Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390
On 09/18/2008 09:10 PM, Andreas Jellinghaus:
Hi everyone, I sat down and implemented cardos-tool with "--info" replacing the old "cardos-info" tool (no changes here), but with also "--format" which first deletes everything, and then creates a new main folder. this implementation includes secure messaging for cardos, but only for those two APDU commands. implemented using openssl. that way we only use published information, and no encrypted APDU commands, so this should be legal. so far it works only for "4.2C" cards. I have aladdin etokens here with cardos: 4.0, 4.01, 4.2, 4.2C maybe you want to help? * gcc throws some warnings, didn't have a look so far * not sure it still compiles / cross-compiles well * if you have some cards you no longer need, and want to test: edit cardos-tool.c and change the check for version 4.2C to the version of your card. I guess it will work for 4.2B and 4.3B and later as well, but I can't verify. WARNING: if it doesn't work, this could kill your card/token, so please only try if you have a card/token to spare. NO WARRANTY OF ANY KIND! * donations for cards or tokens with other versions are also very welcome. * maybe we should implement handling MANUFACTURING and ERASING FILE states as well properly. * maybe we should allow people to enter the startkey? (there is an option, but so far it does nothing) * if ERASE on the MF is PIN protected, we fail. maybe someone wants to add code asking for the pin? or at least detect that the MF ERASE is PIN protected? * does anyone know the size for the MF when other people create it? right now it is a hard coded value, not sure what is recommended. * we could implement a transport key if people want (erase the card, change the ff startkey to some other startkey, and then create MF). not sure this is worth the work. * does anyone know the AC system in detail? right now I create the MF with all AC byes 00 (everyone can do). does opensc change this later? is it a problem or ok? things we can't fix: * brand new tokens still have startkey "version 00". I know the command to change that to startkey ff (with 16 bytes ff as key), but I'm not allowed to publish it (still waiting for an ok). if you have such a card/token, you need siemens software to fix it first. * if your token/card contains packages, those would be lost if we erase your card. and opensc can't reinstall them. thus we check for packages and if there is any, we refuse to format the tokens. I think cardos 4.0 and 4.2 needs packages, not 100% sure. if you are still brave enough to test, feedback is very welcome! Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel