Open promovicz opened 4 years ago
laurimihkels
commented
4 years ago Hi @promovicz ,
I am glad to hear that the OMNI ring is working well with your toolchain. Also I want to thank you for the suggestion. Unfortunately, we have decided not to make any changes to current stock but we will take your suggestions into consideration if we make any new JavaCard rings.
I will leave your GH issues open for now.
promovicz
commented
4 years ago I am glad to hear that the OMNI ring is working well with your toolchain. Also I want to thank you for the suggestion. Unfortunately, we have decided not to make any changes to current stock but we will take your suggestions into consideration if we make any new JavaCard rings.
Sure! That's all I'm asking for. Thank you for your consideration.
I will leave your GH issues open for now.
Feel free to contact me or OpenJavaCard if you need any advice on open JavaCard development.
Hello! I am an open-source JavaCard developer found at https://openjavacard.org/. We have our own GlobalPlatform host toolchain that seems to work well with the OMNI.
I would like to advocate that future rings be shipped with SCP03 or possibly SCP10 by default instead of the current 3DES-based SCP02.
Using the more modern AES-based SCP03 is preferable from a cryptographic perspective and would also allow response authentication and encryption. The workflow could be the same as for SCP02. You could ship with default keys or a printed set of static keys. Open-source tools already support this protocol.
An alternative might be to use SCP10 or one of the other asymmetric protocols. This would be the most modern and secure alternative, but the workflow would likely be more complex. Not all open-source tools support these protocols.
The chip that you are using likely supports all of these protocols. Users can not change the protocol themselves however since that is done using proprietary commands.