Re: [Muscle] Login failed with GDM and libpam

2005-11-28 Thread Matthias Barmeier 
Hi,

Nope, nothing helps same error.

I have checked the behaviour on two different computer
with two different cardreaders.

Any suggestions ???

BTW, do you have a link where pam-muscle-conf is documented
I would like to check the LDAP stuff if it works.
Maybe this works better ?!

Ciao
Matthias

Karsten Ohme schrieb:

Matthias Barmeier wrote:
  

Karsten Ohme schrieb:



Matthias Barmeier wrote:


  

Hi,

unfortunately login fails :( gdm says that he cannot read .muscle/user.cert.
For now I cannot explain what wents wrong because the user.cert is readable
for all.


Look in your /etc/musclepam/... or how it is called. Maybe the cert path
is not correct. It should look in ${HOME}/.muscle/user.cert.
  

I checked it with login, but the same problem occurrs. This is my
/etc/musclepam/pam-muscle.conf

Debug   = ON# Debug ON or OFF
CertNumber  = 0 # Certificate number to use



The above was your previous problem! The certNumber specifies the key to
use and this is 0! So the keys 1 and 2 never worked. This is mentioned
in the README, but not clearly enough.

  

PinNumber   = 1 # Pin number to verify
UserPath= /home/# Path to user home directory



Try to comment the UserPath out. Maybe this helps.

  

CertName= user.cert # User Certificate in DER format
RootCACert  = /etc/musclepam/root.cert  # Root CA certificate
LDAPHost= unsupported   # Web-server with LDAP
LDAPPath= unsupported   # Search path in LDAP
AuthMode= UserCert  # RootCert or UserCert - see README



Karsten

  

-
My auth log says this:

Nov 27 15:25:18 endavor login[5314]: cannot read certificate from
/home/barmeier/.muscle/user.cert
--

But:
[EMAIL PROTECTED]:/home$ more /home/barmeier/.muscle/user.cert
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7
61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY
UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr
MmaBZxz+OrChmMi3bQIDAQAB
-END PUBLIC KEY-


And same as root:
endavor:/home# more /home/barmeier/.muscle/user.cert
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7
61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY
UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr
MmaBZxz+OrChmMi3bQIDAQAB
-END PUBLIC KEY-

The login fails everytime.
This my console output when logging in:
endavor login: barmeier
Welcome
Please enter pin:
pin  = 

Random value =
2cbf473d171bd55ea2aee9a96b0588dba7275d40b7fb724f297a707c103396029d4c7f6918dc5e22f41491d61273783d8cbed2d0a5b65a7503a54226ba88b9df1e88c373fbe065243ac8dd002f2b5314e88bd839560666791f0ba85b2d5d04e2f294a454913e2e587065ba2cf733c298b38712622a83deba68c17ceabb7d042d

Cipher value =
20b637c2f27840d3b7c97a408178ef509e4cfec769ce50e7121396f3aae57ed2addd908e6d92a478d799e8b5e17182152bb437d59b62bc48f8d2c8bb761496ef7f9b226c97975764d7de0b855c6d68944b3062b9fc28320823d7c5ca76761241d3169b499ed818f1d854bfea7c5301ef194b4d5180666f7d88eb2f6e5c2f8cfb

Password:


Has my b2fs failed ??
What can I do ??

Ciao
Matze





And enable DEBUG in this file. gdm is not a suitable way to log in and
to find the error. You must do it at the console, so you can see the
debug infos.

Karsten


  

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle



___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle


  


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

[Muscle] SCU3 released

2005-11-28 Thread Philippe C. Martin 

Hi,

I'm posting this release on Muscle for info, as I hope that U3 will soon 
support Linux and as SCU3 should compile under Linux when the time comes.


I feel this concept would simplify deployment: having pcsclite and other 
libraries/packages in the customer's pocket with no installation 
required ... the reader still is an issue, but this is a step towards 
smart card applications true mobility.


Regards,

Philippe



**
Dear all,

I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V.
0.1.

SCU3 is a python wrapper for U3 compliant devices
SCU3Python.u3p is a Python binary (2.4.2) packaged with SCU3 that allows to
launch idle from the U3 device launchpad

Both may be found on www.snakecard.com, download section.

Best regards,

Philippe


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] Login failed with GDM and libpam

2005-11-28 Thread Karsten Ohme 
Matthias Barmeier wrote:
 Hi,
 
 Nope, nothing helps same error.
 
 I have checked the behaviour on two different computer
 with two different cardreaders.
 
 Any suggestions ???

Export the key again (the public key). And convert it again with b2fs.
The error cannot read certificate from is only reported if the public
key cannot be read. (Actually certificate is wrong, what is read is only
a public key.)

 
 BTW, do you have a link where pam-muscle-conf is documented

No. Only the README.

 I would like to check the LDAP stuff if it works.
 Maybe this works better ?!

LDAP is not implemented.

Karsten
 
 Ciao
 Matthias
 
 Karsten Ohme schrieb:
 
 
Matthias Barmeier wrote:
 


Karsten Ohme schrieb:

   


Matthias Barmeier wrote:


 


Hi,

unfortunately login fails :( gdm says that he cannot read 
.muscle/user.cert.
For now I cannot explain what wents wrong because the user.cert is readable
for all.
   


Look in your /etc/musclepam/... or how it is called. Maybe the cert path
is not correct. It should look in ${HOME}/.muscle/user.cert.
 


I checked it with login, but the same problem occurrs. This is my
/etc/musclepam/pam-muscle.conf

Debug   = ON# Debug ON or OFF
CertNumber  = 0 # Certificate number to use
   


The above was your previous problem! The certNumber specifies the key to
use and this is 0! So the keys 1 and 2 never worked. This is mentioned
in the README, but not clearly enough.

 


PinNumber   = 1 # Pin number to verify
UserPath= /home/# Path to user home directory
   


Try to comment the UserPath out. Maybe this helps.

 


CertName= user.cert # User Certificate in DER format
RootCACert  = /etc/musclepam/root.cert  # Root CA certificate
LDAPHost= unsupported   # Web-server with LDAP
LDAPPath= unsupported   # Search path in LDAP
AuthMode= UserCert  # RootCert or UserCert - see README
   


Karsten

 


-
My auth log says this:

Nov 27 15:25:18 endavor login[5314]: cannot read certificate from
/home/barmeier/.muscle/user.cert
--

But:
[EMAIL PROTECTED]:/home$ more /home/barmeier/.muscle/user.cert
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7
61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY
UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr
MmaBZxz+OrChmMi3bQIDAQAB
-END PUBLIC KEY-


And same as root:
endavor:/home# more /home/barmeier/.muscle/user.cert
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9zeF3Fe1j+bZci9H0xbGvX/U7
61hC/jqvmHxcB8CVzEx6ajlErq5d78/j92YPKMU/mjVcogQ+IjvDhHOociaOwfaY
UmdUSZ9VgVa5MTl+N6s9Frr9p1Q0pPXLTNm13rPU2LJaInHp6eAy7rs1VVawA0pr
MmaBZxz+OrChmMi3bQIDAQAB
-END PUBLIC KEY-

The login fails everytime.
This my console output when logging in:
endavor login: barmeier
Welcome
Please enter pin:
pin  = 

Random value =
2cbf473d171bd55ea2aee9a96b0588dba7275d40b7fb724f297a707c103396029d4c7f6918dc5e22f41491d61273783d8cbed2d0a5b65a7503a54226ba88b9df1e88c373fbe065243ac8dd002f2b5314e88bd839560666791f0ba85b2d5d04e2f294a454913e2e587065ba2cf733c298b38712622a83deba68c17ceabb7d042d

Cipher value =
20b637c2f27840d3b7c97a408178ef509e4cfec769ce50e7121396f3aae57ed2addd908e6d92a478d799e8b5e17182152bb437d59b62bc48f8d2c8bb761496ef7f9b226c97975764d7de0b855c6d68944b3062b9fc28320823d7c5ca76761241d3169b499ed818f1d854bfea7c5301ef194b4d5180666f7d88eb2f6e5c2f8cfb

Password:


Has my b2fs failed ??
What can I do ??

Ciao
   Matze



   


And enable DEBUG in this file. gdm is not a suitable way to log in and
to find the error. You must do it at the console, so you can see the
debug infos.

Karsten


 


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
   


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle


 

 
 
 ___
 Muscle mailing list
 Muscle@lists.musclecard.com
 http://lists.drizzle.com/mailman/listinfo/muscle

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] SCU3 released

2005-11-28 Thread Ludovic Rousseau 
On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote:
 Hi,

Hello,

 I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 
 0.1.

 SCU3 is a python wrapper for U3 compliant devices

What is a U3 compliant devices? Is it the devices described at [1]?
What are the links with smart cards, PC/SC, etc.?

Bye,

[1] http://www.u3.com/

--
 Dr. Ludovic Rousseau
 For private mail use [EMAIL PROTECTED] and not big brother Google

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] SCU3 released

2005-11-28 Thread Philippe C. Martin 




A U3 device (www.u3.com) is a flash drive which allows for applications
installation: you plug the U3 device in the USB port and your
application is available. If the application does its job correctly,
application data is stored on the U3 device, not on the PC.

Some of the issues I have been facing in the smart card business are:
1) some application data cannot be written in the card because of space
(and some of the data does not need high security)
2) potential customers are often worried about software deployment -
that is especially true for my applications as Python and wxWidget are
not part of regular OS distributions (yes, Python is for Linux)
3) because of 1) the smart card application (card + software) is less
mobile as the less vital data is stored on the PC (maybe encrypted with
the card, but still stuck on the PC)
4) setting up smart card demos at a client site/business branches can
be very painfull, and salespeople are somewhat reluctant to hack PCs
(another painfull lesson)

I just feel that there are applications where a combinaison of a smart
card and a U3 device (they call them smart drives) would greatly
improve deployment/mobility issues.

Putting my solutions aside, I feel a MUSCLE application on a U3 device
can make a lot of sense.

U3 drives can be found already in large stores in the US (and I live in
OK! - I do not know about other countries but I was told about U3 by a
smart card professional based in France).

I hope that is clearer - I often get excited about technology and
sometimes think I have found a great solution were people see no
business value whatsoever  :-) 

Regards,

Philippe




Ludovic Rousseau wrote:

  On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote:
  
  
Hi,

  
  
Hello,

  
  
I am very happy to announce the release of SCU3 V 0.1 and SCU3Python.u3p V. 0.1.

SCU3 is a python wrapper for U3 compliant devices

  
  
What is a "U3 compliant devices"? Is it the devices described at [1]?
What are the links with smart cards, PC/SC, etc.?

Bye,

[1] http://www.u3.com/

--
 Dr. Ludovic Rousseau
 For private mail use [EMAIL PROTECTED] and not "big brother" Google

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle


  




___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] SCU3 released

2005-11-28 Thread Peter Tomlinson 

So the U3 drive is not a secure device in its own right? (i.e. it seems
to me that it does not incorporate a crypto chip such as is used in a
strong security smart card, and nor does its flash memory have the kind
of security protection against penetration that smart card flash has)

(I looked on the u3.com web site but found very little specific about
the device spec.)

Peter

Philippe C. Martin wrote:


A U3 device (www.u3.com) is a flash drive which allows for
applications installation: you plug the U3 device in the USB port and
your application is available. If the application does its job
correctly, application data is stored on the U3 device, not on the
PC.

Some of the issues I have been facing in the smart card business are:
 1) some application data cannot be written in the card because of
space (and some of the data does not need high security) 2) potential
customers are often worried about software deployment - that is
especially true for my applications as Python and wxWidget are not
part of regular OS distributions (yes, Python is for Linux) 3)
because of 1) the smart card application (card + software) is less 
mobile as the less vital data is stored on the PC (maybe encrypted

with the card, but still stuck on the PC) 4) setting up smart card
demos at a client site/business branches can be very painfull, and
salespeople are somewhat reluctant to hack PCs (another painfull
lesson)

I just feel that there are applications where a combinaison of a
smart card and a U3 device (they call them smart drives) would
greatly improve deployment/mobility issues.

Putting my solutions aside, I feel a MUSCLE application on a U3
device can make a lot of sense.

U3 drives can be found already in large stores in the US (and I live
in OK! - I do not know about other countries but I was told about U3
by a smart card professional based in France).

I hope that is clearer - I often get excited about technology and 
sometimes think I have found a great solution were people see no 
business value whatsoever :-)


Regards,

Philippe




Ludovic Rousseau wrote:


On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote:



Hi,




Hello,




I am very happy to announce the release of SCU3 V 0.1 and
SCU3Python.u3p V. 0.1.

SCU3 is a python wrapper for U3 compliant devices




What is a U3 compliant devices? Is it the devices described at
[1]? What are the links with smart cards, PC/SC, etc.?

Bye,

[1] http://www.u3.com/

-- Dr. Ludovic Rousseau For private mail use
[EMAIL PROTECTED] and not big brother Google

___ Muscle mailing list
 Muscle@lists.musclecard.com 
http://lists.drizzle.com/mailman/listinfo/muscle











___ Muscle mailing list 
Muscle@lists.musclecard.com 
http://lists.drizzle.com/mailman/listinfo/muscle


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] SCU3 released

2005-11-28 Thread Philippe C. Martin 

Typos, sorry :
...I need to protect data that in on the drive   ... I need to 
protect data that is on the drive 
...but that I can help promote the smart card concept ...  ... but 
that it can help promote the smart card concept ...




Philippe C. Martin wrote:


Hi,

I do not know what is behind the scene and how quickly it can be 
cracked but:
1) you can tell U3 to use a password for access (I have not tried yet 
but I read somewhere that a non-compliant U3 OS (ex: Linux today) 
would not be able to see the drive content if the password were on ... 
without that password, Linux sees it as another flash drive.
2) the U3 APIs allow the application to put password protects on 
certain private data areas


I do not know if there is crypto built-in ... for instance what does 
the drive really do when a data section has a password ? = I intend 
to use my own crypto if I need to protect data that in on the drive.


I do not think U3 is a replacement for smart cards at all, but that I 
can help promote the smart card concept by adding mobility to its 
solutions ... I could _really_ see a U3 drive and a chip in the same 
package a few years from now.



Regards,

Philippe











Peter Tomlinson wrote:


So the U3 drive is not a secure device in its own right? (i.e. it seems
to me that it does not incorporate a crypto chip such as is used in a
strong security smart card, and nor does its flash memory have the kind
of security protection against penetration that smart card flash has)

(I looked on the u3.com web site but found very little specific about
the device spec.)

Peter

Philippe C. Martin wrote:


A U3 device (www.u3.com) is a flash drive which allows for
applications installation: you plug the U3 device in the USB port and
your application is available. If the application does its job
correctly, application data is stored on the U3 device, not on the
PC.

Some of the issues I have been facing in the smart card business are:
 1) some application data cannot be written in the card because of
space (and some of the data does not need high security) 2) potential
customers are often worried about software deployment - that is
especially true for my applications as Python and wxWidget are not
part of regular OS distributions (yes, Python is for Linux) 3)
because of 1) the smart card application (card + software) is less 
mobile as the less vital data is stored on the PC (maybe encrypted

with the card, but still stuck on the PC) 4) setting up smart card
demos at a client site/business branches can be very painfull, and
salespeople are somewhat reluctant to hack PCs (another painfull
lesson)

I just feel that there are applications where a combinaison of a
smart card and a U3 device (they call them smart drives) would
greatly improve deployment/mobility issues.

Putting my solutions aside, I feel a MUSCLE application on a U3
device can make a lot of sense.

U3 drives can be found already in large stores in the US (and I live
in OK! - I do not know about other countries but I was told about U3
by a smart card professional based in France).

I hope that is clearer - I often get excited about technology and 
sometimes think I have found a great solution were people see no 
business value whatsoever :-)


Regards,

Philippe




Ludovic Rousseau wrote:


On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote:



Hi,




Hello,




I am very happy to announce the release of SCU3 V 0.1 and
SCU3Python.u3p V. 0.1.

SCU3 is a python wrapper for U3 compliant devices




What is a U3 compliant devices? Is it the devices described at
[1]? What are the links with smart cards, PC/SC, etc.?

Bye,

[1] http://www.u3.com/

-- Dr. Ludovic Rousseau For private mail use
[EMAIL PROTECTED] and not big brother Google

___ Muscle mailing list
 Muscle@lists.musclecard.com 
http://lists.drizzle.com/mailman/listinfo/muscle








 




___ Muscle mailing list 
Muscle@lists.musclecard.com 
http://lists.drizzle.com/mailman/listinfo/muscle




___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle




___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle




___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

[Muscle] Problems with BasicCard, ACR38 on Linux

2005-11-28 Thread Gary Pearman 
I've written a simple program using libbasiccard and libpcsclite that
gets the ApplicationID from a ZeitControl BasicCard. The problem is that
the program returns the correct value when run in Windows, but returns
garbage when run on Linux.

I think I'm missing something simple, but not sure what. Do I need do
something else before running the building/running the program on Linux?
I'm using SuSE 9.3 and using an ACR38 USB card reader and an enhanced
BasicCard ZC3.9, which was programmed on Windows XP.

Thanks in advance.

Gaz.


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] SCU3 released

2005-11-28 Thread Peter Williams 
I dont get it. Its a classical (removable) hard drive device. Little has 
changed here since ATA cards, and 16 bit plug and play!!


For a short time, I worked on a recent project in which a combination ST22 
secure core and an IDE bridge controller were SOC'ed together to make a 
smartcard-enabled hard drive. The smartcard had greater function that merely 
arming the bridge chip, like some of the finger sensor-enabled hard drives 
you see in the (mobile) military applications - and like the finger-enabled 
flash readers (and USB boot drives) you buy now for 79$ in US shops (from 
sandisk, lexar, etc).






From: Philippe C. Martin [EMAIL PROTECTED]
Reply-To: MUSCLE  muscle@lists.musclecard.com
To: MUSCLE muscle@lists.musclecard.com
Subject: Re: [Muscle] SCU3 released
Date: Mon, 28 Nov 2005 09:52:21 -0600

Typos, sorry :
...I need to protect data that in on the drive   ... I need to 
protect data that is on the drive 
...but that I can help promote the smart card concept ...  ... but that 
it can help promote the smart card concept ...




Philippe C. Martin wrote:


Hi,

I do not know what is behind the scene and how quickly it can be cracked 
but:
1) you can tell U3 to use a password for access (I have not tried yet but 
I read somewhere that a non-compliant U3 OS (ex: Linux today) would not be 
able to see the drive content if the password were on ... without that 
password, Linux sees it as another flash drive.
2) the U3 APIs allow the application to put password protects on certain 
private data areas


I do not know if there is crypto built-in ... for instance what does the 
drive really do when a data section has a password ? = I intend to use my 
own crypto if I need to protect data that in on the drive.


I do not think U3 is a replacement for smart cards at all, but that I can 
help promote the smart card concept by adding mobility to its solutions 
... I could _really_ see a U3 drive and a chip in the same package a few 
years from now.



Regards,

Philippe











Peter Tomlinson wrote:


So the U3 drive is not a secure device in its own right? (i.e. it seems
to me that it does not incorporate a crypto chip such as is used in a
strong security smart card, and nor does its flash memory have the kind
of security protection against penetration that smart card flash has)

(I looked on the u3.com web site but found very little specific about
the device spec.)

Peter

Philippe C. Martin wrote:


A U3 device (www.u3.com) is a flash drive which allows for
applications installation: you plug the U3 device in the USB port and
your application is available. If the application does its job
correctly, application data is stored on the U3 device, not on the
PC.

Some of the issues I have been facing in the smart card business are:
 1) some application data cannot be written in the card because of
space (and some of the data does not need high security) 2) potential
customers are often worried about software deployment - that is
especially true for my applications as Python and wxWidget are not
part of regular OS distributions (yes, Python is for Linux) 3)
because of 1) the smart card application (card + software) is less 
mobile as the less vital data is stored on the PC (maybe encrypted

with the card, but still stuck on the PC) 4) setting up smart card
demos at a client site/business branches can be very painfull, and
salespeople are somewhat reluctant to hack PCs (another painfull
lesson)

I just feel that there are applications where a combinaison of a
smart card and a U3 device (they call them smart drives) would
greatly improve deployment/mobility issues.

Putting my solutions aside, I feel a MUSCLE application on a U3
device can make a lot of sense.

U3 drives can be found already in large stores in the US (and I live
in OK! - I do not know about other countries but I was told about U3
by a smart card professional based in France).

I hope that is clearer - I often get excited about technology and 
sometimes think I have found a great solution were people see no 
business value whatsoever :-)


Regards,

Philippe




Ludovic Rousseau wrote:


On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote:



Hi,




Hello,




I am very happy to announce the release of SCU3 V 0.1 and
SCU3Python.u3p V. 0.1.

SCU3 is a python wrapper for U3 compliant devices




What is a U3 compliant devices? Is it the devices described at
[1]? What are the links with smart cards, PC/SC, etc.?

Bye,

[1] http://www.u3.com/

-- Dr. Ludovic Rousseau For private mail use
[EMAIL PROTECTED] and not big brother Google

___ Muscle mailing list
 Muscle@lists.musclecard.com 
http://lists.drizzle.com/mailman/listinfo/muscle












___ Muscle mailing list 
Muscle@lists.musclecard.com 
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] Problems with BasicCard, ACR38 on Linux

2005-11-28 Thread Gary Pearman 
On Mon, 2005-11-28 at 11:53 -0600, Philippe C. Martin wrote:
 Hi,
 
 I do not know about libbasiccard, but pcsclite works fine for me on a
 ZC5.5 (T=1) - mdk 10.1 (testing this week on suse 10.0)
 
 Regards,
 
 Philippe

The first time I run my program, I get a card busy error, the second
time it is run, it works but returns garbage instead of the application
name.

Here's some debug output, although I'm not sure it will help.

garyp:/home/garyp # pcscd -f stdout
pcscdaemon.c:238:main pcscd set to foreground with debug send to stderr
pcscdaemon.c:440:main pcsc-lite 1.2.9-beta6 daemon ready.
hotplug_libusb.c:371:HPAddHotPluggable Adding USB device: 004:004
readerfactory.c:1055:RFInitializeReader Attempting startup of ACS ACR38U
00 00.
readerfactory.c:897:RFBindFunctions Loading IFD Handler 2.0
Card ATR: 3B EF 00 FF 81 31 20 75 42 61 73 69 63 43 61 72 64 20 5A 43 33
2E 39 86
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 5
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 5
winscard_svc.c:102:ContextThread Thread is started: 5
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:68:SCardEstablishContext Establishing Context: 16992530
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 7
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 7
winscard_svc.c:102:ContextThread Thread is started: 7
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:68:SCardEstablishContext Establishing Context: 17022653
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00
winscard.c:221:SCardConnect Active Protocol: unknown 4
winscard.c:231:SCardConnect hCard Identity: 16a3f
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:1361:SCardTransmit Send Protocol: T=4
ifdwrapper.c:566:IFDControl_v2 POUET
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:607:SCardDisconnect Active Contexts: 1
winscard.c:666:SCardDisconnect Reset complete.
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00
prothandler.c:126:PHSetProtocol Attempting PTS to T=1
prothandler.c:138:PHSetProtocol PTS failed, using T=1
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:79:SCardReleaseContext Releasing Context: 16992530
winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 7
winscard_svc.c:114:ContextThread Client die: 7
winscard.c:79:SCardReleaseContext Releasing Context: 17022653
winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 5
winscard_svc.c:114:ContextThread Client die: 5
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 5
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 5
winscard_svc.c:102:ContextThread Thread is started: 5
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:68:SCardEstablishContext Establishing Context: 17016078
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 7
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 7
winscard_svc.c:102:ContextThread Thread is started: 7
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:68:SCardEstablishContext Establishing Context: 17013690
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00
winscard.c:221:SCardConnect Active Protocol: unknown 4
winscard.c:231:SCardConnect hCard Identity: 197f3
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:1361:SCardTransmit Send Protocol: T=4
ifdwrapper.c:566:IFDControl_v2 POUET
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:607:SCardDisconnect Active Contexts: 1
winscard.c:666:SCardDisconnect Reset complete.

Re: [Muscle] Problems with BasicCard, ACR38 on Linux

2005-11-28 Thread Philippe C. Martin 




Hi,

This dumps _seems_ to show pcsclite is unhappy figuring out the
protocol - did you try to force it (T=1 or T=0) ?

You might want to try with another reader also (or update its driver ?).

Regards,

Philippe



Gary Pearman wrote:

  On Mon, 2005-11-28 at 11:53 -0600, Philippe C. Martin wrote:
  
  
Hi,

I do not know about libbasiccard, but pcsclite works fine for me on a
ZC5.5 (T=1) - mdk 10.1 (testing this week on suse 10.0)

Regards,

Philippe

  
  
The first time I run my program, I get a card busy error, the second
time it is run, it works but returns garbage instead of the application
name.

Here's some debug output, although I'm not sure it will help.

garyp:/home/garyp # pcscd -f stdout
pcscdaemon.c:238:main pcscd set to foreground with debug send to stderr
pcscdaemon.c:440:main pcsc-lite 1.2.9-beta6 daemon ready.
hotplug_libusb.c:371:HPAddHotPluggable Adding USB device: 004:004
readerfactory.c:1055:RFInitializeReader Attempting startup of ACS ACR38U
00 00.
readerfactory.c:897:RFBindFunctions Loading IFD Handler 2.0
Card ATR: 3B EF 00 FF 81 31 20 75 42 61 73 69 63 43 61 72 64 20 5A 43 33
2E 39 86
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 5
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 5
winscard_svc.c:102:ContextThread Thread is started: 5
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:68:SCardEstablishContext Establishing Context: 16992530
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 7
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 7
winscard_svc.c:102:ContextThread Thread is started: 7
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:68:SCardEstablishContext Establishing Context: 17022653
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00
winscard.c:221:SCardConnect Active Protocol: unknown 4
winscard.c:231:SCardConnect hCard Identity: 16a3f
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:1361:SCardTransmit Send Protocol: T=4
ifdwrapper.c:566:IFDControl_v2 POUET
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:607:SCardDisconnect Active Contexts: 1
winscard.c:666:SCardDisconnect Reset complete.
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00
prothandler.c:126:PHSetProtocol Attempting PTS to T=1
prothandler.c:138:PHSetProtocol PTS failed, using T=1
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:79:SCardReleaseContext Releasing Context: 16992530
winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 7
winscard_svc.c:114:ContextThread Client die: 7
winscard.c:79:SCardReleaseContext Releasing Context: 17022653
winscard_msg.c:241:SHMProcessEventsContext Client has disappeared: 5
winscard_svc.c:114:ContextThread Client die: 5
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 5
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 5
winscard_svc.c:102:ContextThread Thread is started: 5
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 5
winscard.c:68:SCardEstablishContext Establishing Context: 17016078
winscard_msg.c:191:SHMProcessEventsServer Common channel packet arrival
winscard_msg.c:198:SHMProcessEventsServer SHMProcessCommonChannelRequest
detects: 7
pcscdaemon.c:136:SVCServiceRunLoop A new context thread creation is
requested: 7
winscard_svc.c:102:ContextThread Thread is started: 7
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard_svc.c:142:ContextThread Client is protocol version 2:0
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:68:SCardEstablishContext Establishing Context: 17013690
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7
winscard.c:121:SCardConnect Attempting Connect to ACS ACR38U 00 00
winscard.c:221:SCardConnect Active Protocol: unknown 4
winscard.c:231:SCardConnect hCard Identity: 197f3
winscard_msg.c:252:SHMProcessEventsContext correctly processed client: 7

Re: [Muscle] SCU3 released

2005-11-28 Thread Philippe C. Martin 

Peter Williams wrote:

I dont get it. Its a classical (removable) hard drive device. Little 
has changed here since ATA cards, and 16 bit plug and play!!


The main difference here is that one installs the application on the 
flash drive, not the PC. The application/application data is available 
on the PC _when_ the  drive is plugged and  gone when it is unplugged: 
nothing get installed on the PC.


== any vanilla XP PC out of the box will run your application

I have regular flash drives but cannot do that with them ... am I 
missing something ?


Regards,

Philippe




For a short time, I worked on a recent project in which a combination 
ST22 secure core and an IDE bridge controller were SOC'ed together to 
make a smartcard-enabled hard drive. The smartcard had greater 
function that merely arming the bridge chip, like some of the finger 
sensor-enabled hard drives you see in the (mobile) military 
applications - and like the finger-enabled flash readers (and USB boot 
drives) you buy now for 79$ in US shops (from sandisk, lexar, etc).





From: Philippe C. Martin [EMAIL PROTECTED]
Reply-To: MUSCLE  muscle@lists.musclecard.com
To: MUSCLE muscle@lists.musclecard.com
Subject: Re: [Muscle] SCU3 released
Date: Mon, 28 Nov 2005 09:52:21 -0600

Typos, sorry :
...I need to protect data that in on the drive   ... I need to 
protect data that is on the drive 
...but that I can help promote the smart card concept ...  ... 
but that it can help promote the smart card concept ...




Philippe C. Martin wrote:


Hi,

I do not know what is behind the scene and how quickly it can be 
cracked but:
1) you can tell U3 to use a password for access (I have not tried 
yet but I read somewhere that a non-compliant U3 OS (ex: Linux 
today) would not be able to see the drive content if the password 
were on ... without that password, Linux sees it as another flash 
drive.
2) the U3 APIs allow the application to put password protects on 
certain private data areas


I do not know if there is crypto built-in ... for instance what does 
the drive really do when a data section has a password ? = I intend 
to use my own crypto if I need to protect data that in on the drive.


I do not think U3 is a replacement for smart cards at all, but that 
I can help promote the smart card concept by adding mobility to 
its solutions ... I could _really_ see a U3 drive and a chip in the 
same package a few years from now.



Regards,

Philippe











Peter Tomlinson wrote:

So the U3 drive is not a secure device in its own right? (i.e. it 
seems

to me that it does not incorporate a crypto chip such as is used in a
strong security smart card, and nor does its flash memory have the 
kind

of security protection against penetration that smart card flash has)

(I looked on the u3.com web site but found very little specific about
the device spec.)

Peter

Philippe C. Martin wrote:


A U3 device (www.u3.com) is a flash drive which allows for
applications installation: you plug the U3 device in the USB port and
your application is available. If the application does its job
correctly, application data is stored on the U3 device, not on the
PC.

Some of the issues I have been facing in the smart card business are:
 1) some application data cannot be written in the card because of
space (and some of the data does not need high security) 2) potential
customers are often worried about software deployment - that is
especially true for my applications as Python and wxWidget are not
part of regular OS distributions (yes, Python is for Linux) 3)
because of 1) the smart card application (card + software) is less 
mobile as the less vital data is stored on the PC (maybe encrypted

with the card, but still stuck on the PC) 4) setting up smart card
demos at a client site/business branches can be very painfull, and
salespeople are somewhat reluctant to hack PCs (another painfull
lesson)

I just feel that there are applications where a combinaison of a
smart card and a U3 device (they call them smart drives) would
greatly improve deployment/mobility issues.

Putting my solutions aside, I feel a MUSCLE application on a U3
device can make a lot of sense.

U3 drives can be found already in large stores in the US (and I live
in OK! - I do not know about other countries but I was told about U3
by a smart card professional based in France).

I hope that is clearer - I often get excited about technology and 
sometimes think I have found a great solution were people see no 
business value whatsoever :-)


Regards,

Philippe




Ludovic Rousseau wrote:


On 28/11/05, Philippe C. Martin [EMAIL PROTECTED] wrote:



Hi,




Hello,




I am very happy to announce the release of SCU3 V 0.1 and
SCU3Python.u3p V. 0.1.

SCU3 is a python wrapper for U3 compliant devices




What is a U3 compliant devices? Is it the devices described at
[1]? What are the links with smart cards, PC/SC, etc.?

Bye,

[1] http://www.u3.com/

-- Dr. Ludovic Rousseau For private mail use

Re: [Muscle] New pcsc-lite 1.2.9-beta9 available

2005-11-28 Thread Douglas E. Engert 

Two problems:
(1) minor problem that may have been around before:

The libpcsclite.pc created with pcslite-1.2.9-beta9 has:

  includedir=${prefix}/include/PCSC

When pkgconfig is used with ccid-0.9.4 the code tries to
include PCSC/pcsclite.h and PCSC/ifdhandler.h
which are not found as directory levels don't match.

One or the other should be changed.


(2) In previous versions of ccid I set CPPFLAGS=-I/$prefix/include
to get around (1) before running configure. In ccid-0.9.4, the CPPFLAGS
appears to be ignored. It looks like configure.in line 135 is in error:

--- ,configure.in   Fri Nov 25 08:32:38 2005
+++ configure.inMon Nov 28 11:36:54 2005
@@ -132,7 +132,7 @@
AC_CHECK_LIB(usb, usb_get_string_simple, [LIBUSB=$LIBUSB -lusb],
[ AC_MSG_ERROR([your libusb is too old. install version 0.1.7 
or above]) ])

-   CPPFLAGS=$saved_LIBS
+   CPPFLAGS=$saved_CPPFLAGS
LIBS=$saved_LIBS
 fi
 AC_SUBST(LIBUSB_CFLAGS)


Ludovic Rousseau wrote:


Hello,

I just released a new version of pcsc-lite. It is version 1.2.9-beta9
and is available at [1].

Changelog:
pcsc-lite-1.2.9-beta9: Ludovic Rousseau
27 November 2005
- add/improve support of PIN pad readers
  . define HOST_TO_CCID_16() and HOST_TO_CCID_32() macro to convert 16 and
32-bits data to the CCID format (replace HOST_TO_CCID)
- add support of SUN C compiler and try to avoid GCC specific features
  (Heiko Nardmann)
- SCardGetStatusChange():
  . exists if the list of readers changed (one reader added) so that the
application can update its list of readers (Najam Siddiqui)
  . correct a bug when two contexts where used (Najam Siddiqui)
- add support of Solaris 10 IFDhandler (Douglas E. Engert)
- allow pcsc-lite to be compiled without (f)lex installed
- add a TODO file. Help/money needed here.
- improve Doxygen documentation
- some other minor improvements and bug corrections

I hope it will be the last beta version before the awaited stable
version 1.3.0. So please test it and report any bugs.

Thanks,

[1] https://alioth.debian.org/project/showfiles.php?group_id=30105

--
 Dr. Ludovic Rousseau
 For private mail use [EMAIL PROTECTED] and not big brother Google

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle




--

 Douglas E. Engert  [EMAIL PROTECTED]
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Re: [Muscle] SCU3 released

2005-11-28 Thread Peter Williams 





From: Philippe C. Martin [EMAIL PROTECTED]
Reply-To: MUSCLE  muscle@lists.musclecard.com
To: MUSCLE muscle@lists.musclecard.com
Subject: Re: [Muscle] SCU3 released
Date: Mon, 28 Nov 2005 12:41:38 -0600

Peter Williams wrote:

I dont get it. Its a classical (removable) hard drive device. Little has 
changed here since ATA cards, and 16 bit plug and play!!


The main difference here is that one installs the application on the flash 
drive, not the PC. The application/application data is available on the PC 
_when_ the  drive is plugged and  gone when it is unplugged: nothing get 
installed on the PC.


== any vanilla XP PC out of the box will run your application

I have regular flash drives but cannot do that with them ... am I missing 
something ?


While memory sticks, CF cards, ATA cards (me old!), smartmedia devices are 
just flash, with a FAT support licensed from Microsoft, the USB frm factor 
of the same flash devices in the US shops tend to come with applications. 
All the finger-print enable USB flash drives have come with form-filling 
password managers for years. Whats interesting recently, is that through 
USB-interfaced file-based mailboxes, the Pentium application (such as 
Sandisk's GINA plugin) can interact with the matching algorithms on the CPU 
of the bio-capable flash drive, as a USB peer (versus a dumb flash data 
store).


So, in the U3 case, which CPU executes the application?

If its the Pentium CPU, then one presumes the application is a Win32 
application, loads into virtual memory, may or may not write to other data 
stores, is subject to the windows execution model, and the Intel 
instruction-level security model, and may or may not require Windows/.NET 
security privileges to get its application work done. Presumably, one needs 
to sign the media files, so that upon loading windows trusts the publisher 
using Windows/W3c/java code signing mechanisms, assigns privileges 
authomatically, runs the PE image -once loaded -  through the virus checker, 
etc. such that the user see none of the behind the scenes activty ensuring 
integrity.


Are we talking about a USB flash drive in which there are autorun files 
created for the .exe files stored on the media, just like on a CD R-W?


If the application is running on the CPU of the flash controller yet images 
on a remote desktop over (wireless) USB channel, thats more interesting. We 
met an entrepreneur earlier in the year who wanted to do this.




Regards,

Philippe




For a short time, I worked on a recent project in which a combination ST22 
secure core and an IDE bridge controller were SOC'ed together to make a 
smartcard-enabled hard drive. The smartcard had greater function that 
merely arming the bridge chip, like some of the finger sensor-enabled hard 
drives you see in the (mobile) military applications - and like the 
finger-enabled flash readers (and USB boot drives) you buy now for 79$ in 
US shops (from sandisk, lexar, etc).





From: Philippe C. Martin [EMAIL PROTECTED]
Reply-To: MUSCLE  muscle@lists.musclecard.com
To: MUSCLE muscle@lists.musclecard.com
Subject: Re: [Muscle] SCU3 released
Date: Mon, 28 Nov 2005 09:52:21 -0600

Typos, sorry :
...I need to protect data that in on the drive   ... I need to 
protect data that is on the drive 
...but that I can help promote the smart card concept ...  ... but 
that it can help promote the smart card concept ...




Philippe C. Martin wrote:


Hi,

I do not know what is behind the scene and how quickly it can be cracked 
but:
1) you can tell U3 to use a password for access (I have not tried yet 
but I read somewhere that a non-compliant U3 OS (ex: Linux today) would 
not be able to see the drive content if the password were on ... without 
that password, Linux sees it as another flash drive.
2) the U3 APIs allow the application to put password protects on certain 
private data areas


I do not know if there is crypto built-in ... for instance what does the 
drive really do when a data section has a password ? = I intend to use 
my own crypto if I need to protect data that in on the drive.


I do not think U3 is a replacement for smart cards at all, but that I 
can help promote the smart card concept by adding mobility to its 
solutions ... I could _really_ see a U3 drive and a chip in the same 
package a few years from now.



Regards,

Philippe











Peter Tomlinson wrote:


So the U3 drive is not a secure device in its own right? (i.e. it seems
to me that it does not incorporate a crypto chip such as is used in a
strong security smart card, and nor does its flash memory have the kind
of security protection against penetration that smart card flash has)

(I looked on the u3.com web site but found very little specific about
the device spec.)

Peter

Philippe C. Martin wrote:


A U3 device (www.u3.com) is a flash drive which allows for
applications installation: you plug the U3 device in the USB port and
your application is available. If the application

Re: [Muscle] SCU3 released

2005-11-28 Thread Philippe C. Martin 

Hi,



While memory sticks, CF cards, ATA cards (me old!), smartmedia devices 
are just flash, with a FAT support licensed from Microsoft, the USB 
frm factor of the same flash devices in the US shops tend to come with 
applications. All the finger-print enable USB flash drives have come 
with form-filling password managers for years. Whats interesting 
recently, is that through USB-interfaced file-based mailboxes, the 
Pentium application (such as Sandisk's GINA plugin) can interact with 
the matching algorithms on the CPU of the bio-capable flash drive, as 
a USB peer (versus a dumb flash data store).


So, in the U3 case, which CPU executes the application?


The PC's



If its the Pentium CPU, then one presumes the application is a Win32 
application, loads into virtual memory, may or may not write to other 
data stores, is subject to the windows execution model, and the Intel 
instruction-level security model, and may or may not require 
Windows/.NET security privileges to get its application work done. 
Presumably, one needs to sign the media files, so that upon loading 
windows trusts the publisher using Windows/W3c/java code signing 
mechanisms, assigns privileges authomatically, runs the PE image -once 
loaded -  through the virus checker, etc. such that the user see none 
of the behind the scenes activty ensuring integrity.


Actually, U3 has some (fairly simple .. looks like) accreditation 
procedure but there is no application application signature procedure 
yet that I have seen.


Yes, at this time, a U3 compliant application is a windows application 
(at least) with support for the U3 SDK (at most).


I do hope they will go for Linux (clearly, I think, installing pcsclite 
means sudoing some stuff, but there is a fair chance it could be done)




Are we talking about a USB flash drive in which there are autorun 
files created for the .exe files stored on the media, just like on a 
CD R-W?


Yes and no: they have apparently at least two partitions mounted, one of 
which looks to windows like a CDROM... thus the autostart. The latter 
loads their own application (Launchpad) which, in turns, gives access to 
the U3 compliant applications.


Check out this link: http://www.everythingusb.com/u3.html



If the application is running on the CPU of the flash controller yet 
images on a remote desktop over (wireless) USB channel, thats more 
interesting. We met an entrepreneur earlier in the year who wanted to 
do this.


That'd be nice, but I feel a flash drive embedded CPU, powered by a USB 
bus will never reach (at least not in my life time (I'm old too -:) )) 
the CPU/bus speed necessary to handle a regular PC application.


I just feel they've opened a techno-door which could bring many neat 
possibilities ... and give opportunities to us smart card addicts.



Regards,

Philippe



Regards,

Philippe




For a short time, I worked on a recent project in which a 
combination ST22 secure core and an IDE bridge controller were 
SOC'ed together to make a smartcard-enabled hard drive. The 
smartcard had greater function that merely arming the bridge chip, 
like some of the finger sensor-enabled hard drives you see in the 
(mobile) military applications - and like the finger-enabled flash 
readers (and USB boot drives) you buy now for 79$ in US shops (from 
sandisk, lexar, etc).





From: Philippe C. Martin [EMAIL PROTECTED]
Reply-To: MUSCLE  muscle@lists.musclecard.com
To: MUSCLE muscle@lists.musclecard.com
Subject: Re: [Muscle] SCU3 released
Date: Mon, 28 Nov 2005 09:52:21 -0600

Typos, sorry :
...I need to protect data that in on the drive   ... I need 
to protect data that is on the drive 
...but that I can help promote the smart card concept ...  ... 
but that it can help promote the smart card concept ...




Philippe C. Martin wrote:


Hi,

I do not know what is behind the scene and how quickly it can be 
cracked but:
1) you can tell U3 to use a password for access (I have not tried 
yet but I read somewhere that a non-compliant U3 OS (ex: Linux 
today) would not be able to see the drive content if the password 
were on ... without that password, Linux sees it as another flash 
drive.
2) the U3 APIs allow the application to put password protects on 
certain private data areas


I do not know if there is crypto built-in ... for instance what 
does the drive really do when a data section has a password ? = I 
intend to use my own crypto if I need to protect data that in on 
the drive.


I do not think U3 is a replacement for smart cards at all, but 
that I can help promote the smart card concept by adding 
mobility to its solutions ... I could _really_ see a U3 drive and 
a chip in the same package a few years from now.



Regards,

Philippe











Peter Tomlinson wrote:

So the U3 drive is not a secure device in its own right? (i.e. it 
seems
to me that it does not incorporate a crypto chip such as is used 
in a
strong security smart card, and nor does its flash memory have 
the

Re: [Muscle] New pcsc-lite 1.2.9-beta9 available

2005-11-28 Thread Ludovic Rousseau 
On 28/11/05, Douglas E. Engert [EMAIL PROTECTED] wrote:
 Two problems:
 (1) minor problem that may have been around before:

 The libpcsclite.pc created with pcslite-1.2.9-beta9 has:

includedir=${prefix}/include/PCSC

 When pkgconfig is used with ccid-0.9.4 the code tries to
 include PCSC/pcsclite.h and PCSC/ifdhandler.h
 which are not found as directory levels don't match.

 One or the other should be changed.

Exact. I will remove the PCSC/ prefix in the ccid driver source files.

 (2) In previous versions of ccid I set CPPFLAGS=-I/$prefix/include
 to get around (1) before running configure. In ccid-0.9.4, the CPPFLAGS
 appears to be ignored. It looks like configure.in line 135 is in error:

 --- ,configure.in   Fri Nov 25 08:32:38 2005
 +++ configure.inMon Nov 28 11:36:54 2005
 @@ -132,7 +132,7 @@
 AC_CHECK_LIB(usb, usb_get_string_simple, [LIBUSB=$LIBUSB -lusb],
 [ AC_MSG_ERROR([your libusb is too old. install version 0.1.7 
 or above]) ])

 -   CPPFLAGS=$saved_LIBS
 +   CPPFLAGS=$saved_CPPFLAGS
 LIBS=$saved_LIBS
   fi
   AC_SUBST(LIBUSB_CFLAGS)

I corrected this bug yesterday.

I also changed the pcsc-lite detection code. You will now have to use
./configure PCSC_CFLAGS=... if you want to have the same results.

Thanks,

--
 Dr. Ludovic Rousseau
 For private mail use [EMAIL PROTECTED] and not big brother Google

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle