone centric, while my main objective is to use them initially in desktops, thin-clients, laptops, appliances

And perhaps later on, on other devices.

We are currently running a pilot with ~20 users with Gemalto microSD for mifare/nfc and cryptographic use-cases

Most companies are willing to provide development-kits, after signing NDA’s, but I have no interest in developing applications on the smartcard.

We signed an NDA and use their SDK.
 

I just want to access them with the pkcsxx-tools and vpn-software like openvpn and strongswan.

So I presume (correct me if I’m wrong) I should (..) be able to use standard applets/middleware.

Or am I completely mistaken and am I always subjected to a producers dev-tools? Sincerely hope not…

Technically speaking, you could attack the microSD by your own, but it will require some reverse engineering, probably forbidden by your EULA.

 

As with smartcards, a lot of obscurity/ uneeded secrecy.

BTW: I suggest you have a look at U2F/FidoAlliance.


 

Kind regards, Hans.


Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

 


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: microSD

helpcrypto helpcrypto
On Mon, Apr 7, 2014 at 12:50 PM, <[hidden email]> wrote:

Indeed, one of them is: http://www.go-trust.com/products/microsd-java/

They state:

-FIDO Ready

-GO-Trust PKI Applet is available with PKCS#11 support in Android, Windows and Linux.

cool.
First FIDO Ready I see.
 

So why should I still need a dev-kit?

To be tied with them through a software contract?
 

If one should need to develop their own application on de card: obviously, but otherwise, when FIDO-ready?

Specially if they claim their Applet has pkcs11 support…

 

I read:

FIDO (Fast IDentity Online) Alliance (www.fidoalliance.org), an industry consortium revolutionizing online authentication with the first standards-based specifications. At RSA, Yubico and NXP will demonstrate the FIDO Ready YubiKey NEO with U2F (Universal Second Factor) standards, which are founded on the recently published FIDO specifications.

U2F is an open authentication standard initiative focused on scaling high security smart card technology beyond government and enterprise to every internet user.

Well...an image worth a thousand words, so check them on the overview ;)

Keep me updated if you find "the perfect" microSD (open, flexible...)


Hans

 

From: helpcrypto helpcrypto [[hidden email]]
Sent: maandag 7 april 2014 11:47
To: Witvliet, J, DMO/OPS/I&S/HIN
Subject: Re: [Opensc-devel] microSD

 

On Mon, Apr 7, 2014 at 11:39 AM, <[hidden email]> wrote:

Hi,

 

Anybody around who has any (pos/neg) experience with smartcards packed in the form of a microSD?

 

I tried to obtain some samples before, but these appear to be vaporware…

Recently I came across two others: those from “tyfone” and from “go-trust”

Both of those companies are mainly smartphone centric, while my main objective is to use them initially in desktops, thin-clients, laptops, appliances

And perhaps later on, on other devices.

We are currently running a pilot with ~20 users with Gemalto microSD for mifare/nfc and cryptographic use-cases

Most companies are willing to provide development-kits, after signing NDA’s, but I have no interest in developing applications on the smartcard.

We signed an NDA and use their SDK.
 

I just want to access them with the pkcsxx-tools and vpn-software like openvpn and strongswan.

So I presume (correct me if I’m wrong) I should (..) be able to use standard applets/middleware.

Or am I completely mistaken and am I always subjected to a producers dev-tools? Sincerely hope not…

Technically speaking, you could attack the microSD by your own, but it will require some reverse engineering, probably forbidden by your EULA.

 

As with smartcards, a lot of obscurity/ uneeded secrecy.

BTW: I suggest you have a look at U2F/FidoAlliance.


 

Kind regards, Hans.


Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

 


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel