«

On 6 Set, 16:18, Roedy Green <see_webs...@mindprod.com.invalid> wrote:
> On Sat, 6 Sep 2008 00:11:20 -0700 (PDT), Francesco
> <f.pall...@gmail.com> wrote, quoted or indirectly quoted someone who
> said :
>
> >With JNA I made connection to eTPKCS11.dll (the productor dll) but
> >when I do a while cycle of WaitForSlotEvent I can't intercept the
> >events of my token USB...
> >Anybody have some Java examples of this token with that dll?
> >I hope so...
> >Thanks
>
> if you send me the DLL and a token, I would be happy to experiment for
> you.
> --
>
> Roedy Green Canadian Mind Products
> The Java Glossaryhttp://mindprod.com

Eh eh
For the dll no problem, but for the token I can't do this... I've got
it only one...

On 8 Set, 11:13, Sabine Dinis Blochberger <no.s...@here.invalid>
wrote:
> Roedy Green wrote:
> > On Fri, 05 Sep 2008 09:30:04 +0100, Sabine Dinis Blochberger
> > <no.s...@here.invalid> wrote, quoted or indirectly quoted someone who
> > said :
>
> > >If you have specific questions, let me know
>
> > At the minimum I need a way to decrypt a symmetric key with a fob's
> > private key and get the fob to disclose it public key.
>
> > Failing that, I need some one-way mechanism to load the fob with some
> > private keys, in a way that is not reproducible or discoverable, *and
> > have it do some sort of hash/decrypt with them on chip for me later.
>
> > What I would hope to find is COMPLETE sample code for various
> > applications, and install instructions for the drivers, or perhaps
> > software simulators for the fobs so you experiment with the software
> > and the fob's abilities without having to buy a great basket of them
> > just to find out what they can do.
>
> Roedy,
>
> this seems a "typical" authentication problem, and adding decrypting of
> content in a symmetric key way (lordy, I hope I'm not messing up in the
> terms here, it's been a while I have actually had to man-handle the iKey
> and deal with pki )
>
> There is sample code from SafeNet, however, probably not in Java, but C,
> VisualBasic and perhaps Delphi. I will ask to see if my boss has
> anything he can provide to you by email.
> --
> Sabine Dinis Blochberger
>
> Op3racionalwww.op3racional.eu

I have many examples writen in C++...
But I have to write Java... I tried to port them but there is
something wrong....

On 8 Set, 11:13, Sabine Dinis Blochberger <no.s...@here.invalid>
wrote:
> Roedy Green wrote:
> > On Fri, 05 Sep 2008 09:30:04 +0100, Sabine Dinis Blochberger
> > <no.s...@here.invalid> wrote, quoted or indirectly quoted someone who
> > said :
>
> > >If you have specific questions, let me know
>
> > At the minimum I need a way to decrypt a symmetric key with a fob's
> > private key and get the fob to disclose it public key.
>
> > Failing that, I need some one-way mechanism to load the fob with some
> > private keys, in a way that is not reproducible or discoverable, *and
> > have it do some sort of hash/decrypt with them on chip for me later.
>
> > What I would hope to find is COMPLETE sample code for various
> > applications, and install instructions for the drivers, or perhaps
> > software simulators for the fobs so you experiment with the software
> > and the fob's abilities without having to buy a great basket of them
> > just to find out what they can do.
>
> Roedy,
>
> this seems a "typical" authentication problem, and adding decrypting of
> content in a symmetric key way (lordy, I hope I'm not messing up in the
> terms here, it's been a while I have actually had to man-handle the iKey
> and deal with pki )
>
> There is sample code from SafeNet, however, probably not in Java, but C,
> VisualBasic and perhaps Delphi. I will ask to see if my boss has
> anything he can provide to you by email.
> --
> Sabine Dinis Blochberger
>
> Op3racionalwww.op3racional.eu

I have many examples writen in C++...
But I have to write Java... I tried to port them but there is
something wrong....

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>You can of course keep
>data encrypted at all times before delivering it to anyone.

That was my plan, to deliver all the data encrypted, and later decide
which data you can view, but leave it normally in encrypted form.
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>You can of course keep
>data encrypted at all times before delivering it to anyone.

That was my plan, to deliver all the data encrypted, and later decide
which data you can view, but leave it normally in encrypted form.
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>
>I would think the server has to control this, in the form of users,
>roles and groups. It is not necessary to do that through encryption,
>although it seems your customers trusts that more (and they do not trust
>their admins).
>
>Still, someone is going to have to have full access.

One of the design constraints was lack of server side code.. All I
had was a vanilla http server, no Servlets, no SSL. The problem is
working within the constraints of a large bureaucracy.

--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>
>I would think the server has to control this, in the form of users,
>roles and groups. It is not necessary to do that through encryption,
>although it seems your customers trusts that more (and they do not trust
>their admins).
>
>Still, someone is going to have to have full access.

One of the design constraints was lack of server side code.. All I
had was a vanilla http server, no Servlets, no SSL. The problem is
working within the constraints of a large bureaucracy.

--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>
>Not sure what you mean by "set". The set of algorythms?
>IIRC, the iKey authentication works through challenges. The private key
>will never leave the token. Those computations happen inside the token.

set of JCE methods.

I realise that is how tokens work, but I don't see how JCE hooks into
that. It seem to have Private Key and Public key objects. Perhaps it
works even when the private key is inaccessible in the token.

--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>
>Not sure what you mean by "set". The set of algorythms?
>IIRC, the iKey authentication works through challenges. The private key
>will never leave the token. Those computations happen inside the token.

set of JCE methods.

I realise that is how tokens work, but I don't see how JCE hooks into
that. It seem to have Private Key and Public key objects. Perhaps it
works even when the private key is inaccessible in the token.

--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

On Mon, 08 Sep 2008 12:41:44 +0100, Sabine Dinis Blochberger
<> wrote, quoted or indirectly quoted someone who
said :

>The SDK is also the necessary starting place if you want to use their
>tokens at all - since you can't get the APIs any other way. So it can be
>a good investment. Start with the iKey 2032, it's cheaper than the 4000.


What really bugs me is they want you to buy tokens and SDKs before you
know what the beast is capable of.

There is barely a single hard fact in any of the sales literature on
any vendor's site. They are also cagey about prices, not even
ballpark prices.
--

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com