Re: How can I compile the CardMan 4000 driver on Kubuntu 7.10?
On Wed, Dec 19, 2007 at 11:34:47AM +0100, Alessandro Bottoni wrote:
> I downloaded the CM4000 driver from
> http://svn.gnumonks.org/trunk/omnikey_cardman/new/kernel/cm4000/ and I
> tried to compile it on both a Kubuntu 7.10 with kernel 2.6.22-14 and a
> Linux Mint 3.0 (== Kubuntu 7.04) with kernel 2.6.20-16 (on both machines
> I installed both the kernel headers and the kernel sources).
Why not use the one which comes with the kernel?
packages.ubuntu.com lists cm4000_cs as being contained in the
linux-images.
> I'm keep on getting a flood of error messages and I'm not able to
> compile the driver. It looks like the compiler does not find some header
> ("cm4000.h"?) or something like that. I tried to fix it but I was not
> lucky...
This could be because of changes within the linux kernel. As cm4000_cs
is in the vanilla kernel since a while and distributions shipping it I
would use the one already in the kernel.
> Any suggestion?
Use cm4000_cs from the kernel. Last time I've used my cardman 4000 (now
replaced by a cardman 4040) I had to use openct together with pcscd to
make gnupg make use of it.
Greetings
Daniel
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Latest news from Duesseldorf and Bolzano
Hello On Sat, Nov 11, 2006 at 03:15:03PM +0100, Werner Koch wrote: > Today it is not just the awakening of Hoppeditz [1] but also GnuPG > 2.0.0 has hit the server: > > ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.0.tar.bz2 (3813k) > ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.0.tar.bz2.sig > > A real announcement will follow soon. I've problems building it on debian unstable with GNU Pth. The build is aborted with the following error message: if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../gl -I/usr/include \ -I/usr/include -Wall -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wno-format-y2k -Wformat-security -Wformat-nonliteral -Wno-pointer-sign -MT libcommonpth_a-estream.o -MD -MP -MF ".deps/libcommonpth_a-estream.Tpo" -c -o libcommonpth_a-estream.o `test -f 'estream.c' || echo './'`estream.c; \ then mv -f ".deps/libcommonpth_a-estream.Tpo" ".deps/libcommonpth_a-estream.Po"; else rm -f ".deps/libcommonpth_a-estream.Tpo"; exit 1; fi estream.c: In function ‘es_print’: estream.c:1689: error: ‘cookie_io_functions_t’ has no member named ‘pth_write’ I've traced it down to pth.h which has PTH_SYSCALL_SOFT to 1 per default, because it's configured with --enable-pthread, which implies --enable-syscall-soft, by debian. With PTH_SYSCALL_SOFT set to 1 the pth.h header enables some #defines which replace write with pth_write. This way io.write is replaced with io.pth_write and the non existing member pth_write is used, which does not succeed. I've now placed an "# define PTH_SYSCALL_SOFT 0" top of "# include ", which disables the define in pth.h. Greetings Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: dns cert support (was: GnuPG 1.4.3 released)
On Tue, Apr 04, 2006 at 05:57:07PM -0400, David Shaw wrote:
> On Tue, Apr 04, 2006 at 08:25:01PM +0200, Peter Palfrader wrote:
> > Also, is there a tool that produces a snippet which is ready for
> > inclusion into a zone file anywhere? Something similar to ssh-keygen
> > for SSHFP RRs:
> > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key -g
> > galaxy IN TYPE44 \# 22 01 01 40cc5559546421d15fe9c1064713636a02373ad2
> > [EMAIL PROTECTED]:~$ ssh-keygen -r galaxy -f /etc/ssh/ssh_host_rsa_key
> > galaxy IN SSHFP 1 1 40cc5559546421d15fe9c1064713636a02373ad2
>
> Good idea. I just checked one in to the GnuPG SVN.
I've played with it to make it generate output for tinydns (djbdns).
Maybe somebody has use for it, so here is the patch.
One note: You need to run axfrdns to get key-records working.
Daniel
--- make-dns-cert.c.orig2006-05-05 22:43:19.0 +0200
+++ make-dns-cert.c 2006-05-05 22:50:25.0 +0200
@@ -32,6 +32,8 @@
#include
#include
+int djbdns = 0;
+
/* We use TYPE37 instead of CERT since not all nameservers can handle
CERT yet... */
@@ -66,7 +68,10 @@
fprintf(stderr,"Warning: key file %s is larger than the default"
" GnuPG max-cert-size\n",keyfile);
- printf("%s\tTYPE37\t\\# %u 0003 00 ",
+ if(djbdns)
+printf(":%s:37:\\000\\003\\000\\000\\000",name);
+ else
+printf("%s\tTYPE37\t\\# %u 0003 00 ",
name,(unsigned int)statbuf.st_size+5);
err=1;
@@ -83,7 +88,10 @@
}
for(i=0;i___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card and signing
On Tue, Mar 14, 2006 at 11:42:52PM +0100, Michael Bienia wrote: > > Michael Bienia wrote: > > > does signing with the OpenPGP card only work with SHA1 as digest-algo? > > > > > > With SHA1 and RIPEMD160 gpg asks for the PIN but only SHA1 generates a > > > working signature. Trying RIPEMD160 I get: > > > | gpg: checking created signature failed: bad signature > > > | gpg: signing failed: bad signature > > > | gpg: signing failed: bad signature > > A friend who uses his OpenPGP card with enigmail under windows can > successfully create a RIPEMD160 signature. > I could also create one if I use gpg with pcscd. > > Can someone explain me, why it works if I use gpg with pcscd and not if > I use gpg alone? I have the same problem as Michael. Just while playing with gnupg i've notived, that the problem only occur when gnupg-agent is involved. Using gnupg without the agent creates a valid ripemd160 signiture. Maybe this helps. - Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card and signing
Hello, as my last mail did not get through, here is a new one (maybe the list-moderators could drop the old one). On Tue, Mar 14, 2006 at 11:42:52PM +0100, Michael Bienia wrote: > On 2006-03-14 08:23:58 +0100, Remco Post wrote: > > Michael Bienia wrote: > > > does signing with the OpenPGP card only work with SHA1 as digest-algo? > > > > > > With SHA1 and RIPEMD160 gpg asks for the PIN but only SHA1 generates a > > > working signature. Trying RIPEMD160 I get: > > > | gpg: checking created signature failed: bad signature > > > | gpg: signing failed: bad signature > > > | gpg: signing failed: bad signature > > > > > > > From the basiccard website I read that it only supports sha-1, so this > > might be true. I noticed the same just recently. The "OpenPGP Card 1.1" specification mentions that ripemd as digest (page 35). > A friend who uses his OpenPGP card with enigmail under windows can > successfully create a RIPEMD160 signature. > I could also create one if I use gpg with pcscd. I could do even without pcscd. > Can someone explain me, why it works if I use gpg with pcscd and not if > I use gpg alone? What Michael has not mentioned was, that he (as well as i) do use gpg-agent. Using the agent enables openssh to use the key for public-key auth. When using the --use-agent switch (with gpg), the agent will communicate to the openpgp card using scdaemon. To sign a message gpg will send an PKSIGN command along with the Data to sign (e.g. the fingerprint of an message). What is missing is the information about which digest (e.g. sha1 or ripemd160) has been used to create the fingerprint that should be signed by scdaemon. In scd/command.c PKSIGN gets mapped to the function cmd_pksig which sets sha1 as digest when calling app_sign. As this information gets part of the pgp block which contains the signed data a sha1 signature with the ripemd160 hash is created. This obviously ends in a bad signature. Altering the call to app_sign by replacing GCRY_MD_SHA1 with GCRY_MD_RMD160 enables gpg to create valid ripemd160 signatures, but also make it impossible to create sha1 signatures. Maybe gpg and gpg-agent could get altered to pass the digest along with the call to PKSIGN? This would be a real improvement :) Hope that one of the gnupg developers can say something about this. TIA Daniel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
