search

frankmorgner / vsmartcard

umbrella project for emulation of smart card readers or smart cards
http://frankmorgner.github.io/vsmartcard/
714 stars 200 forks source link

SSL support for remote-reader #25

Closed psytester closed 9 years ago

psytester commented 10 years ago

As the remote-reader application transfers personal sensitive data in raw format, please add optional SSL support for connection to Bix virtual smard card reader. The Bix virtual smard card reader can be put here behind an Apache SSL endpoint. (no need to add SSL support to the reader itself).

frankmorgner commented 10 years ago

Well, a contactless card should not give away private data for free. The remote-reader only gives away what could also be sniffed on the contactless layer. So the problem is tackled best by design (as done in ePassports, for example).

However, some cards are not so privacy friendly (credit cards, for example). Android can connect to an IPSec VPN; does this solve your problem?

If it doesn't, could you describe your Apache solution in detail? I don't understand why the Bix virtual smard card reader does not need to implement SSL but still has a secured connection.

psytester commented 10 years ago

ok ok, it was late that day. Apache as endpoint works only for HTTP traffic... ;-)

IPSec VPN is a possible way, SOCKS another. Additional standalone applications, like OpenVPN, stunnel etc is a way too. But I would prefer, that the app offers a native way to do SSL based connection.

If it's to much work for the card driver, on server side an additional application could be installed to handle and pass the traffic.

frankmorgner commented 9 years ago

Then I leave securing the connection to a third party solution.