Re: [opensc-devel] westcos still fakes crypto hardware
Hello, For know I don't have patch for removing software operation on westcos, This is needed until westcos with cryptographics becomes available... But like I make my own build, I use openssl, you can build without openssl I will provide one for westcos user... It is ok for you this way? François. De : Martin Paljak A: Andre Zepezauer Cc : opensc-devel Date: 07/12/2010 19:38 Objet : Re: [opensc-devel] westcos still fakes crypto hardware Envoyé par : opensc-devel-boun...@lists.opensc-project.org Hello, On Dec 7, 2010, at 8:25 PM, Andre Zepezauer wrote: > Hello, > > the westcos driver still fakes crypto-hardware. It first extracts the > key material from the card and than performs the crypto operations in > software. Following that schema, then every card could easily support > every crypto-algorithm. OpenSSL would make it possible. What would be > the next thing in OpenSC, support for GSM/UMTS SIM cards? Do you know LGPL compatible A5/1 libraries ? :) Seriously though, a patch that removes the software operations would be useful. François, do you have one or will it break anything? Password encryption in key importing is also still present. I would really like to do a test to see if native exportable keys are supported by some cards. I know this can be done with JavaCards but don't know if any applet implements it. -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] westcos still fakes crypto hardware
Andre Zepezauer wrote: > > > support for GSM/UMTS SIM cards? > > Do you know LGPL compatible A5/1 libraries ? :) > > Only GPL, but really amazing: > http://openbsc.osmocom.org/trac/ It's lots of fun. Also see OsmocomBB, software running on an MS (a phone). There is also SIM interfacing, I'm not sure if it uses a real card interface already or if it is still just an internal interface for convenience, with no actual reader support. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] 0.11.9 --> 0.12.0
Hello Martin, not a big issue, but IMO the link to 0.11.12 in the NEWS file should be removed. See development tree below: releases 0.11.8 0.11.9 0.11.10 0.11.11 --> 0.11.12 --> 0.11.13 --> 0.11.14 0.12.0 ||| | | ||| | | ||| | | trunk X X--> trunk | | | | | | branches X---X ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] westcos still fakes crypto hardware
On Tue, 2010-12-07 at 20:38 +0200, Martin Paljak wrote: > Hello, > On Dec 7, 2010, at 8:25 PM, Andre Zepezauer wrote: > > > Hello, > > > > the westcos driver still fakes crypto-hardware. It first extracts the > > key material from the card and than performs the crypto operations in > > software. Following that schema, then every card could easily support > > every crypto-algorithm. OpenSSL would make it possible. What would be > > the next thing in OpenSC, support for GSM/UMTS SIM cards? > Do you know LGPL compatible A5/1 libraries ? :) Only GPL, but really amazing: http://openbsc.osmocom.org/trac/ > Seriously though, a patch that removes the software operations would be > useful. > > François, do you have one or will it break anything? > > Password encryption in key importing is also still present. I would really > like to do a test to see if native exportable keys are supported by some > cards. I know this can be done with JavaCards but don't know if any applet > implements it. > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] westcos still fakes crypto hardware
Hello, On Dec 7, 2010, at 8:25 PM, Andre Zepezauer wrote: > Hello, > > the westcos driver still fakes crypto-hardware. It first extracts the > key material from the card and than performs the crypto operations in > software. Following that schema, then every card could easily support > every crypto-algorithm. OpenSSL would make it possible. What would be > the next thing in OpenSC, support for GSM/UMTS SIM cards? Do you know LGPL compatible A5/1 libraries ? :) Seriously though, a patch that removes the software operations would be useful. François, do you have one or will it break anything? Password encryption in key importing is also still present. I would really like to do a test to see if native exportable keys are supported by some cards. I know this can be done with JavaCards but don't know if any applet implements it. -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] westcos still fakes crypto hardware
Hello, the westcos driver still fakes crypto-hardware. It first extracts the key material from the card and than performs the crypto operations in software. Following that schema, then every card could easily support every crypto-algorithm. OpenSSL would make it possible. What would be the next thing in OpenSC, support for GSM/UMTS SIM cards? Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] llibopensc.pc is not installed
Hi! > You're not supposed to link against libopensc via the sc_* API but use > PKCS#11. It is possible but not encouraged, thus the .pc file is > removed. Why is it not encouraged? > Why do you need libopensc.pc (or what is linking agains libopensc)? I am using smart card abstraction offered by libopensc. Greets, Frank. pgpw3Px4mzkN5.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] anyone at cartes?
Hi, You can buy single MyEID PKI cards from Aventra's web shop. The specification is provided without any cost or NDA. Card is supported in OpenSC. Prices are 11€ each (with 23% tax, about 8,95 without the tax). A bunch of 5 cards are priced at 49€ (with tax, about 39,80 without tax). You can also buy dual-interface and hybrid cards. For a price quote, contact Aventra sales e.g. by email. I suppose you still have the test cards. The card is a PKI card that corresponds to common PKI standards and the FINEID standard. It is based on JCOP. This is good solution if you are not interested in developing your own PKI applet. Kind regards, Toni > -Original Message- > From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- > boun...@lists.opensc-project.org] On Behalf Of Andreas Jellinghaus > Sent: 6. joulukuuta 2010 21:45 > To: Martin Paljak > Cc: opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] anyone at cartes? > > Am Montag 06 Dezember 2010, um 19:44:58 schrieb Martin Paljak: > > Hello, > > > > On Dec 6, 2010, at 8:13 PM, Andreas Jellinghaus wrote: > > > Personally I'd be interested in: > > > * cheap jcop cards (contact only, dual interface, or > > > > > > as cheap usb stick). and of course resellers that sell > > > them at reasonable price (low quantities, like only one or > > > only five). > > > > Why JCOP? Which version of JCOP, why not some other JavaCard? > > ok,I should have written javacard. So far I only know jcop - > and any other card (preferable with a public documentation, > not the JCOP secret+NDA stuff) would be nice. > > > How cheap is cheap? > > cardomatic sells single pki cards starting at 12€ > (10 cost 9€ each). jcop dual interface starting at 19.80€. > that is the best offer I know so far (most companies are only > interested in volume sale so I'm happy there are few retailers > selling single cards at all). > > so "cheap" would be 20%+ less than that. after all in volume > cards are sold at cents, not euros (with volume ~ 10⁵). > > Regards, Andreas > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] win32: path to OpenSC windows registers
Nikolay Elenkov wrote: > On 2010/12/07 16:03, Martin Paljak wrote: > >> On Dec 7, 2010, at 4:41 AM, Nikolay Elenkov wrote: >> >> >>> On 2010/12/07 2:36, Viktor TARASOV wrote: >>> >>> > [1] > http://www.opensc-project.org/opensc/wiki/WindowsInstaller#PossibleinstallerstepsWindowsenvironmentdescription > > Here the OpenSC dlls are installed into 'system32'. Can an alternative method, like changing of the 'PATH' variable, be also acceptable (for MSI)? >>> This is bad, bad, bad. Especially since it also copies the OpenSSL dll in >>> system32, and that breaks a lot of things. It should install in the main >>> directory under c:\Program Files/ and add the bin directory to the PATH. >>> >> Some software is very picky about the location from where it wants to load >> certain modules, cryptographic modules being one of those things. >> >> > > > Any specific examples? Both Firefox and Thunderbird work just fine with > PKCS#11 > on the PATH, and not in System32. Copying stuff in system32 was deprecated > ages > ago. There is nothing special about a PKCS#11 DLL: unlike a Windows CSP, it is > not signed, there aren't any special check AFAIK (at least in Mozilla > software). > The Gemalto and Oberthur (in the recent versions) middlewares install their DLLs into the 'Program Files'. My hidden motivation to do the same for the OpenSC MSI is that I do not managed to build the MSI that un-installs the DLLs installed in system32. The update and un-update of the PATH variable works remarkably good. -- Viktor Tarasov ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
