Am Dienstag 16 März 2010 07:20:31 schrieb Rickard Bellgrim:
> Hi
>
> A quick comment is that OpenDNSSEC will, probably in May, only need the
> private part of the key. Since you can derive the public part from the
> private object. This will save space in the HSM and make our code faster.
hu? a
Am Dienstag 16 März 2010 08:28:32 schrieb Rickard Bellgrim:
> But you still have access to the "public parts" of the private key.
ok, I'm no expert here, so I can't say yes or know.
But I know that some cards hide their private keys, so you need
to login first, to see if some private key is on th
Am Montag 15 März 2010 22:08:28 schrieb Douglas E. Engert:
> Andreas Jellinghaus wrote:
> > Hi everyone,
> >
> > here is a bug report with a patch for pkcs11-tool.
> >
> > I'm no expert on this subject, so feedback is very welcome.
> > it looks good in general, except maybe more return codes/
> > e
Hi,
Andreas Jellinghaus wrote:
> we discussed this in the past, and the general consensus seems to
> improve the debug/logging code.
>
My point of view is quite on-sided .
Simplifying a little bit, from my 'developer' point of view there are
two contradicting aspirations,
from one side redu
On Mar 16, 2010, at 09:09 , Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 07:20:31 schrieb Rickard Bellgrim:
>> Hi
>>
>> A quick comment is that OpenDNSSEC will, probably in May, only need the
>> private part of the key. Since you can derive the public part from the
>> private object. This
On Mar 16, 2010, at 10:18 , Andreas Jellinghaus wrote:
> Am Montag 15 März 2010 22:08:28 schrieb Douglas E. Engert:
>> Andreas Jellinghaus wrote:
>>> Hi everyone,
>>>
>>> here is a bug report with a patch for pkcs11-tool.
>>>
>>> I'm no expert on this subject, so feedback is very welcome.
>>> it
On 16 mar 2010, at 09.15, Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 08:28:32 schrieb Rickard Bellgrim:
>> But you still have access to the "public parts" of the private key.
>
> ok, I'm no expert here, so I can't say yes or know.
>
> But I know that some cards hide their private key
Dear Friends,
I am trying to create a self-signed certificate using Feitian
cryptographic engine:
> OpenSSL>engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
> MODULE_PATH:opensc-pkcs11.so
> (dynamic) Dynamic engine loading support
> [Su
pkcs11-tool --list-slots (or something like that)
will show you what slots you have.
Regards, Andreas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Le mardi 16 mars 2010 à 14:41 +0100, Andreas Jellinghaus a écrit :
> pkcs11-tool --list-slots (or something like that)
> will show you what slots you have.
pkcs11-tool --list-slots
Available slots:
Slot 4294967295 Virtual hotplug slot
(empty)
Slot 1 OmniKey CardMan 4321 00 00
hmm. my vague memory tells me with some cards you generate a private key,
and only then - right after generating - you get the public key as response.
so it needs to be saved right away as rsa public key object or a certificate
signing requests needs to be generated, else you can't download the pub
Am Dienstag 16 März 2010 14:44:36 schrieb Jean-Michel Pouré - GOOZE:
> pkcs11-tool --list-slots
> Available slots:
> Slot 4294967295 Virtual hotplug slot
...
> You must specify a slot ID
pkcs11-tool printed that last line? looks like a bug to me,
for other operations: sure, you need to sp
Le mardi 16 mars 2010 à 14:54 +0100, Andreas Jellinghaus a écrit :
> > You must specify a slot ID
>
> pkcs11-tool printed that last line?
Confirmed. Okay, I am opening a bug. Thanks for the help!
--
Jean-Michel Pouré - jmpo...@gooze.eu
___
Hi everyone,
I updated the library version in configure.ac, as opensc is no
longer compatible with the 0.11.* library version.
Also I added what I remember to the NEWS file. Please take a look
yourself, and add all the changes/new features etc. we added so far
in trunk/.
Thanks, Andreas
can you test if attached patch works for you?
I changed the "CKA_PRIVATE" so you can set it with a command
line option, but by default is is not set.
Also I removed CKA_ENCRYPT and CKA_WRAP for now. not sure
if that is the right thing. at least opensc doesn't work
with CKA_WRAP so either not set
Am Dienstag 16 März 2010 14:56:27 schrieb Jean-Michel Pouré - GOOZE:
> Le mardi 16 mars 2010 à 14:54 +0100, Andreas Jellinghaus a écrit :
> > > You must specify a slot ID
> >
> > pkcs11-tool printed that last line?
>
> Confirmed. Okay, I am opening a bug. Thanks for the help!
can you test this pa
Le mardi 16 mars 2010 à 15:18 +0100, Andreas Jellinghaus a écrit :
> can you test this patch?
>
> Thanks, Andreas
Works perfectly.
Kind regards, Jean-Michel
**
pkcs15-tool --list-public-keys
Using reader with a card: Feitian SCR301 01 00
Publ
Le mardi 16 mars 2010 à 15:30 +0100, Jean-Michel Pouré - GOOZE a écrit :
> > Thanks, Andreas
Sorry, I missed my answer with the long signature.
I am going to remove it.
--
Jean-Michel Pouré - jmpo...@gooze.eu
___
opensc-devel mailin
Le mardi 16 mars 2010 à 15:18 +0100, Andreas Jellinghaus a écrit :
> can you test this patch?
>
> Thanks, Andreas
For info, after applying your last patch, this command:
OpenSSL> req -engine pkcs11 -new -key
id_c6f280080fb0ed1ebff0480a01d00a98a1b3b89a -keyform engine -x509 -out
cert.pem -text
en
Am Dienstag 16 März 2010 15:41:04 schrieb Jean-Michel Pouré - GOOZE:
> For info, after applying your last patch, this command:
> OpenSSL> req -engine pkcs11 -new -key
> id_c6f280080fb0ed1ebff0480a01d00a98a1b3b89a -keyform engine -x509 -out
> cert.pem -text
> engine "pkcs11" set.
> Invalid slot numb
Am Dienstag 16 März 2010 15:30:41 schrieb Jean-Michel Pouré - GOOZE:
> Le mardi 16 mars 2010 à 15:18 +0100, Andreas Jellinghaus a écrit :
> > can you test this patch?
> >
> > Thanks, Andreas
>
> Works perfectly.
ok, thanks for testing. commited to trunk.
Regards, Andreas
Hello Andreas,
is it wanted that now, when using 'pkcs15-init' tool,
the more-then-once-verbose debug log goes onto 'stderr' ?
Kind wishes,
Viktor.
--
Viktor Tarasov
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.ope
Hi,
the debug log files include the line number.
I hope the combination of file+function+message
is unique, wo we can drop the line number.
When we face problems with a new version of opensc,
it is often helpfull to ask, if something worked
with an older version, and to get two debug log
files, s
Am Dienstag 16 März 2010 17:36:31 schrieb Viktor TARASOV:
> is it wanted that now, when using 'pkcs15-init' tool,
> the more-then-once-verbose debug log goes onto 'stderr' ?
a...@yomigaeri:~/projects/opensc/opensc/src/tools$ grep debug_file *.c
opensc-explorer.c: ctx->debug_fi
On Mar 16, 2010, at 18:43 , Andreas Jellinghaus wrote:
> Hi,
>
> the debug log files include the line number.
> I hope the combination of file+function+message
> is unique, wo we can drop the line number.
>
> I'd be for that. what is your preference?
Log includes a lot of information that changes
Andreas Jellinghaus wrote:
> Hi,
>
> the debug log files include the line number.
> I hope the combination of file+function+message
> is unique, wo we can drop the line number.
>
> When we face problems with a new version of opensc,
> it is often helpfull to ask, if something worked
> with an older
On Mar 16, 2010, at 18:46 , Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 17:36:31 schrieb Viktor TARASOV:
>> is it wanted that now, when using 'pkcs15-init' tool,
>> the more-then-once-verbose debug log goes onto 'stderr' ?
>
> a...@yomigaeri:~/projects/opensc/opensc/src/tools$ grep debug
On Mar 16, 2010, at 18:52 , Viktor TARASOV wrote:
> Probably the debug line content can be made configurable?
> I mean to make optional 'pid', 'time', 'process name', 'line', ...
Eventually the debug information coming from "the wild" should look the same.
But something like a "developer mode" ca
Andreas Jellinghaus wrote:
> hmm. my vague memory tells me with some cards you generate a private key,
> and only then - right after generating - you get the public key as response.
