Re: [opensc-devel] Fwd: OpenSC 0.12.0 released
> [3] http://www.opensc-project.org/opensc/wiki/ReleaseNotes > That gives me 'Trac Error - Page ReleaseNotes not found' - thought to let you know. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Fixed bug in 0.12.0
On Thu, 2010-12-23 at 09:54 +0200, Martin Paljak wrote: > Hello, > On Dec 23, 2010, at 5:40 AM, Andre Zepezauer wrote: > > On Thu, 2010-12-23 at 03:10 +0100, Peter Stuge wrote: > >>> That bug always occurs if there is an EF (i.e. EF.PrKD, EF.PuKD, EF.SKD) > >>> that contains either broken ASN.1 or uses an encoding that OpenSC isn't > >>> able to decode. The committed message [1] contains all the details about > >>> the bug and the fix. > >> > >> Maybe you can mention something about known failure cases? > > > > A profile that stores some x509Certificates and one pgpCertificate aka > > PGP public key. See PKCS#15 section 6.6 Certificates. > Is it a common scenario? Should this only affect cards which are not > initialized with OpenSC? Interestingly this bug isn't that new. It only becomes triggered now, because the search operation continues on partial failure. It only affects cards which already encountered problems before #266 was fixed. For these cards, the search operation __sc_pkcs15_search_objects() may now return successfully even if decoding of some EFs failed. Continued searches may trigger that bug. The number of effected cards should be small to zero. Cards working flawlessly in the past are not effected. The profile with pgpCertificates is local experimental stuff only. Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] westcos still fakes crypto hardware
Hello,This patch simply break the use of westcos 2ko cards used for key transports facility notfor hight security level...I don't understand why this can be let in place since like I said or I would like said I provide my owncustom build to the users of westcos cards 2ko so it's ok for me if official build don't use openssl ifI can still build with openssl and use software rsa...Regards,François. -Martin Paljak a écrit : -A : francois.lebl...@cev-sa.comDe : Martin Paljak Date : 13/12/2010 13:41cc: opensc-devel@lists.opensc-project.orgObjet : Re: [opensc-devel] westcos still fakes crypto hardwareHello,On Dec 8, 2010, at 9:35 AM, francois.lebl...@cev-sa.com wrote:> For know I don't have patch for removing software operation on westcos,Andre created one, can you see if it works (or document what it breaks) ?> This is needed until westcos with cryptographics becomes available...> > But like I make my own build, I use openssl, you can build without opensslDuring the past ~8 years in Estonia, the most common problem about the security of the ID card (apart from trojans, PIN stealing and other scam schemes) is somebody claiming that "it must be possible to clone an ID card and then steal your house".People use smart cards because they expect it to protect their private keys, IMO this is the most important expectation that needs to be catered for. Until the card comes out with cryptographic capabilities, you can provide your users with a custom-built version or a custom tarball.Cheers,-- @MartinPaljak.net+3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
