On Wed, 2010-07-07 at 21:49 +0300, Martin Paljak wrote: > Hello, > > On Jul 7, 2010, at 6:57 PM, David Woodhouse wrote: > > I've been working on getting applications to use the 'NSS Shared > DB': > > https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX > Nice effort. Don't know if it will be possible to promote NSS to be > the library of choice on Linux platform, I know that Fedora is trying > to do that, but there will be others who dislike NSS for something > else (be that OpenSSL or GnuTLS or bouncycastle instead)
Personally, I dislike them all :) My main motivation was originally to get to the point where we can add CA certs (company certs, CAcert, etc.) to the system and have everything 'just work'. Debian's update-ca-certificates script comes close, but doesn't work for NSS... and since I'm looking at Fedora and most things there use NSS, that's kind of a PITA. Hence picking up the shared DB stuff, getting it to work, and getting apps to use it. And hence getting bug reports when opensc breaks with it... :) > OpenPGP 1.0/1.1 support that does exist in OpenSC, consists of a card > driver for basic functionality and a PKCS#15 emulation layer, as the > card does not follow PKCS#15. > There is no personalization support via pkcs15-init. You need to write > it or use the OpenPGP specific tools for that. > > The PKCS#15 emulation layer hardcodes many things that might not be on > the card at all. For example, it hard-codes 1024b keys, which are old > now, the spec supports keys up to 3072 bits. So unless pkcs11-tool > --login --test works for one of the slots, the output of pkcs15-tool > can be pure printf. Can you read out certificates for example? [dw...@i7 ~]$ pkcs11-tool --login --test resp len 17: 62 15 84 10 d2 76 00 01 24 01 02 00 00 05 00 00 05 4b 00 00 8a 01 05 Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (Signature key) Segmentation fault (core dumped) This wasn't what I intended to work on... I think I'll just get a better-supported device. :) -- dwmw2 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
