Re: [Muscle] Login failed with GDM and libpam
Hi, Nope, nothing helps same error. I have checked the behaviour on two different computer with two different cardreaders. Any suggestions ??? BTW, do you have a link where pam-muscle-conf is documented I would like to check the LDAP stuff if it works. Maybe this works better ?! Ciao Matthias Karsten Ohme schrieb: Matthias Barmeier wrote: Karsten Ohme schrieb: Matthias Barmeier wrote: Hi, unfortunately login fails :( gdm says that he cannot read .muscle/user.cert. For now I cannot explain what wents wrong because the user.cert is readable for all. Look in your /etc/musclepam/... or how it is called. Maybe the cert path is not correct. It should look in ${HOME}/.muscle/user.cert. I checked it with login, but the same problem occurrs. This is my /etc/musclepam/pam-muscle.conf Debug = ON# Debug ON or OFF CertNumber = 0 # Certificate number to use The above was your previous problem! The certNumber specifies the key to use and this is 0! So the keys 1 and 2 never worked. This is mentioned in the README, but not clearly enough. PinNumber = 1 # Pin number to verify UserPath= /home/# Path to user home directory Try to comment the UserPath out. Maybe this helps. CertName= user.cert # User Certificate in DER format RootCACert = /etc/musclepam/root.cert # Root CA certificate LDAPHost= unsupported # Web-server with LDAP LDAPPath= unsupported # Search path in LDAP AuthMode= UserCert # RootCert or UserCert - see README Karsten - My auth log says this: Nov 27 15:25:18 endavor login[5314]: cannot read certificate from /home/barmeier/.muscle/user.cert -- But: [EMAIL PROTECTED]:/home$ more /home/barmeier/.muscle/user.cert -BEGIN PUBLIC KEY- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7 61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr MmaBZxz+OrChmMi3bQIDAQAB -END PUBLIC KEY- And same as root: endavor:/home# more /home/barmeier/.muscle/user.cert -BEGIN PUBLIC KEY- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7 61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr MmaBZxz+OrChmMi3bQIDAQAB -END PUBLIC KEY- The login fails everytime. This my console output when logging in: endavor login: barmeier Welcome Please enter pin: pin = Random value = 2cbf473d171bd55ea2aee9a96b0588dba7275d40b7fb724f297a707c103396029d4c7f6918dc5e22f41491d61273783d8cbed2d0a5b65a7503a54226ba88b9df1e88c373fbe065243ac8dd002f2b5314e88bd839560666791f0ba85b2d5d04e2f294a454913e2e587065ba2cf733c298b38712622a83deba68c17ceabb7d042d Cipher value = 20b637c2f27840d3b7c97a408178ef509e4cfec769ce50e7121396f3aae57ed2addd908e6d92a478d799e8b5e17182152bb437d59b62bc48f8d2c8bb761496ef7f9b226c97975764d7de0b855c6d68944b3062b9fc28320823d7c5ca76761241d3169b499ed818f1d854bfea7c5301ef194b4d5180666f7d88eb2f6e5c2f8cfb Password: Has my b2fs failed ?? What can I do ?? Ciao Matze And enable DEBUG in this file. gdm is not a suitable way to log in and to find the error. You must do it at the console, so you can see the debug infos. Karsten ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
[Muscle] SCU3 released
Hi, I'm posting this release on Muscle for info, as I hope that U3 will soon support Linux and as SCU3 should compile under Linux when the time comes. I feel this concept would simplify deployment: having pcsclite and other libraries/packages in the customer's pocket with no installation required ... the reader still is an issue, but this is a step towards smart card applications true mobility. Regards, Philippe ** Dear all, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices SCU3Python.u3p is a Python binary (2.4.2) packaged with SCU3 that allows to launch idle from the U3 device launchpad Both may be found on www.snakecard.com, download section. Best regards, Philippe ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] Login failed with GDM and libpam
Matthias Barmeier wrote: Hi, Nope, nothing helps same error. I have checked the behaviour on two different computer with two different cardreaders. Any suggestions ??? Export the key again (the public key). And convert it again with b2fs. The error cannot read certificate from is only reported if the public key cannot be read. (Actually certificate is wrong, what is read is only a public key.) BTW, do you have a link where pam-muscle-conf is documented No. Only the README. I would like to check the LDAP stuff if it works. Maybe this works better ?! LDAP is not implemented. Karsten Ciao Matthias Karsten Ohme schrieb: Matthias Barmeier wrote: Karsten Ohme schrieb: Matthias Barmeier wrote: Hi, unfortunately login fails :( gdm says that he cannot read .muscle/user.cert. For now I cannot explain what wents wrong because the user.cert is readable for all. Look in your /etc/musclepam/... or how it is called. Maybe the cert path is not correct. It should look in ${HOME}/.muscle/user.cert. I checked it with login, but the same problem occurrs. This is my /etc/musclepam/pam-muscle.conf Debug = ON# Debug ON or OFF CertNumber = 0 # Certificate number to use The above was your previous problem! The certNumber specifies the key to use and this is 0! So the keys 1 and 2 never worked. This is mentioned in the README, but not clearly enough. PinNumber = 1 # Pin number to verify UserPath= /home/# Path to user home directory Try to comment the UserPath out. Maybe this helps. CertName= user.cert # User Certificate in DER format RootCACert = /etc/musclepam/root.cert # Root CA certificate LDAPHost= unsupported # Web-server with LDAP LDAPPath= unsupported # Search path in LDAP AuthMode= UserCert # RootCert or UserCert - see README Karsten - My auth log says this: Nov 27 15:25:18 endavor login[5314]: cannot read certificate from /home/barmeier/.muscle/user.cert -- But: [EMAIL PROTECTED]:/home$ more /home/barmeier/.muscle/user.cert -BEGIN PUBLIC KEY- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7 61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr MmaBZxz+OrChmMi3bQIDAQAB -END PUBLIC KEY- And same as root: endavor:/home# more /home/barmeier/.muscle/user.cert -BEGIN PUBLIC KEY- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7 61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr MmaBZxz+OrChmMi3bQIDAQAB -END PUBLIC KEY- The login fails everytime. This my console output when logging in: endavor login: barmeier Welcome Please enter pin: pin = Random value = 2cbf473d171bd55ea2aee9a96b0588dba7275d40b7fb724f297a707c103396029d4c7f6918dc5e22f41491d61273783d8cbed2d0a5b65a7503a54226ba88b9df1e88c373fbe065243ac8dd002f2b5314e88bd839560666791f0ba85b2d5d04e2f294a454913e2e587065ba2cf733c298b38712622a83deba68c17ceabb7d042d Cipher value = 20b637c2f27840d3b7c97a408178ef509e4cfec769ce50e7121396f3aae57ed2addd908e6d92a478d799e8b5e17182152bb437d59b62bc48f8d2c8bb761496ef7f9b226c97975764d7de0b855c6d68944b3062b9fc28320823d7c5ca76761241d3169b499ed818f1d854bfea7c5301ef194b4d5180666f7d88eb2f6e5c2f8cfb Password: Has my b2fs failed ?? What can I do ?? Ciao Matze And enable DEBUG in this file. gdm is not a suitable way to log in and to find the error. You must do it at the console, so you can see the debug infos. Karsten ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] SCU3 released
On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote: Hi, Hello, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices What is a U3 compliant devices? Is it the devices described at [1]? What are the links with smart cards, PC/SC, etc.? Bye, [1] http://www.u3.com/ -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not big brother Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] SCU3 released
A U3 device (www.u3.com) is a flash drive which allows for applications installation: you plug the U3 device in the USB port and your application is available. If the application does its job correctly, application data is stored on the U3 device, not on the PC. Some of the issues I have been facing in the smart card business are: 1) some application data cannot be written in the card because of space (and some of the data does not need high security) 2) potential customers are often worried about software deployment - that is especially true for my applications as Python and wxWidget are not part of regular OS distributions (yes, Python is for Linux) 3) because of 1) the smart card application (card + software) is less mobile as the less vital data is stored on the PC (maybe encrypted with the card, but still stuck on the PC) 4) setting up smart card demos at a client site/business branches can be very painfull, and salespeople are somewhat reluctant to hack PCs (another painfull lesson) I just feel that there are applications where a combinaison of a smart card and a U3 device (they call them smart drives) would greatly improve deployment/mobility issues. Putting my solutions aside, I feel a MUSCLE application on a U3 device can make a lot of sense. U3 drives can be found already in large stores in the US (and I live in OK! - I do not know about other countries but I was told about U3 by a smart card professional based in France). I hope that is clearer - I often get excited about technology and sometimes think I have found a great solution were people see no business value whatsoever :-) Regards, Philippe Ludovic Rousseau wrote: On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote: Hi, Hello, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices What is a "U3 compliant devices"? Is it the devices described at [1]? What are the links with smart cards, PC/SC, etc.? Bye, [1] http://www.u3.com/ -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not "big brother" Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] SCU3 released
So the U3 drive is not a secure device in its own right? (i.e. it seems to me that it does not incorporate a crypto chip such as is used in a strong security smart card, and nor does its flash memory have the kind of security protection against penetration that smart card flash has) (I looked on the u3.com web site but found very little specific about the device spec.) Peter Philippe C. Martin wrote: A U3 device (www.u3.com) is a flash drive which allows for applications installation: you plug the U3 device in the USB port and your application is available. If the application does its job correctly, application data is stored on the U3 device, not on the PC. Some of the issues I have been facing in the smart card business are: 1) some application data cannot be written in the card because of space (and some of the data does not need high security) 2) potential customers are often worried about software deployment - that is especially true for my applications as Python and wxWidget are not part of regular OS distributions (yes, Python is for Linux) 3) because of 1) the smart card application (card + software) is less mobile as the less vital data is stored on the PC (maybe encrypted with the card, but still stuck on the PC) 4) setting up smart card demos at a client site/business branches can be very painfull, and salespeople are somewhat reluctant to hack PCs (another painfull lesson) I just feel that there are applications where a combinaison of a smart card and a U3 device (they call them smart drives) would greatly improve deployment/mobility issues. Putting my solutions aside, I feel a MUSCLE application on a U3 device can make a lot of sense. U3 drives can be found already in large stores in the US (and I live in OK! - I do not know about other countries but I was told about U3 by a smart card professional based in France). I hope that is clearer - I often get excited about technology and sometimes think I have found a great solution were people see no business value whatsoever :-) Regards, Philippe Ludovic Rousseau wrote: On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote: Hi, Hello, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices What is a U3 compliant devices? Is it the devices described at [1]? What are the links with smart cards, PC/SC, etc.? Bye, [1] http://www.u3.com/ -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not big brother Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] SCU3 released
Typos, sorry : ...I need to protect data that in on the drive ... I need to protect data that is on the drive ...but that I can help promote the smart card concept ... ... but that it can help promote the smart card concept ... Philippe C. Martin wrote: Hi, I do not know what is behind the scene and how quickly it can be cracked but: 1) you can tell U3 to use a password for access (I have not tried yet but I read somewhere that a non-compliant U3 OS (ex: Linux today) would not be able to see the drive content if the password were on ... without that password, Linux sees it as another flash drive. 2) the U3 APIs allow the application to put password protects on certain private data areas I do not know if there is crypto built-in ... for instance what does the drive really do when a data section has a password ? = I intend to use my own crypto if I need to protect data that in on the drive. I do not think U3 is a replacement for smart cards at all, but that I can help promote the smart card concept by adding mobility to its solutions ... I could _really_ see a U3 drive and a chip in the same package a few years from now. Regards, Philippe Peter Tomlinson wrote: So the U3 drive is not a secure device in its own right? (i.e. it seems to me that it does not incorporate a crypto chip such as is used in a strong security smart card, and nor does its flash memory have the kind of security protection against penetration that smart card flash has) (I looked on the u3.com web site but found very little specific about the device spec.) Peter Philippe C. Martin wrote: A U3 device (www.u3.com) is a flash drive which allows for applications installation: you plug the U3 device in the USB port and your application is available. If the application does its job correctly, application data is stored on the U3 device, not on the PC. Some of the issues I have been facing in the smart card business are: 1) some application data cannot be written in the card because of space (and some of the data does not need high security) 2) potential customers are often worried about software deployment - that is especially true for my applications as Python and wxWidget are not part of regular OS distributions (yes, Python is for Linux) 3) because of 1) the smart card application (card + software) is less mobile as the less vital data is stored on the PC (maybe encrypted with the card, but still stuck on the PC) 4) setting up smart card demos at a client site/business branches can be very painfull, and salespeople are somewhat reluctant to hack PCs (another painfull lesson) I just feel that there are applications where a combinaison of a smart card and a U3 device (they call them smart drives) would greatly improve deployment/mobility issues. Putting my solutions aside, I feel a MUSCLE application on a U3 device can make a lot of sense. U3 drives can be found already in large stores in the US (and I live in OK! - I do not know about other countries but I was told about U3 by a smart card professional based in France). I hope that is clearer - I often get excited about technology and sometimes think I have found a great solution were people see no business value whatsoever :-) Regards, Philippe Ludovic Rousseau wrote: On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote: Hi, Hello, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices What is a U3 compliant devices? Is it the devices described at [1]? What are the links with smart cards, PC/SC, etc.? Bye, [1] http://www.u3.com/ -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not big brother Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
[Muscle] Problems with BasicCard, ACR38 on Linux
I've written a simple program using libbasiccard and libpcsclite that gets the ApplicationID from a ZeitControl BasicCard. The problem is that the program returns the correct value when run in Windows, but returns garbage when run on Linux. I think I'm missing something simple, but not sure what. Do I need do something else before running the building/running the program on Linux? I'm using SuSE 9.3 and using an ACR38 USB card reader and an enhanced BasicCard ZC3.9, which was programmed on Windows XP. Thanks in advance. Gaz. ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] SCU3 released
I dont get it. Its a classical (removable) hard drive device. Little has changed here since ATA cards, and 16 bit plug and play!! For a short time, I worked on a recent project in which a combination ST22 secure core and an IDE bridge controller were SOC'ed together to make a smartcard-enabled hard drive. The smartcard had greater function that merely arming the bridge chip, like some of the finger sensor-enabled hard drives you see in the (mobile) military applications - and like the finger-enabled flash readers (and USB boot drives) you buy now for 79$ in US shops (from sandisk, lexar, etc). From: Philippe C. Martin [EMAIL PROTECTED] Reply-To: MUSCLE muscle@lists.musclecard.com To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] SCU3 released Date: Mon, 28 Nov 2005 09:52:21 -0600 Typos, sorry : ...I need to protect data that in on the drive ... I need to protect data that is on the drive ...but that I can help promote the smart card concept ... ... but that it can help promote the smart card concept ... Philippe C. Martin wrote: Hi, I do not know what is behind the scene and how quickly it can be cracked but: 1) you can tell U3 to use a password for access (I have not tried yet but I read somewhere that a non-compliant U3 OS (ex: Linux today) would not be able to see the drive content if the password were on ... without that password, Linux sees it as another flash drive. 2) the U3 APIs allow the application to put password protects on certain private data areas I do not know if there is crypto built-in ... for instance what does the drive really do when a data section has a password ? = I intend to use my own crypto if I need to protect data that in on the drive. I do not think U3 is a replacement for smart cards at all, but that I can help promote the smart card concept by adding mobility to its solutions ... I could _really_ see a U3 drive and a chip in the same package a few years from now. Regards, Philippe Peter Tomlinson wrote: So the U3 drive is not a secure device in its own right? (i.e. it seems to me that it does not incorporate a crypto chip such as is used in a strong security smart card, and nor does its flash memory have the kind of security protection against penetration that smart card flash has) (I looked on the u3.com web site but found very little specific about the device spec.) Peter Philippe C. Martin wrote: A U3 device (www.u3.com) is a flash drive which allows for applications installation: you plug the U3 device in the USB port and your application is available. If the application does its job correctly, application data is stored on the U3 device, not on the PC. Some of the issues I have been facing in the smart card business are: 1) some application data cannot be written in the card because of space (and some of the data does not need high security) 2) potential customers are often worried about software deployment - that is especially true for my applications as Python and wxWidget are not part of regular OS distributions (yes, Python is for Linux) 3) because of 1) the smart card application (card + software) is less mobile as the less vital data is stored on the PC (maybe encrypted with the card, but still stuck on the PC) 4) setting up smart card demos at a client site/business branches can be very painfull, and salespeople are somewhat reluctant to hack PCs (another painfull lesson) I just feel that there are applications where a combinaison of a smart card and a U3 device (they call them smart drives) would greatly improve deployment/mobility issues. Putting my solutions aside, I feel a MUSCLE application on a U3 device can make a lot of sense. U3 drives can be found already in large stores in the US (and I live in OK! - I do not know about other countries but I was told about U3 by a smart card professional based in France). I hope that is clearer - I often get excited about technology and sometimes think I have found a great solution were people see no business value whatsoever :-) Regards, Philippe Ludovic Rousseau wrote: On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote: Hi, Hello, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices What is a U3 compliant devices? Is it the devices described at [1]? What are the links with smart cards, PC/SC, etc.? Bye, [1] http://www.u3.com/ -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not big brother Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] Problems with BasicCard, ACR38 on Linux
On Mon, 2005-11-28 at 11:53 -0600, Philippe C. Martin wrote: Hi, I do not know about libbasiccard, but pcsclite works fine for me on a ZC5.5 (T=1) - mdk 10.1 (testing this week on suse 10.0) Regards, Philippe The first time I run my program, I get a card busy error, the second time it is run, it works but returns garbage instead of the application name. Here's some debug output, although I'm not sure it will help. garyp:/home/garyp # pcscd -f stdout pcscdaemon.c:238:main pcscd set to foreground with debug send to stderr pcscdaemon.c:440:main pcsc-lite 1.2.9-beta6 daemon ready. hotplug_libusb.c:371:HPAddHotPluggable Adding USB device: 004:004 readerfactory.c:1055:RFInitializeReader Attempting startup of ACS ACR38U 00 00. readerfactory.c:897:RFBindFunctions Loading IFD Handler 2.0 Card ATR: 3B EF 00 FF 81 31 20 75 42 61 73 69 63 43 61 72 64 20 5A 43 33 2E 39 86 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 5 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 5 winscard_svc.c:102:ContextThread Thread is started: 5 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:68:SCardEstablishContext Establishing Context: 16992530 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 7 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 7 winscard_svc.c:102:ContextThread Thread is started: 7 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:68:SCardEstablishContext Establishing Context: 17022653 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00 winscard.c:221:SCardConnect Active Protocol: unknown 4 winscard.c:231:SCardConnect hCard Identity: 16a3f winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:1361:SCardTransmit Send Protocol: T=4 ifdwrapper.c:566:IFDControl_v2 POUET winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:607:SCardDisconnect Active Contexts: 1 winscard.c:666:SCardDisconnect Reset complete. winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00 prothandler.c:126:PHSetProtocol Attempting PTS to T=1 prothandler.c:138:PHSetProtocol PTS failed, using T=1 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:79:SCardReleaseContext Releasing Context: 16992530 winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 7 winscard_svc.c:114:ContextThread Client die: 7 winscard.c:79:SCardReleaseContext Releasing Context: 17022653 winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 5 winscard_svc.c:114:ContextThread Client die: 5 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 5 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 5 winscard_svc.c:102:ContextThread Thread is started: 5 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:68:SCardEstablishContext Establishing Context: 17016078 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 7 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 7 winscard_svc.c:102:ContextThread Thread is started: 7 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:68:SCardEstablishContext Establishing Context: 17013690 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00 winscard.c:221:SCardConnect Active Protocol: unknown 4 winscard.c:231:SCardConnect hCard Identity: 197f3 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:1361:SCardTransmit Send Protocol: T=4 ifdwrapper.c:566:IFDControl_v2 POUET winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:607:SCardDisconnect Active Contexts: 1 winscard.c:666:SCardDisconnect Reset complete.
Re: [Muscle] Problems with BasicCard, ACR38 on Linux
Hi, This dumps _seems_ to show pcsclite is unhappy figuring out the protocol - did you try to force it (T=1 or T=0) ? You might want to try with another reader also (or update its driver ?). Regards, Philippe Gary Pearman wrote: On Mon, 2005-11-28 at 11:53 -0600, Philippe C. Martin wrote: Hi, I do not know about libbasiccard, but pcsclite works fine for me on a ZC5.5 (T=1) - mdk 10.1 (testing this week on suse 10.0) Regards, Philippe The first time I run my program, I get a card busy error, the second time it is run, it works but returns garbage instead of the application name. Here's some debug output, although I'm not sure it will help. garyp:/home/garyp # pcscd -f stdout pcscdaemon.c:238:main pcscd set to foreground with debug send to stderr pcscdaemon.c:440:main pcsc-lite 1.2.9-beta6 daemon ready. hotplug_libusb.c:371:HPAddHotPluggable Adding USB device: 004:004 readerfactory.c:1055:RFInitializeReader Attempting startup of ACS ACR38U 00 00. readerfactory.c:897:RFBindFunctions Loading IFD Handler 2.0 Card ATR: 3B EF 00 FF 81 31 20 75 42 61 73 69 63 43 61 72 64 20 5A 43 33 2E 39 86 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 5 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 5 winscard_svc.c:102:ContextThread Thread is started: 5 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:68:SCardEstablishContext Establishing Context: 16992530 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 7 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 7 winscard_svc.c:102:ContextThread Thread is started: 7 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:68:SCardEstablishContext Establishing Context: 17022653 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00 winscard.c:221:SCardConnect Active Protocol: unknown 4 winscard.c:231:SCardConnect hCard Identity: 16a3f winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:1361:SCardTransmit Send Protocol: T=4 ifdwrapper.c:566:IFDControl_v2 POUET winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:607:SCardDisconnect Active Contexts: 1 winscard.c:666:SCardDisconnect Reset complete. winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00 prothandler.c:126:PHSetProtocol Attempting PTS to T=1 prothandler.c:138:PHSetProtocol PTS failed, using T=1 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:79:SCardReleaseContext Releasing Context: 16992530 winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 7 winscard_svc.c:114:ContextThread Client die: 7 winscard.c:79:SCardReleaseContext Releasing Context: 17022653 winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 5 winscard_svc.c:114:ContextThread Client die: 5 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 5 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 5 winscard_svc.c:102:ContextThread Thread is started: 5 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5 winscard.c:68:SCardEstablishContext Establishing Context: 17016078 winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest detects: 7 pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is requested: 7 winscard_svc.c:102:ContextThread Thread is started: 7 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard_svc.c:142:ContextThread Client is protocol version 2:0 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:68:SCardEstablishContext Establishing Context: 17013690 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7 winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00 winscard.c:221:SCardConnect Active Protocol: unknown 4 winscard.c:231:SCardConnect hCard Identity: 197f3 winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
Re: [Muscle] SCU3 released
Peter Williams wrote: I dont get it. Its a classical (removable) hard drive device. Little has changed here since ATA cards, and 16 bit plug and play!! The main difference here is that one installs the application on the flash drive, not the PC. The application/application data is available on the PC _when_ the drive is plugged and gone when it is unplugged: nothing get installed on the PC. == any vanilla XP PC out of the box will run your application I have regular flash drives but cannot do that with them ... am I missing something ? Regards, Philippe For a short time, I worked on a recent project in which a combination ST22 secure core and an IDE bridge controller were SOC'ed together to make a smartcard-enabled hard drive. The smartcard had greater function that merely arming the bridge chip, like some of the finger sensor-enabled hard drives you see in the (mobile) military applications - and like the finger-enabled flash readers (and USB boot drives) you buy now for 79$ in US shops (from sandisk, lexar, etc). From: Philippe C. Martin [EMAIL PROTECTED] Reply-To: MUSCLE muscle@lists.musclecard.com To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] SCU3 released Date: Mon, 28 Nov 2005 09:52:21 -0600 Typos, sorry : ...I need to protect data that in on the drive ... I need to protect data that is on the drive ...but that I can help promote the smart card concept ... ... but that it can help promote the smart card concept ... Philippe C. Martin wrote: Hi, I do not know what is behind the scene and how quickly it can be cracked but: 1) you can tell U3 to use a password for access (I have not tried yet but I read somewhere that a non-compliant U3 OS (ex: Linux today) would not be able to see the drive content if the password were on ... without that password, Linux sees it as another flash drive. 2) the U3 APIs allow the application to put password protects on certain private data areas I do not know if there is crypto built-in ... for instance what does the drive really do when a data section has a password ? = I intend to use my own crypto if I need to protect data that in on the drive. I do not think U3 is a replacement for smart cards at all, but that I can help promote the smart card concept by adding mobility to its solutions ... I could _really_ see a U3 drive and a chip in the same package a few years from now. Regards, Philippe Peter Tomlinson wrote: So the U3 drive is not a secure device in its own right? (i.e. it seems to me that it does not incorporate a crypto chip such as is used in a strong security smart card, and nor does its flash memory have the kind of security protection against penetration that smart card flash has) (I looked on the u3.com web site but found very little specific about the device spec.) Peter Philippe C. Martin wrote: A U3 device (www.u3.com) is a flash drive which allows for applications installation: you plug the U3 device in the USB port and your application is available. If the application does its job correctly, application data is stored on the U3 device, not on the PC. Some of the issues I have been facing in the smart card business are: 1) some application data cannot be written in the card because of space (and some of the data does not need high security) 2) potential customers are often worried about software deployment - that is especially true for my applications as Python and wxWidget are not part of regular OS distributions (yes, Python is for Linux) 3) because of 1) the smart card application (card + software) is less mobile as the less vital data is stored on the PC (maybe encrypted with the card, but still stuck on the PC) 4) setting up smart card demos at a client site/business branches can be very painfull, and salespeople are somewhat reluctant to hack PCs (another painfull lesson) I just feel that there are applications where a combinaison of a smart card and a U3 device (they call them smart drives) would greatly improve deployment/mobility issues. Putting my solutions aside, I feel a MUSCLE application on a U3 device can make a lot of sense. U3 drives can be found already in large stores in the US (and I live in OK! - I do not know about other countries but I was told about U3 by a smart card professional based in France). I hope that is clearer - I often get excited about technology and sometimes think I have found a great solution were people see no business value whatsoever :-) Regards, Philippe Ludovic Rousseau wrote: On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote: Hi, Hello, I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1. SCU3 is a python wrapper for U3 compliant devices What is a U3 compliant devices? Is it the devices described at [1]? What are the links with smart cards, PC/SC, etc.? Bye, [1] http://www.u3.com/ -- Dr. Ludovic Rousseau For private mail use
Re: [Muscle] New pcsc-lite 1.2.9-beta9 available
Two problems: (1) minor problem that may have been around before: The libpcsclite.pc created with pcslite-1.2.9-beta9 has: includedir=${prefix}/include/PCSC When pkgconfig is used with ccid-0.9.4 the code tries to include PCSC/pcsclite.h and PCSC/ifdhandler.h which are not found as directory levels don't match. One or the other should be changed. (2) In previous versions of ccid I set CPPFLAGS=-I/$prefix/include to get around (1) before running configure. In ccid-0.9.4, the CPPFLAGS appears to be ignored. It looks like configure.in line 135 is in error: --- ,configure.in Fri Nov 25 08:32:38 2005 +++ configure.inMon Nov 28 11:36:54 2005 @@ -132,7 +132,7 @@ AC_CHECK_LIB(usb, usb_get_string_simple, [LIBUSB=$LIBUSB -lusb], [ AC_MSG_ERROR([your libusb is too old. install version 0.1.7 or above]) ]) - CPPFLAGS=$saved_LIBS + CPPFLAGS=$saved_CPPFLAGS LIBS=$saved_LIBS fi AC_SUBST(LIBUSB_CFLAGS) Ludovic Rousseau wrote: Hello, I just released a new version of pcsc-lite. It is version 1.2.9-beta9 and is available at [1]. Changelog: pcsc-lite-1.2.9-beta9: Ludovic Rousseau 27 November 2005 - add/improve support of PIN pad readers . define HOST_TO_CCID_16() and HOST_TO_CCID_32() macro to convert 16 and 32-bits data to the CCID format (replace HOST_TO_CCID) - add support of SUN C compiler and try to avoid GCC specific features (Heiko Nardmann) - SCardGetStatusChange(): . exists if the list of readers changed (one reader added) so that the application can update its list of readers (Najam Siddiqui) . correct a bug when two contexts where used (Najam Siddiqui) - add support of Solaris 10 IFDhandler (Douglas E. Engert) - allow pcsc-lite to be compiled without (f)lex installed - add a TODO file. Help/money needed here. - improve Doxygen documentation - some other minor improvements and bug corrections I hope it will be the last beta version before the awaited stable version 1.3.0. So please test it and report any bugs. Thanks, [1] https://alioth.debian.org/project/showfiles.php?group_id=30105 -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not big brother Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] SCU3 released
From: Philippe C. Martin [EMAIL PROTECTED] Reply-To: MUSCLE muscle@lists.musclecard.com To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] SCU3 released Date: Mon, 28 Nov 2005 12:41:38 -0600 Peter Williams wrote: I dont get it. Its a classical (removable) hard drive device. Little has changed here since ATA cards, and 16 bit plug and play!! The main difference here is that one installs the application on the flash drive, not the PC. The application/application data is available on the PC _when_ the drive is plugged and gone when it is unplugged: nothing get installed on the PC. == any vanilla XP PC out of the box will run your application I have regular flash drives but cannot do that with them ... am I missing something ? While memory sticks, CF cards, ATA cards (me old!), smartmedia devices are just flash, with a FAT support licensed from Microsoft, the USB frm factor of the same flash devices in the US shops tend to come with applications. All the finger-print enable USB flash drives have come with form-filling password managers for years. Whats interesting recently, is that through USB-interfaced file-based mailboxes, the Pentium application (such as Sandisk's GINA plugin) can interact with the matching algorithms on the CPU of the bio-capable flash drive, as a USB peer (versus a dumb flash data store). So, in the U3 case, which CPU executes the application? If its the Pentium CPU, then one presumes the application is a Win32 application, loads into virtual memory, may or may not write to other data stores, is subject to the windows execution model, and the Intel instruction-level security model, and may or may not require Windows/.NET security privileges to get its application work done. Presumably, one needs to sign the media files, so that upon loading windows trusts the publisher using Windows/W3c/java code signing mechanisms, assigns privileges authomatically, runs the PE image -once loaded - through the virus checker, etc. such that the user see none of the behind the scenes activty ensuring integrity. Are we talking about a USB flash drive in which there are autorun files created for the .exe files stored on the media, just like on a CD R-W? If the application is running on the CPU of the flash controller yet images on a remote desktop over (wireless) USB channel, thats more interesting. We met an entrepreneur earlier in the year who wanted to do this. Regards, Philippe For a short time, I worked on a recent project in which a combination ST22 secure core and an IDE bridge controller were SOC'ed together to make a smartcard-enabled hard drive. The smartcard had greater function that merely arming the bridge chip, like some of the finger sensor-enabled hard drives you see in the (mobile) military applications - and like the finger-enabled flash readers (and USB boot drives) you buy now for 79$ in US shops (from sandisk, lexar, etc). From: Philippe C. Martin [EMAIL PROTECTED] Reply-To: MUSCLE muscle@lists.musclecard.com To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] SCU3 released Date: Mon, 28 Nov 2005 09:52:21 -0600 Typos, sorry : ...I need to protect data that in on the drive ... I need to protect data that is on the drive ...but that I can help promote the smart card concept ... ... but that it can help promote the smart card concept ... Philippe C. Martin wrote: Hi, I do not know what is behind the scene and how quickly it can be cracked but: 1) you can tell U3 to use a password for access (I have not tried yet but I read somewhere that a non-compliant U3 OS (ex: Linux today) would not be able to see the drive content if the password were on ... without that password, Linux sees it as another flash drive. 2) the U3 APIs allow the application to put password protects on certain private data areas I do not know if there is crypto built-in ... for instance what does the drive really do when a data section has a password ? = I intend to use my own crypto if I need to protect data that in on the drive. I do not think U3 is a replacement for smart cards at all, but that I can help promote the smart card concept by adding mobility to its solutions ... I could _really_ see a U3 drive and a chip in the same package a few years from now. Regards, Philippe Peter Tomlinson wrote: So the U3 drive is not a secure device in its own right? (i.e. it seems to me that it does not incorporate a crypto chip such as is used in a strong security smart card, and nor does its flash memory have the kind of security protection against penetration that smart card flash has) (I looked on the u3.com web site but found very little specific about the device spec.) Peter Philippe C. Martin wrote: A U3 device (www.u3.com) is a flash drive which allows for applications installation: you plug the U3 device in the USB port and your application is available. If the application
Re: [Muscle] SCU3 released
Hi, While memory sticks, CF cards, ATA cards (me old!), smartmedia devices are just flash, with a FAT support licensed from Microsoft, the USB frm factor of the same flash devices in the US shops tend to come with applications. All the finger-print enable USB flash drives have come with form-filling password managers for years. Whats interesting recently, is that through USB-interfaced file-based mailboxes, the Pentium application (such as Sandisk's GINA plugin) can interact with the matching algorithms on the CPU of the bio-capable flash drive, as a USB peer (versus a dumb flash data store). So, in the U3 case, which CPU executes the application? The PC's If its the Pentium CPU, then one presumes the application is a Win32 application, loads into virtual memory, may or may not write to other data stores, is subject to the windows execution model, and the Intel instruction-level security model, and may or may not require Windows/.NET security privileges to get its application work done. Presumably, one needs to sign the media files, so that upon loading windows trusts the publisher using Windows/W3c/java code signing mechanisms, assigns privileges authomatically, runs the PE image -once loaded - through the virus checker, etc. such that the user see none of the behind the scenes activty ensuring integrity. Actually, U3 has some (fairly simple .. looks like) accreditation procedure but there is no application application signature procedure yet that I have seen. Yes, at this time, a U3 compliant application is a windows application (at least) with support for the U3 SDK (at most). I do hope they will go for Linux (clearly, I think, installing pcsclite means sudoing some stuff, but there is a fair chance it could be done) Are we talking about a USB flash drive in which there are autorun files created for the .exe files stored on the media, just like on a CD R-W? Yes and no: they have apparently at least two partitions mounted, one of which looks to windows like a CDROM... thus the autostart. The latter loads their own application (Launchpad) which, in turns, gives access to the U3 compliant applications. Check out this link: http://www.everythingusb.com/u3.html If the application is running on the CPU of the flash controller yet images on a remote desktop over (wireless) USB channel, thats more interesting. We met an entrepreneur earlier in the year who wanted to do this. That'd be nice, but I feel a flash drive embedded CPU, powered by a USB bus will never reach (at least not in my life time (I'm old too -:) )) the CPU/bus speed necessary to handle a regular PC application. I just feel they've opened a techno-door which could bring many neat possibilities ... and give opportunities to us smart card addicts. Regards, Philippe Regards, Philippe For a short time, I worked on a recent project in which a combination ST22 secure core and an IDE bridge controller were SOC'ed together to make a smartcard-enabled hard drive. The smartcard had greater function that merely arming the bridge chip, like some of the finger sensor-enabled hard drives you see in the (mobile) military applications - and like the finger-enabled flash readers (and USB boot drives) you buy now for 79$ in US shops (from sandisk, lexar, etc). From: Philippe C. Martin [EMAIL PROTECTED] Reply-To: MUSCLE muscle@lists.musclecard.com To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] SCU3 released Date: Mon, 28 Nov 2005 09:52:21 -0600 Typos, sorry : ...I need to protect data that in on the drive ... I need to protect data that is on the drive ...but that I can help promote the smart card concept ... ... but that it can help promote the smart card concept ... Philippe C. Martin wrote: Hi, I do not know what is behind the scene and how quickly it can be cracked but: 1) you can tell U3 to use a password for access (I have not tried yet but I read somewhere that a non-compliant U3 OS (ex: Linux today) would not be able to see the drive content if the password were on ... without that password, Linux sees it as another flash drive. 2) the U3 APIs allow the application to put password protects on certain private data areas I do not know if there is crypto built-in ... for instance what does the drive really do when a data section has a password ? = I intend to use my own crypto if I need to protect data that in on the drive. I do not think U3 is a replacement for smart cards at all, but that I can help promote the smart card concept by adding mobility to its solutions ... I could _really_ see a U3 drive and a chip in the same package a few years from now. Regards, Philippe Peter Tomlinson wrote: So the U3 drive is not a secure device in its own right? (i.e. it seems to me that it does not incorporate a crypto chip such as is used in a strong security smart card, and nor does its flash memory have the
Re: [Muscle] New pcsc-lite 1.2.9-beta9 available
On 28/11/05, Douglas E. Engert [EMAIL PROTECTED] wrote: Two problems: (1) minor problem that may have been around before: The libpcsclite.pc created with pcslite-1.2.9-beta9 has: includedir=${prefix}/include/PCSC When pkgconfig is used with ccid-0.9.4 the code tries to include PCSC/pcsclite.h and PCSC/ifdhandler.h which are not found as directory levels don't match. One or the other should be changed. Exact. I will remove the PCSC/ prefix in the ccid driver source files. (2) In previous versions of ccid I set CPPFLAGS=-I/$prefix/include to get around (1) before running configure. In ccid-0.9.4, the CPPFLAGS appears to be ignored. It looks like configure.in line 135 is in error: --- ,configure.in Fri Nov 25 08:32:38 2005 +++ configure.inMon Nov 28 11:36:54 2005 @@ -132,7 +132,7 @@ AC_CHECK_LIB(usb, usb_get_string_simple, [LIBUSB=$LIBUSB -lusb], [ AC_MSG_ERROR([your libusb is too old. install version 0.1.7 or above]) ]) - CPPFLAGS=$saved_LIBS + CPPFLAGS=$saved_CPPFLAGS LIBS=$saved_LIBS fi AC_SUBST(LIBUSB_CFLAGS) I corrected this bug yesterday. I also changed the pcsc-lite detection code. You will now have to use ./configure PCSC_CFLAGS=... if you want to have the same results. Thanks, -- Dr. Ludovic Rousseau For private mail use [EMAIL PROTECTED] and not big brother Google ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle