Hello,
2015-09-25 14:45 GMT+02:00 helpcrypto helpcrypto :
> But we still have the issue with the data sent from server. eg: server sent
> "sign these 10 documents" to our opensource Java local application which
> asks PKCS#11 to do it.
> Anyone could decompile, and inject an 11th doc on the reques
On 25 Sep 2015, at 10:36, helpcrypto helpcrypto wrote:
> I hope you can find a solution for my problem, cause I can't. (And perhaps
> it's impossible)
> Based on my knowledge of PKCS#11 standard, the spec is exposed to a MITM
> attack that steals the PIN when an application invokes C_Login aga
Hi,
you mention a common problem with PIN authentication and smart cards: To
keep the PIN protected on the path between the PIN entry and chip must
be protected.
There are two alternatives:
1. Establish a secure channel between the card and the PIN pad.
2. Replace PIN authentication with public
3 matches
Mail list logo