> so it needs to be saved right away as rsa public key object or a certificate
> signing requests needs to be gener
Am Dienstag 16 März 2010 18:04:50 schrieb Martin Paljak:
> > Maybe we should have a uniform handling for all tools?
> > It is strange if one tool does this, and the others don't.
>
> The problem with stderr and stdout is that tools also write independently
> to those files. What makes it hard to
Am Dienstag 16 März 2010 17:52:37 schrieb Viktor TARASOV:
> For me it's quite useful at the developing stage .
>
> Probably the debug line content can be made configurable?
> I mean to make optional 'pid', 'time', 'process name', 'line', ...
the log.c side of this would be quite easy to implement
Am Dienstag 16 März 2010 18:08:44 schrieb Martin Paljak:
> On Mar 16, 2010, at 18:52 , Viktor TARASOV wrote:
> > Probably the debug line content can be made configurable?
> > I mean to make optional 'pid', 'time', 'process name', 'line', ...
>
> Eventually the debug information coming from "the wi
Am Dienstag 16 März 2010 17:42:06 schrieb OpenSC:
> #203: pkcs11-tool --list-slots returns invalid slot
> -+-
> - Reporter: jmpoure |Owner: opensc-de...@…
> Type: defect | Status: closed
> Priority:
Le lundi 15 mars 2010 à 22:44 +0100, Andreas Jellinghaus a écrit :
> so didn't you get an error message like that?
> please check your syslog.
Yes, I got this error message .
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://w
Hi
A quick comment is that OpenDNSSEC will, probably in May, only need the private
part of the key. Since you can derive the public part from the private object.
This will save space in the HSM and make our code faster.
// Rickard
On 15 mar 2010, at 21.39, Andreas Jellinghaus wrote:
> Hello,
But you still have access to the "public parts" of the private key.
16 mar 2010 kl. 08.10 skrev "Andreas Jellinghaus" :
> Am Dienstag 16 März 2010 07:20:31 schrieb Rickard Bellgrim:
>> Hi
>>
>> A quick comment is that OpenDNSSEC will, probably in May, only need
>> the
>> private part of the key
If using PKCS#11 I would personally not go down a path that is not
commonly used. The common usage of smart cards and hardware security
modules always stores both the private (as a sensitive object) and the
public key (either as a public key or as an x.509 certificate).
This works and is well t
If using PKCS#11 I would personally not go down a path that is not
commonly used. The common usage of smart cards and hardware security
modules always stores both the private (as a sensitive object) and the
public key (either as a public key or as an x.509 certificate).
This works and is well t
On 16 mar 2010, at 13.50, Tomas Gustavsson wrote:
>
> If using PKCS#11 I would personally not go down a path that is not
> commonly used. The common usage of smart cards and hardware security
> modules always stores both the private (as a sensitive object) and the
> public key (either as a pu
On Mar 16, 2010, at 21:57 , Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 18:08:44 schrieb Martin Paljak:
>> On Mar 16, 2010, at 18:52 , Viktor TARASOV wrote:
>>> Probably the debug line content can be made configurable?
>>> I mean to make optional 'pid', 'time', 'process name', 'line', ...
On Mar 16, 2010, at 22:04 , Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 17:42:06 schrieb OpenSC:
>> #203: pkcs11-tool --list-slots returns invalid slot
>> -+-
>> - Reporter: jmpoure |Owner: opensc-de...@…
>
On Mar 16, 2010, at 15:31 , Tomas Gustavsson wrote:
>
> If using PKCS#11 I would personally not go down a path that is not
> commonly used. The common usage of smart cards and hardware security
> modules always stores both the private (as a sensitive object) and the
> public key (either as a pu
On Mar 16, 2010, at 21:52 , Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 18:04:50 schrieb Martin Paljak:
>>> Maybe we should have a uniform handling for all tools?
>>> It is strange if one tool does this, and the others don't.
>>
>> The problem with stderr and stdout is that tools also wr
On Mar 16, 2010, at 21:56 , Andreas Jellinghaus wrote:
> Am Dienstag 16 März 2010 17:52:37 schrieb Viktor TARASOV:
>> For me it's quite useful at the developing stage .
>>
>> Probably the debug line content can be made configurable?
>> I mean to make optional 'pid', 'time', 'process name', 'line',
44 matches
Mail list logo
