List Info

Thread: smartcard / hardware token, ISO9797-1 alg3 mac, DES3
smartcard / hardware token, ISO9797-1 alg3 mac, DES3
user name
 2006-08-11 12:16:16 
Hi,
we are looking for a smartcard / hardware token and hope
that someone on 
this list may give us an advice.

One of our products requires a hardware module that:
- implements DES_CBC - encryption and decryption;
- implements DES3_CBC - encryption, decryption, key wrapping
and unwrapping;
- supports ISO 11568-2 symmectric key initialization - a
double length key
is derived from three double length components using xor;
- optional - implements the ISO 9797-1 algorithm 3 MAC (ANSI
X9.19 double
length key MAC) with method 1 padding - generation and
verification;
- if ISO 9797-1 alg3 MAC is not supported, an advantage
would be the
possibility to implement the MACing on the module in
software (e.g. JavaCard
Applet / MultOS application);

The module shall be certified according to FIPS 140-2 level
3 or CC EAL 4+
(key storage, random number generator and DES
implementation).

In terms of PKCS#11 interface, the module must implement the
following
mechanisms:
- CKM_DES_CBC - encryption and decryption
- CKM_DES3_CBC - encryption, decryption, key wrapping and
unwrapping
- CKM_XOR_BASE_AND_DATA - for loading double length DES3
keys in three 
components that will be XORed inside the module
- CKM_CONCATENATE_BASE_AND_KEY - for deriving a double
length DES3 key from 
two single length DES keys

Currently we have made tests with CardOS 4.3b and DataKey
330U cards, 
however, none of them supports CKM_XOR_BASE_AND_DATA. With
other cards - G&D 
StarSign StarCos and Axalto Cyberflex with PKI Applet - we
weren't even able 
to store a DES3 key on the token.

Can you recommend us a card/token/module that supports the
mechanisms 
specified above?

What do you think of a custom JavaCard applet approach? We
assume in this 
case it won't be certified.
With CardOS 4.3b cards we are able to do one ISO 9797-1 alg3
mac of 64 bytes 
of data in 1.32 sec. Should we except similar performance
with a JavaCard 
applet?

Regards,
Martin Valkanov 

_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )