OpenSC versus Musclecard

We're trying to add cryptographic support to GSM cards. What
we're thinking is hacking some cryptographic application so
it reads wirelessly its support files from a card inserted
in a mobile phone and registered into the network.

At first what we need is to make clear the scope where
OpenSC is to be used and the scope where Musclecard is to be
used.

OpenSC reports that it's to be used with
"traditional" smartcards with a file system, and
suggests to avoid Java enabled cards, as they don't have a
filesystem. But indeed GSM cards operators here are using
are Java cards and do have a filesystem. Only from Java Card
2.2.2 on a filesystem is excluded (this means AFAIK that the
package javacard.frameworkx is no longer available, am I
right?)

So OpenSC *could* be used with current GSM cards.

Moreover Musclecard reports being available to Java cards,
which include current GSM cards. Does this mean Musclecard
don't make use of the filesystem in any way?

Also, Musclecard implements PKCS #11 where OpenSC implements
PKCS #15. What are the differences from a practical point of
view between #11 and #15?

Also, is a cryptoprocessor in the smartcard needed for using
also Musclecard and OpenSC?

Summarizing: Given that we need cryptographic support into a
current GSM Java card, should we go for OpenSC or for
Musclecard?

Any ideas, comments or suggestions are welcome.

Cordially, Ismael
-- 
Ismael Valladolid Torres      w. Madrid (SPAIN)
                              j. ivalladtgmail.com
http://linuxav.blogspot.
com/
http://lamediahost
ia.blogspot.com/     k. DE721AF4

_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

On 6/22/07, Ismael Valladolid Torres <ivalladtpunkass.com> wrote:
> Also, Musclecard implements PKCS #11 where OpenSC
implements PKCS #15. What are the differences from a
practical point of view between #11 and #15?
pkcs11 is standart for universal application use of
smartcards etc...
pkcs15 is standart how keys are stored on card, which is
card specific
if it uses pkcs15 or not.

> Also, is a cryptoprocessor in the smartcard needed for
using also Musclecard and OpenSC?
Guess yes, if you don't want to use it just as memory
storage.

> Summarizing: Given that we need cryptographic support
into a current GSM Java card, should we go for OpenSC or for
Musclecard?
As I understand, musclecard is just specific java applet for
javacards
which later can be used by muscle or newer opensc
versions...

Please correct me if I'm wrong.
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

Ismael Valladolid Torres wrote:
> We're trying to add cryptographic support to GSM cards.
What we're thinking is 
 > hacking some cryptographic application so it reads
wirelessly its support files
 > from a card inserted in a mobile phone and registered
into the network.
> 
> At first what we need is to make clear the scope where
OpenSC is to be used and 
 > the scope where Musclecard is to be used.
> 
> OpenSC reports that it's to be used with
"traditional" smartcards with a file 
 > system, and suggests to avoid Java enabled cards, as
they don't have a filesystem.

But OpenSC also provides a way to write your own emulation
driver that will emulate
the file system or selected files on a card. The files do
not have to exist on the card
and you emulator gets to intercept all requests. The NIST
800-73-1 PIV card  that I am
working on is an example. Most PIV card vendors are using
Java cards with the PIV applet
preloaded. 800-73 defines the AID and the commands the
applet must respond to which
are object based, not file based.  The card-piv.c and
pkcs15-piv.c
emulate a pkcs15 type file system with a fixed set of
emulated files for the certs,
pubkeys, prvkeys and data objects on the card. Pubkeys do
not exist on the card,
the pubkey is obtained from the cert and emulated to look
like there is a pubkey file.

 > But indeed GSM cards operators here are using are Java
cards and do have a filesystem.
 > Only from Java Card 2.2.2 on a filesystem is excluded
(this means AFAIK that the package
 > javacard.frameworkx is no longer available, am I
right?)
>

You may not need to deal with Java. It depends in the applet
on the card.

> So OpenSC *could* be used with current GSM cards.
> 
> Moreover Musclecard reports being available to Java
cards, which include current GSM cards. 
 > Does this mean Musclecard don't make use of the
filesystem in any way?
> 
> Also, Musclecard implements PKCS #11 where OpenSC
implements PKCS #15. What are the differences 
 > from a practical point of view between #11 and #15?

But OpenSC implements a PKCS#11 on top of the PKCS#15.  The
opensc-pkcs11.so can be used
by Mozilla for example.

> 
> Also, is a cryptoprocessor in the smartcard needed for
using also Musclecard and OpenSC?

Yes and no. If private keys are stored on the smartcard such
that they can not be read off
the card, then to use them you must use the cryptoprocessor
on the card. (That is the
point of using a smartcard vs a memory card. You can't read
the key, and thus have to use
the card to respond to some authentication challenge in real
time, thus proving you
are in possession of the card.)

> 
> Summarizing: Given that we need cryptographic support
into a current GSM Java card, 
 >should we go for OpenSC or for Musclecard?
> 
> Any ideas, comments or suggestions are welcome.
> 
> Cordially, Ismael
> 
> 
>
------------------------------------------------------------
------------
> 
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http
://lists.drizzle.com/mailman/listinfo/muscle

-- 

  Douglas E. Engert  <DEEngertanl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

Ismael Valladolid Torres wrote:
> We're trying to add cryptographic support to GSM cards.
What we're thinking is hacking some cryptographic
application so it reads wirelessly its support files from a
card inserted in a mobile phone and registered into the
network.
> 
If you want to run your application in a GSM card that is
registered in 
the network you will need some support form your operator to
load the 
app and give you the right permissions.

> At first what we need is to make clear the scope where
OpenSC is to be used and the scope where Musclecard is to be
used.
> 
> OpenSC reports that it's to be used with
"traditional" smartcards with a file system, 
> and suggests to avoid Java enabled cards, as they don't
have a filesystem. But indeed GSM 
> cards operators here are using are Java cards and do
have a filesystem. Only from Java Card 2.2.2 
> on a filesystem is excluded (this means AFAIK that the
package javacard.frameworkx is no longer available, am I
right?)
> 
A Java Card for the GSM network, consists of the JCRE and
API of the 
Java Card specification typically today version 2.2. It come
with some 
additional API to get access to the GSM filesystem in SIM
card or to the 
filesystem of the USM/SIM/ISIM applications on a UICC card,
and some 
additional APIs to drive the toolkit protocoll. These
addtional APIs are 
defined by ETSI and 3GPP. You need the informations from
your car vendor 
or operator which version of the APIs he is using.

> So OpenSC *could* be used with current GSM cards.
> 
> Moreover Musclecard reports being available to Java
cards, which include current GSM cards. Does this mean
Musclecard don't make use of the filesystem in any way?
yes what makes sense if you have your keys and other
credential defined 
as Java objects.
> 
> Also, Musclecard implements PKCS #11 where OpenSC
implements PKCS #15. What are the differences from a
practical point of view between #11 and #15?
> 
PKCS#11 is outside the card on the desktop, PKCS#15 is an
object 
structure in the card. There are Java Card based
implementations of 
PKCS#15 available.
> Also, is a cryptoprocessor in the smartcard needed for
using also Musclecard and OpenSC?
if you whant to perform cryptographic operations in the card
then yes 
> 
> Summarizing: Given that we need cryptographic support
into a current GSM Java card, should we go for OpenSC or for
Musclecard?
> 
> Any ideas, comments or suggestions are welcome.
> 
> Cordially, Ismael
> 
> 
>
------------------------------------------------------------
------------
> 
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http
://lists.drizzle.com/mailman/listinfo/muscle

-- 
--
____________________________________________________________
_________
Sun Microsystems GmbH	                Sebastian J. Hans
Clienst System Group

Komturstrasse 18a                       email:
sebastian.hanssun.com 

12099 Berlin                            Tel: +49-(0)30-74 70
96 701 

Germany                                 Fax: +49-(0)30-74 70
96 787 

http://www.sun.com         
            mobile: +49-(0)174-300 75 34 


Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1,
D-85551 Kirchheim-Heimstetten
Amtsgericht Muenchen: HRB 161028
Geschaeftsfuehrer: Marcel Schneider, Wolfgang Engels, Dr.
Roland Boemer
Vorsitzender des Aufsichtsrates: Martin Haering
____________________________________________________________
_________
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user