Re: [opensc-devel] Active developers on opensc-project.org
On 4/3/2010 2:59 AM, Jean-Michel Pouré - GOOZE wrote: On Fri, 2010-04-02 at 16:36 +0300, Martin Paljak wrote: Entersafe (or Feitian to be precise) has no docs, so it is hard to know what it can or can not support. I asked FEITIAN for the technical documentation and I am waiting for the answer. Hi Jean-Michel, Sorry for that. Could you please tell me what email address did you write to? I can help to ask what's happening. Liuyangliuy...@ftsafe.com is one of our engineers in global tech support team, you can write to him directly. Best regards, Weitao ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Clarification of OpenSC capabilities regarding hardware operations.
On Apr 1, 2010, at 23:59 , Martin Paljak wrote: Hello, PKCS#11 is an API for cryptographic devices that perform cryptographic operations. The API itself does not mandate the use of hardware (in fact, there are several competing software PKCS#11 modules) but in the context of OpenSC, a smart card library, it is obvious that the interface provided by OpenSC deals exclusively with smart cards. It would be reasonable to expect that all of the operations exposed via PKCS#11 take place inside the security boundaries of the cryptographic smart card module. Most of the time, if smart cards are used, they are used because they can generate keys on the card that never leave the card. Sometimes pre-generated keys are loaded to smart cards for transportation or use. But usually smart cards are used for security reasons and the only security smart cards provide is the physical and logical access control to the plaintext key material. OpenSC has currently a very lax implementation of the actual functionality as well as for the flags that should signal the difference. These flags are: (from PKCS#15) native, sensitive, extractable, alwaysSensitive, neverExtractable and local related PKCS#11 functions: C_WrapKey C_UnwrapKey and usage flags: wrap, unwrap and also includes transparent key generation in software. Here's a first bunch that removes software key generation. What is changed: * pkcs15-init: remove the possibility to generate keys in the software * PKCS#11: get rid of software secret keys and remove everything related to C_UnwrapKey * PKCS#11: Remove software key generation when generating keypairs hardware-only.diff Description: Binary data Correcting different flags in different cases still needs testing with different tools and different profiles and scenarios. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] New project coordinator: Martin Paljak
Hello as well, On Apr 11, 2010, at 09:48 , Andreas Jellinghaus wrote: for several years I have coordinated the OpenSC, OpenCT, Libp11, Pam_p11 and Engine_PKCS11 projects: Created new releases, fixed some bugs, helped many users with questions, applied patches from developers all around the world, written some documentation, tested our software and the packaging by distributions, kept our server alive and up-to-date and done whatever else was necessary to keep the projects going. Still most work was done by everyone else, I only had to fill some gaps and start some processes to keep the projects going. I'd like to thank Andreas for the great work during the past few years and for keeping the projects alive and moving forward! I heard about the intentions of some people to go to LinuxTag in Berlin for a get-together, if that will take place then Andreas receives a few beers/pizzas/whatever on me :) Recently however I started a new job and at least right now I have little time available for these open source projects. Thus I'm very happy to announce Martin Paljak has agreed to take over as project coordinator for these projects. Martin is a long time contributer and very active developer to OpenSC. He has already taken care of several parts of OpenSC in the past and improved and maintained them, such as the PC/SC reader driver with a focus on the PIN-pad input system, or driver for estonian national ID cards. Also he has been co-administrator of our server for several years and very active on the mailing list, helping users and developers, and recently started to reorganize and greatly improve our wiki pages. Looking back in time, I've been involved (at least using ;)) with the open source smart card related software since 2004 or so, with ups and downs in activity, as life usually goes. I can be accused in making it possible to use the Estonian eID card on alternative platforms, first Linux, then Mac, and it has all been possible because of the great work done by everybody who has contributed to OpenSC and friends! This has led to Estonia using OpenSC in the official eID software, which, I believe, led to the decision to create all of the software under LGPL or comparable (check https://id.eesti.ee/trac for the rest of it) I believe that working whit this has given me a holistic view of the smart card world that spans most common platforms (Windows, Linux, Mac OSX) and crosses the border between open source and proprietary solutions. As it is known, OpenSC has been used by others as well in their products or eID rollouts, either with source or without it. Which is IMHO a great sign of good work. My main goals and improvement areas in OpenSC are: - Raise the visibility of the OpenSC brand (and its sub-projects like all the PKCS#11 tools) among dumb end-users (who don't know that they have received OpenSC software in a software bundle), knowing end-users (who knowingly look for OpenSC and want to personalize their tokens) and among developers and integrators. To make this happen, some re-organization in the website and project(s) structure are needed. - Provide a competitive true open source solution for end-users, comparable to what is available from either card vendors or eID rollouts. This includes having smooth installers for non-Linux platforms and a user-friendly approach. - Try to keep the project(s) active and attractive to new contributors and users, no matter what their background or interest. The size and vitality of the community decides the success of an open source project, IMO. - Keep the projects up to date with current standards, trends, platform developments etc. One of these targets is to have great documentation on how to use modern JavaCards with OpenSC (or more broadly, with open source software) I also disclose that my daily work has been related to open source consulting for quite some time, which also covers OpenSC (and proprietary additions to it) but I have no relationships with any vendor (either software or hardware). If you have any comments or suggestions, please let me know. If you think that my focus on end-user and eID can lead somewhere we should not go or I'm somehow otherwise biased, please voice your opinions as well. Thanks, -- Martin Paljak http://martin.paljak.pri.ee +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Changes to opensc-project(.org) (Re: opensc-commit spam)
On Apr 11, 2010, at 11:30 , Ludovic Rousseau wrote: 2010/3/9 Martin Paljak mar...@paljak.pri.ee: - Consolidate trac instances into a) a single OpenSC trac, moving all wiki content and closing other trac-s b) closing all ticket sections in favor of opensc trac but keep the wiki pages (and SVN browser) in read only mode. Reason for this: Information is scattered between several trac-s, which all require administration and housekeeping and is confusing to users as well. None of the smaller trac-s have been actively used for ticket tracking or have any other changes for months. This could be approached on a case-by-case basis as well. No change in SVN repos. But the main page at http://www.opensc-project.org/ still points to the old wiki. Any reason for that? Can we switch to point to the new wiki now or do we wait for some other change? OK. / redirects to /opensc -- Martin Paljak http://martin.paljak.pri.ee +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Changes to opensc-project(.org) (Re: opensc-commit spam)
2010/4/12 Martin Paljak mar...@paljak.pri.ee: On Apr 11, 2010, at 11:30 , Ludovic Rousseau wrote: 2010/3/9 Martin Paljak mar...@paljak.pri.ee: - Consolidate trac instances into a) a single OpenSC trac, moving all wiki content and closing other trac-s b) closing all ticket sections in favor of opensc trac but keep the wiki pages (and SVN browser) in read only mode. Reason for this: Information is scattered between several trac-s, which all require administration and housekeeping and is confusing to users as well. None of the smaller trac-s have been actively used for ticket tracking or have any other changes for months. This could be approached on a case-by-case basis as well. No change in SVN repos. But the main page at http://www.opensc-project.org/ still points to the old wiki. Any reason for that? Can we switch to point to the new wiki now or do we wait for some other change? OK. / redirects to /opensc What I had in mind was to point to /opensc/wiki/pam_pkcs11/ instead of /pam_pkcs11/ from the main page. Not completely change the main page. Index: trunk/versions === --- trunk/versions (révision 237) +++ trunk/versions (copie de travail) @@ -31,7 +31,7 @@ tda href=/files/pam_p11/pam_p11-0.1.5.tar.gz0.1.5/a/td /tr tr - tda href=/pam_pkcs11/Pam PKCS#11/a/td + tda href=/opensc/wiki/pam_pkcs11/Pam PKCS#11/a/td tda href=/files/pam_pkcs11/pam_pkcs11-0.6.3.tar.gz0.6.3/a/td /tr tr But the solution you implemented is also a good idea. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] New project coordinator: Martin Paljak
Am Montag 12 April 2010 12:59:08 schrieb Martin Paljak: I'd like to thank Andreas for the great work during the past few years and for keeping the projects alive and moving forward! I heard about the intentions of some people to go to LinuxTag in Berlin for a get-together, if that will take place then Andreas receives a few beers/pizzas/whatever on me :) thanks for the offer, but I guess I can't make it to linuxtag in berlin this years, as I already have other plans for that weekend. but I'd be very interested in meeting up with people, and it would be best if it could be planed quite early, so we can even submit some talks, man a booth, prepare some demonstrations or organize a meeting with other projects to discuss smart card - application integration. my suggestion would be fosdem. I haven't been there so far, but from the news I read it seems to be the most active meeting for developers of all kinds of projects. it is away far enough so we have enough time for planing and preperations. the only downside is: it is quite far away: february next year. If you have any comments or suggestions, please let me know. If you think that my focus on end-user and eID can lead somewhere we should not go or I'm somehow otherwise biased, please voice your opinions as well. I still hope to find sime time for opensc too, some of the things I would like to work one (if I find time) are: * documentation. something small to ship with tar.gz files and install with distributions deb/rpm files. maybe in docbook/html/pdf/man whatever? * working example code: people often ask for examples of ssl sessions with smart card authentication. so we should provide that is possible, maybe for all major ssl kits (openssl, gnutls, nss). * developer documentation. I'm thinking about gathering commands to reflect the common operations, create log files with APDUs, decode them and thus build some document that shows what opensc does in detail, and what code needs to be written for new drivers to reproduce that. * maybe also write / help with acos5 driver. but I have quite little time right now, so no idea when I get to those. Also of course I will try to help as good as I can with administrative tasks and whatever else is necessary, if you need any help. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Project meeting at some .eu expo
Andreas Jellinghaus wrote: my suggestion would be fosdem. I haven't been there so far, but from the news I read it seems to be the most active meeting for developers of all kinds of projects. Yes - I'd say it's even too active. I have been exhibiting coreboot at LinuxTag for a couple of years, and this year I went to FOSDEM for the first time. Basically I did not have any time at all to listen to talks - all of my time was spent meeting people and also giving talks. This sucked in a way, since all the devrooms have to arrange their own recording of talks - so you always miss out on a lot of talks. FOSDEM is short by design, making it very difficult to spend time with every community or project that you would like to. In contrast I think LinuxTag is long enough that there is a good chance to interact with everyone that you want to meet. LinuxTag runs Wed-Sat, maybe it's possible to meet in one of the week days? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Simclist compiling question
Hello, On Apr 12, 2010, at 17:52 , Viktor TARASOV wrote: I cannot compile current trunk in win32 with the Visual Studio tools. The reason is simclist.h(30) : fatal error C1083: Cannot open include file: 'inttypes.h': No such file or directory What can I do, please ? http://ffmpeg.arrozcru.org/wiki/index.php?title=Inttypes.h -- Martin Paljak http://martin.paljak.pri.ee +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel