Bug#564321: OpenSC 0.11.12 released, fixing an important regression
merge 563671 564321 thanks * Jean-Michel Pouré (j...@poure.com) wrote: > Package: opensc > Version : 0.11.9 > Severity : grave > > OpenSC 0.11.12 released, fixing an important regression: > http://www.opensc-project.org/pipermail/opensc-announce/2009-December/30.html > > The problem > --- > > OpenSC 0.11.4 and earlier did not encode integers properly in ASN.1 structures > including the on-card format for directory files. This issue was was fixed > in OpenSC 0.11.5. However in december 2009 it was discovered, that as a > result some cards initialized with OpenSC 0.11.4 and earlier will not > properly > work with OpenSC 0.11.5 and later. > > So far texting showed only problems with "Starcos" cards. The integers > keyReference and pinReference are read as negative numbers, instead > of the positive number (value+256) they should represent. > > PKCS#15 dictates that both values need to be positive Integers if > specified in the directory files on the card. Thus code can automatically > detect the wrong (negative) values and fix the issue by adding 256. > > In OpenSC 0.11.12 such code was implmeneted and successfully tested. > Starcos cards initialized with OpenSC 0.11.4 and earlier can now be used > with OpenSC 0.11.12 and later. Cards initialized with OpenSC 0.11.5 and later > continue to work fine. > > Changes to the code were implemented to keep the ABI compatible with > earlier versions, so that applications using the internal OpenSC API > such as OpenSSH do not need to be recompiled. > > Still the format on the Starcos cards initialited with OpenSC 0.11.4 > continues to be wrong. If necessary a tool can be written to convert > such old cards, please report to the OpenSC mailing lists. Creating > or storing additional private keys and PIN objects will also update > the directory files and thus should writte the correct ASN.1 values > on the cards. > > Other changes > - > > The Entersafe driver in OpenSC was enhanced so it does now support > private data objects. > > > -- Eric Dorland ICQ: #61138586, Jabber: ho...@jabber.com signature.asc Description: Digital signature
Bug#564321: OpenSC 0.11.12 released, fixing an important regression
Package: opensc Version : 0.11.9 Severity : grave OpenSC 0.11.12 released, fixing an important regression: http://www.opensc-project.org/pipermail/opensc-announce/2009-December/30.html The problem --- OpenSC 0.11.4 and earlier did not encode integers properly in ASN.1 structures including the on-card format for directory files. This issue was was fixed in OpenSC 0.11.5. However in december 2009 it was discovered, that as a result some cards initialized with OpenSC 0.11.4 and earlier will not properly work with OpenSC 0.11.5 and later. So far texting showed only problems with "Starcos" cards. The integers keyReference and pinReference are read as negative numbers, instead of the positive number (value+256) they should represent. PKCS#15 dictates that both values need to be positive Integers if specified in the directory files on the card. Thus code can automatically detect the wrong (negative) values and fix the issue by adding 256. In OpenSC 0.11.12 such code was implmeneted and successfully tested. Starcos cards initialized with OpenSC 0.11.4 and earlier can now be used with OpenSC 0.11.12 and later. Cards initialized with OpenSC 0.11.5 and later continue to work fine. Changes to the code were implemented to keep the ABI compatible with earlier versions, so that applications using the internal OpenSC API such as OpenSSH do not need to be recompiled. Still the format on the Starcos cards initialited with OpenSC 0.11.4 continues to be wrong. If necessary a tool can be written to convert such old cards, please report to the OpenSC mailing lists. Creating or storing additional private keys and PIN objects will also update the directory files and thus should writte the correct ASN.1 values on the cards. Other changes - The Entersafe driver in OpenSC was enhanced so it does now support private data objects. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
