[ciphershed] Re: [OT] Microsoft crypto, Gemalto Smart cards, and PGP

  • From: Pid Zero <p1dz3r0@xxxxxxxxx>
  • To: "ciphershed@xxxxxxxxxxxxx" <ciphershed@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jun 2014 08:51:01 +0100

Good ole Microshaft. They've long had a history of writing non-standard
crypto to try use their dominant position in the desktop market to force
their shoddy half baked ideas on the industry.

<Replied from my mobile so please excuse the fat fingering & lack of PGP. I
advise that any technical info in this email be subject to external
scrutiny>
--
At the time of writing, no warrants have been served to me, nor am I
under any legal compulsion concerning the CipherShed project. I do not
know of any searches of seizures of my assets.

On Tuesday, June 24, 2014, Jason Pyeron <jpyeron@xxxxxxxx> wrote:

> I have spent the last 2 weeks trying to sign my blody git commit with my
> smart
> card.
>
> I have a gemalto card, there are docs for the ADPU comamnds and it does not
> follow the ISO or NIST standards correctly.
>
> Microsoft in their infinite wisdom decided that if you are doing an RSA
> operation, that you must let them do the padding for you, and their
> padding does
> not jive with PGP's desired padding.
>
> So now I am trying to write an man in the middle logging framework for the
> winscard.dll to log the ADPU commands that are being send by the "middle
> ware" I
> mean crapware from ActivIdentity, who will not release their PKCS11 API
> docs
> either.
>
> So I am left with the following choices:
>
> 1. Update GIT to support S/MIME signatures
> 2. successfully reverse engineer the APDU comamnds by making a man in the
> middle
> winscard.dll
> 3. hacking the microsoft windows crypt API to add in a 2048 bit non-hash
> hash
> function to create a valid HCRYPTHASH reference
> 4. hacking the HCRYPTHASH references to convience CryptSignHashW to allow
> arbitrary data of arbitrary length to be signed.
> 5. hope that PGP never creates a hash larger than 288 bits (number bigger
> than
> 256**36) to be signed
>
> I hate supid crypto. Why do people mess it up so much?!?!?!
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> -                                                               -
> - Jason Pyeron                      PD Inc. http://www.pdinc.us -
> - Principal Consultant              10 West 24th Street #100    -
> - +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
> -                                                               -
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> This message is copyright PD Inc, subject to license 20080407P00.
>
>

-- 
--
At the time of writing, no warrants have ever been served to me, nor am I
under any personal legal compulsion concerning the
CipherShed project. I do not know of any searches or seizures of my
assets.

Other related posts: