Re: [opensc-devel] 'max_recv_size' and 'Le'
Martin Paljak wrote: On Sep 7, 2010, at 4:56 PM, Viktor TARASOV wrote: I suggest to let card drivers blindly set max sizes and only further limit them in card.c if reader has also limitations. I do not have deep insight into the readers capacities, but for me it looks like an optimal solution for the random card connected to the random reader, Do you know anyone who actually uses the reader level payload restriction configuration? No such knowledge. [1] http://pcsclite.alioth.debian.org/ccid/dwMaxCCIDMessageLength.html [2] http://www.opensc-project.org/pipermail/opensc-devel/2006-November/009199.html -- Viktor Tarasov viktor.tara...@opentrust.com ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] card-max_recv_size problem
Hello, On Sep 13, 2010, at 12:19 AM, Peter Koch wrote: tcos_init() does NOT set card-max_recv_size and therefore some default value (i.e. 256) was used. With current svn this does not work anymore. sc_read_binary() checks wether count card-max_recv_size and then tries to read count bytes in chunks of card-max_recv_size. If card-max_recv_size is 0 this fails. Should I set card-max_recv_size and card-max_send_size in tcos_init()? No. Sorry, this place was erroneously left untouched and is fixed in SVN trunk. Please verify that it works as expected. max_recv/send_size in both a reader driver and card driver should only be used instead of defaults (255/256) if they are set (0), not magically propagated from a default reader limit to a reader limit to a default card limit to a limited card limit. In fact, as the driver-max_recv/send_ size is not used by reader drivers themselves, I don't think it makes sense to keep them as reader driver options. Instead, they should be moved to default options set. Especially as there is only a single reader driver enabled at a time now. This will fix the problem with TCOS-cards but there are other drivers that do NOT set max_recv_size (i.e. card-cardos.c) No card driver should set it unless it can't handle 255/256 for Lc/Le, and the list of drivers that do this are: card-acos5.c card-akis.c card-atrust-acos.c card-entersafe.c card-gpk.c card-miocos.c card-myeid.c card-piv.c card-starcos.c card-westcos.c -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Fix Bug Cardmod
JEAN Guillaume wrote: Hello, Here is a patch that fixes the problem debug level 9 in the cardmod. Two small error in the function parameter. Thank you for the patch, it has been applied in r4701. Sincerlly, GJean Kind wishes, Viktor. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Viktor Tarasov viktor.tara...@opentrust.com ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] MyEID microSD
Martin Paljak wrote: On Sep 12, 2010, at 8:42 PM, Peter Koch wrote: I got two testcards from certgate in 2008. One was java-based and one contained a TCOS3-chip. They were planning to offer an ifd-handler for linux. Since OpenSC has TCOS3 support this microSD-card might work in combination with PCSClite and a vendor supplied ifd-handler. I think the most important piece that is missing is indeed the ifd-handler. If the microSD interface will be vendor specific, there will be a need for something like OpenCT, which will not be very nice. Something similar to what CCID is for USB is needed for microSD, so that support could exist without (binary only) vendor drivers. If there will be multiple vendors who provide such conformant microSD cards, the problem of the on-card OS or applet will be similar to what OpenSC currently faces. If there is no on-line provisioning support the scheme will fail anyway. Anders ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] MyEID microSD
Martin Paljak wrote: If the microSD interface will be vendor specific, I think it is, sorta. there will be a need for something like OpenCT, which will not be very nice. Yes. Something similar to what CCID is for USB is needed for microSD, so that support could exist without (binary only) vendor drivers. Two problems: 1. System SD access OS specific. I don't know if supported OpenSC systems other than Linux even has an SD API. In any case it's not compatible. 2. Card access over above SD access This is the protocol I think you refer to. SD seems more like PCMCIA than USB so I'd be quite surprised if there was any standardization effort for these microSD cards, even if they perform similar tasks. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked
Hello, On Sep 12, 2010, at 7:46 PM, Peter Koch wrote: pkcs15-tcos.c has not been modified for a long time (except some minor cosmetic changes). So something else must have changed. Correct. I just did a quick grep LOGIN_REQUIRED *.c and it seems that only the WestCOS and OpenPGP emulations set LOGIN_REQUIRED while all other emulation-routines don't. CKF_LOGIN_REQUIRED from PKCS#11 (which is the flag missing in the 0.12 version for TCOS card) does not map 1:1 to TokenInfo.flags-loginRequired. (From PCKS#15): TokenInfo.tokenflags: This field contains information about the token per se. Flags include: ... if login (i.e. authentication) is required before accessing any data, ... So in PKCS#11 terms it is maybe more similar to CKA_PRIVATE, because: (From PKCS#11): Applications are not required to log into the token to view “public objects”; however, to view “private objects”, a user must be authenticated to the token by a PIN or some other token-dependent method (for example, a biometric device). CKF_LOGIN_REQUIRED: True if there are some cryptographic functions that a user must be logged in to perform Further, CKF_LOGIN_REQUIRED is not set based on the existence of SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED, but if the tokens are arranged so that a slot will contain an authentication object [1] If LOGIN_REQUIRED must now be set from within the emulation-routine and if that was not necessary before then the LOGIN_REQUIRED flag will be now missing for every card that has a pkcs15-emulation (except WestCOS and OpenPGP). No, it should not be touched, the root cause should be identified instead. Mapping of objects is probably the culprit. [1] http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L798 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC and Visual Studio
Hello, I created a Visual Studio 2010 solution for OpenSC. It can use the debug mode with breakpoints. And also out a release. I try to make this version to be usable by all people without much change in configuration of Visual Studio. I am trying to do the documentation for installing and using this version. So I wanted to know if the version you want ? Sincerely, GJean ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Multiple ACLs
Viktor TARASOV wrote: actually pkcs15init takes into account the possibility of multiple ACLs for one operation. Is it really used? Multiple ACLs appear as linked list associated to operation, for example, when loading generic profile 'pkcs15' and then the card specific one. More attentive examination shows that the common ACLs settings from the 'pkcs15.profile' can be completely overwritten by the card's profile, if the first ACL pair in the card's profile uses the 'wildcard'. For example: ACL = *=NEVER,READ=NONE,UPDATE=$PIN; Authentication of an operation in pkcs15init requests to validate all the PINs from the associated list (if there are no 'NONE' or ''NEVER' in the same list). As for me, the expected behavior in this situation has to be 'overwrite the generic settings with the card specific one'. Multiple ACLs concern only the files instantiated from profile. In libopensc all(?) card specific FCP encoders use only the first acl from the list. It appears that this common mechanism is implemented for the 'gpk' and 'cflex' drivers: the first one can encode two PIN references in one byte of ACL, in the second one it's used for the 'CHV AUT' protection mode. So, I propose to abandon multiple ACLs, because it complicates the creation of a new objects for the OpenSC PKCS#11 module. For a while, I retrieve my suggestion. Probably in future the 'multiple ACLs' will need re-implementation -- when other then 'and' logical operation with the ACL authentication factors will be asked for. The actual problem with Aventra card can be solved by changing of some ACLs and using of 'wildcard' in its card profile. Kind wishes, Viktor. -- Viktor Tarasov viktor.tara...@opentrust.com ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Rv: OpenSC-0.12.0 and Spanish DNIe
Mensaje original De: alejandro@gmail.com Fecha: 12/09/2010 12:09 Para: jons...@terra.es Asunto: Re: [opensc-devel] Rv: OpenSC-0.12.0 and Spanish DNIe 2010/9/10 jons...@terra.es jons...@terra.es: I've checked this behaviour in the same computer and three different card readers: ( Dell Studio 17, Fedora 13 fully updated, opensc-dnie from Martin's github ) - Towitoko (serial) card reader + openct. No work at all (neither firefox nor opensc commandline tools) - Omnikey cardman 4321 (ExpressCard): Authentication works, Signature fails (same as old OpenSC-0.11.x dnie version) - LTC31v2: (USB) shows the behaviour described in last post It's strange: Last two readers are standard CCID ones, and should show same behaviour. In fact Omnikey uses USB connections from ExpressCard slot.. Dammit! I've tried to update my LTC31 card reader, by mean of instructions at http://www.c3po.es/pv_ltc31.html#version_firmware_ltc31 And at the end I've finished with the reader's firmware updated... but with my DNIe card broken (ATR ending with 65 81 - Card Memory faillure ) So my DNIe no longer works. Sorry Martin, I need to go to a police office to get my DNIe working back again. So cannot send logs :-( OpenSC comand line apps seems to work DGP DNI test page: http://www.dnielectronico.es/como_utilizar_el_dnie/verificar.html You could check openoffice documment signing. With opensc-0.11.13 I compiled the free drivers and signing with openoffice worked OK but firefox returned an ssl error. ¿Are you sure? ... OpenOffice uses same mechanism and routines than FF to handle certificates. Anyway, I cannot continue testing until I go to a police office to re-initialize my DNIe card ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with 2K keys and MyEID
Viktor TARASOV wrote:
Aventra development wrote:
pkcs11-tool works, but pkcs#11 module does not when using Firefox).
Other problems with firefox is that certificate enrollment does not
work when using the pkcs#11 module, e.g. when using this site:
pkitest.gdm.de/starsign
Actually in MyEID profile some operations that should be executed
during the card enrollment are protected
by SOPIN.
It's rather difficult to supply SOPIN for PKCS#11 module inside the
User session.
Here is patch with the working version of MyEID profile.
Not all changes in this patch are justified, but it can be tuned later.
There is also the problem of 'Multiple ACLs'
http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014803.html
Here is also the patch that allows (in a temporary manner) to pass-by
the problem of 'Multiple ACLs'.
With these two patchs I can import pkcs12 with Firefox in Windows.
PIN change/unblock with pkcs15-tool also 'working for me'.
Finally 'Multiple ACLs' do not concerns your card,
is you would make some changes to the ACLs of the xDF files in your card
profile.
Here is the 'diff' to your profile, that works for me with opensc-pkcs11
Firefox on Windows.
Kind wishes,
Viktor.
Index: src/pkcs15init/myeid.profile
===
--- src/pkcs15init/myeid.profile(révision 4714)
+++ src/pkcs15init/myeid.profile(copie de travail)
@@ -92,13 +92,13 @@
DF PKCS15-AppDF {
type = DF;
file-id = 5015;
-acl = DELETE=NONE, CREATE=$SOPIN;
+acl = DELETE=NONE, CREATE=$PIN;
EF PKCS15-ODF {
file-id = 5031;
structure = transparent;
size = $odf-size;
- acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-TokenInfo {
@@ -118,53 +118,53 @@
file-id = 4401;
structure = transparent;
size = $aodf-size;
-acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
+acl = *=NEVER, READ=NONE, UPDATE=$SOPIN,
DELETE=$SOPIN;
}
EF PKCS15-PrKDF {
file-id = 4402;
structure = transparent;
size = $prkdf-size;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-PuKDF {
file-id = 4403;
structure = transparent;
size = $pukdf-size;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-CDF {
file-id = 4404;
structure = transparent;
size = $cdf-size;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-DODF {
file-id = 4405;
structure = transparent;
size = $dodf-size;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF template-private-key {
type = internal-ef;
file-id = 4B01;
- acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
}
EF template-public-key {
structure = transparent;
file-id = 5501;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
}
EF template-certificate {
file-id = 4301;
structure = transparent;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
template key-domain {
@@ -173,19 +173,19 @@
EF private-key {
file-id = 4B00;
type = internal-ef;
-acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+acl = *=NEVER, READ=NONE, UPDATE=$PIN,
DELETE=$SOPIN, GENERATE=$PIN;
}
EF public-key {
file-id =
Re: [opensc-devel] OpenSC-0.12 and Spanish DNIe
Il giorno mer, 08/09/2010 alle 22.26 +0200, jons...@terra.es ha scritto: ... I'm very curious about SM in DNIe , is it used in normal operations by the card holder (passing PIN, PKCS1 encryption) ? Yes. Ok, the same happens for italian CNS cards. In that case, SM uses symmetric cryptograpy? And how SM static key distribution problem was solved? Well, there are two ways: - For normal operations , a public/private key pair is stored in the library file. It's stupid, I agree. Moreover, the Spanish DGP (DNIe issuer) wants to keep keys secret... but everyone knows them and there are several programs to extract keys from binary files So, no symmetric keys in middleware, i guess that encryption keys are negotiated each session. I stress that in the italian CNS case the same *symmetric* encryption SM keys present on the card are released along with the libraries, so no chance to change them. In the spanish case there is one more level of indirection; in theory, public and private keys for SM in DNIe could be released on a per-user basis. This is clearly not possible in CNS case. - Some special operations (i.e. change pin) requires a SSL connection to DGP to get encrypted apdu comands to open special channel with the card. these operations are not supported by dnie opensc code. AFAIK these methods are standard and defined in several documents (no links now, sorry) So yes, as the italian case SM keys are embedded in the middleware The keys for generating them, if understand well, not the keys themselves; the italian situation is worse. Many thanks for these informations! bye, rob ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release
Hi, now I detected another flaw in 0.12.0: After some idle time the browser seems to forget completely about the chip card. If you request an encrypted web page, a ssl handshake error is displayed. For production purposes I'm now returning to opensc2 0.11.4-5+lenny1, the last opensc working with both TCOS and CardOS. @Andre: At the moment I'm not testing your patch because of Peter's argument. @Peter @Andre: If you want me to test, please give instructions. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release
Hello. From your log I see that the user PIN is marked as unblocking PIN: PIN [PIN] Com. Flags: 0x3 ID: 01 Flags : [0x51], case-sensitive, initialized, unblockingPin Length: min_len:6, max_len:16, stored_len:16 Pad char : 0x00 Reference : 0 Type : ascii-numeric Path : 5000 Tries left: 10 OpenSC 0.12.0 ignores unblocking PIN-s [2] as slot authentication objects. The TCOS driver marks the user PIN as unblocking PIN [3], which I believe is incorrect (only PUK should have the unblocking code flag set) tcos-unblockpin.patch Description: Binary data The attached patch should fix this. Peter, please add your comment. On Sep 13, 2010, at 2:34 PM, Johannes Becker wrote: now I detected another flaw in 0.12.0: After some idle time the browser seems to forget completely about the chip card. If you request an encrypted web page, a ssl handshake error is displayed. Please send the debug log. The PC/SC reader handling shall improve before final release, there are two outstanding bugs in it. [1] http://www.uni-giessen.de/~g013/opensc/report-bug.txt [2] http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L919 [3] http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15-tcos.c?rev=4250#L305 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked
Hello, On Sep 13, 2010, at 12:04 PM, Martin Paljak wrote: I just did a quick grep LOGIN_REQUIRED *.c and it seems that only the WestCOS and OpenPGP emulations set LOGIN_REQUIRED while all other emulation-routines don't. CKF_LOGIN_REQUIRED from PKCS#11 (which is the flag missing in the 0.12 version for TCOS card) does not map 1:1 to TokenInfo.flags-loginRequired. (From PCKS#15): TokenInfo.tokenflags: This field contains information about the token per se. Flags include: ... if login (i.e. authentication) is required before accessing any data, ... So in PKCS#11 terms it is maybe more similar to CKA_PRIVATE, because: (From PKCS#11): Applications are not required to log into the token to view “public objects”; however, to view “private objects”, a user must be authenticated to the token by a PIN or some other token-dependent method (for example, a biometric device). CKF_LOGIN_REQUIRED: True if there are some cryptographic functions that a user must be logged in to perform Further, CKF_LOGIN_REQUIRED is not set based on the existence of SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED, but if the tokens are arranged so that a slot will contain an authentication object [1] Actually I think OpenSC should not try to set SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED (loginRequired in TokenInfo.flags) at all. The description in PKCS#15 v1.1 is too broad to be precisely useful and as OpenSC does not make any use of the flag (in PKCS#11 or Tokend or elsewhere), it should be left untouched. What I read out from the spec is that loginRequired should be set if the token refuses to give out *anything* before a successful PIN verification (with the exception of TokenInfo file itself, apparently ;) ). Something that NSS assumes without the friendly certs flag set on a slot (first a PIN prompt and C_Login, even if certificates are publicly readable) Also, the two emulation drivers that set the flag do it mot probably erroneously (the flag sounds as useful at first) and pkcs15init should not try to set it either [1] and only set SC_PKCS15_CARD_FLAG_USER_PIN_INITIALIZED. [1] http://www.opensc-project.org/opensc/changeset/4130 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
Based on Google, visitors to opensc-project.org consist of ~60% Windows users, ~30% Linux users and ~10% Mac OS X users (57%, 27%, 12%), which is not a scientific fact or result of a study, but still shows something. Dear all, A user is asking us for a Windows 7 64bit OpenSC 0.12 installer: http://www.gooze.eu/forums/support/installation/getting-feitian-pki-card-working-win7-x64 OpenSC experimental installer seems to be for 32bit Windows: http://www.opensc-project.org/files/contrib/OpenSC-0.12.0.exe Alonb did provide a Windows64 experimental installer, but it rather old: http://www.opensc-project.org/downloads/users/alonbl/temp/opensc-x86_64-w64-mingw32-010-setup.exe Is there a way to get an OpenSC 0.12 installer for Windows 7? Kind regards, Jean-Michel -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
I try to compile now. 2010/9/13 Jean-Michel Pouré - GOOZE jmpo...@gooze.eu Based on Google, visitors to opensc-project.org consist of ~60% Windows users, ~30% Linux users and ~10% Mac OS X users (57%, 27%, 12%), which is not a scientific fact or result of a study, but still shows something. Dear all, A user is asking us for a Windows 7 64bit OpenSC 0.12 installer: http://www.gooze.eu/forums/support/installation/getting-feitian-pki-card-working-win7-x64 OpenSC experimental installer seems to be for 32bit Windows: http://www.opensc-project.org/files/contrib/OpenSC-0.12.0.exe Alonb did provide a Windows64 experimental installer, but it rather old: http://www.opensc-project.org/downloads/users/alonbl/temp/opensc-x86_64-w64-mingw32-010-setup.exe Is there a way to get an OpenSC 0.12 installer for Windows 7? Kind regards, Jean-Michel -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
Is opensc-0.12 released? Or should I use trunk? On Mon, Sep 13, 2010 at 4:40 PM, Alon Bar-Lev alon.bar...@gmail.com wrote: I try to compile now. 2010/9/13 Jean-Michel Pouré - GOOZE jmpo...@gooze.eu Based on Google, visitors to opensc-project.org consist of ~60% Windows users, ~30% Linux users and ~10% Mac OS X users (57%, 27%, 12%), which is not a scientific fact or result of a study, but still shows something. Dear all, A user is asking us for a Windows 7 64bit OpenSC 0.12 installer: http://www.gooze.eu/forums/support/installation/getting-feitian-pki-card-working-win7-x64 OpenSC experimental installer seems to be for 32bit Windows: http://www.opensc-project.org/files/contrib/OpenSC-0.12.0.exe Alonb did provide a Windows64 experimental installer, but it rather old: http://www.opensc-project.org/downloads/users/alonbl/temp/opensc-x86_64-w64-mingw32-010-setup.exe Is there a way to get an OpenSC 0.12 installer for Windows 7? Kind regards, Jean-Michel -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
On Sep 13, 2010, at 6:02 PM, Alon Bar-Lev wrote: Is opensc-0.12 released? Or should I use trunk? You should use trunk. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
On Sep 13, 2010, at 5:38 PM, Jean-Michel Pouré - GOOZE wrote: Based on Google, visitors to opensc-project.org consist of ~60% Windows users, ~30% Linux users and ~10% Mac OS X users (57%, 27%, 12%), which is not a scientific fact or result of a study, but still shows something. Dear all, A user is asking us for a Windows 7 64bit OpenSC 0.12 installer: http://www.gooze.eu/forums/support/installation/getting-feitian-pki-card-working-win7-x64 OpenSC experimental installer seems to be for 32bit Windows: http://www.opensc-project.org/files/contrib/OpenSC-0.12.0.exe Unless you need to use the PKCS#11 module in a 64bit application, you don't need a 64 bit OpenSC. For example, OpenVPN windows installer is 32bit, so is Firefox. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
OK. I have the images, hope it is working. But using the svn to upload these takes forever, if someone has ssh account somewhere I will send it to him much quickly. On Mon, Sep 13, 2010 at 5:20 PM, Martin Paljak mar...@martinpaljak.net wrote: On Sep 13, 2010, at 6:02 PM, Alon Bar-Lev wrote: Is opensc-0.12 released? Or should I use trunk? You should use trunk. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?
Available: http://www.opensc-project.org/downloads/users/alonbl/temp/opensc-i686-w64-mingw32-010-setup.exe http://www.opensc-project.org/downloads/users/alonbl/temp/opensc-x86_64-w64-mingw32-010-setup.exe On Mon, Sep 13, 2010 at 6:45 PM, Alon Bar-Lev alon.bar...@gmail.com wrote: OK. I have the images, hope it is working. But using the svn to upload these takes forever, if someone has ssh account somewhere I will send it to him much quickly. On Mon, Sep 13, 2010 at 5:20 PM, Martin Paljak mar...@martinpaljak.net wrote: On Sep 13, 2010, at 6:02 PM, Alon Bar-Lev wrote: Is opensc-0.12 released? Or should I use trunk? You should use trunk. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] card-max_recv_size problem
Hi Martin! 2010/9/13 Martin Paljak mar...@paljak.pri.ee Should I set card-max_recv_size and card-max_send_size in tcos_init()? No. Sorry, this place was erroneously left untouched and is fixed in SVN trunk. Please verify that it works as expected. Not yet! I had to replace line 122 of iso7816.c assert(count = card-max_recv_size); by assert(count = card-max_recv_size0 ? card-max_recv_size : 256); And then everything worked as expected. Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
