On Fri, Sep 25, 2015 at 3:47 PM, Ludovic Rousseau <
ludovic.rouss...@gmail.com> wrote:
> Hello,
>
> 2015-09-25 14:45 GMT+02:00 helpcrypto helpcrypto :
> > But we still have the issue with the data sent from server. eg: server
> sent
> > "sign these 10 documents" to our opensource Java local applic
Hello,
2015-09-25 14:45 GMT+02:00 helpcrypto helpcrypto :
> But we still have the issue with the data sent from server. eg: server sent
> "sign these 10 documents" to our opensource Java local application which
> asks PKCS#11 to do it.
> Anyone could decompile, and inject an 11th doc on the reques
On 25 Sep 2015, at 10:36, helpcrypto helpcrypto wrote:
> I hope you can find a solution for my problem, cause I can't. (And perhaps
> it's impossible)
> Based on my knowledge of PKCS#11 standard, the spec is exposed to a MITM
> attack that steals the PIN when an application invokes C_Login aga
Hi,
you mention a common problem with PIN authentication and smart cards: To
keep the PIN protected on the path between the PIN entry and chip must
be protected.
There are two alternatives:
1. Establish a secure channel between the card and the PIN pad.
2. Replace PIN authentication with public
On Fri, Sep 25, 2015 at 11:15 AM, Andreas Schwier <
andreas.schwier...@cardcontact.de> wrote:
> Hi,
>
> you mention a common problem with PIN authentication and smart cards: To
> keep the PIN protected on the path between the PIN entry and chip must
> be protected.
>
> There are two alternatives:
On Fri, Sep 25, 2015 at 11:21 AM, Dirk-Willem van Gulik <
di...@webweaving.org> wrote:
> On 25 Sep 2015, at 10:36, helpcrypto helpcrypto
> wrote:
>
> > I hope you can find a solution for my problem, cause I can't. (And
> perhaps it's impossible)
>
> > Based on my knowledge of PKCS#11 standard, th
6 matches
Mail list logo
