Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread francois . leblanc 


opensc-devel-boun...@lists.opensc-project.org a écrit sur 11/01/2011 
18:18:18 :

> [image supprimée] 
> 
> Re: [opensc-devel] Consistence between the OpenSC and proprietary 
drivers
> 
> Douglas E. Engert 
> 
> A :
> 
> opensc-devel
> 
> 11/01/2011 18:19
> 
> Envoyé par :
> 
> opensc-devel-boun...@lists.opensc-project.org
> 
> 
> 
> On 1/11/2011 2:39 AM, francois.lebl...@cev-sa.com wrote:
> > Hello,
> >
> > I come back after some holidays so sorry if I missing some things or
> > answers.
> >
> > First I've seen talk about gina used in XP and it's obsolete since 
this
> > change in Vista and 7.
> >
> > Second for use smart card you can build your own CSP/KSP or use 
minidriver
> > a subset of
> >
> > CSP/KSP managing smart card only and not providing all cryptographics
> > fonctions.
> >
> > If you want to develop a CSP/KSP you can make it like a  pkcs11 
bridge,
> > the main trouble is
> >
> > the need to sign this module. The second way use a minidriver with 
BaseCsp
> > witch provide a basic
> >
> > CSP/KSP that you complete with your minidriver witch access the card
> > functionnalities (certificats
> >
> > management, cryptographics functions, etc etc). There are two problems
> > with this, first you need to
> >
> > understand how minidriver work (
> > http://www.opensc-project.org/opensc/wiki/MiniDriver) second
> >
> > the BaseCsp module take the hand on card so your software must be
> > throw/call with the handle of
> >
> > smart card under pcsc...
> >
> >
> > I've started to develop such minidriver for opensc, see cardmod (card
> > module), and successfully have
> >
> > smartcard use on windows with tools like certutil.exe, but for now 
I've
> > not be able to log on with opensc
> >
> > and smartcard.
> 
> After reading the wiki, I see you say you need the the OpenSC libs in 
your
> path. But during login there is no user yet, and there is no HKCU 
registry
> hive available and so I don't think the PATH is set either. So your 
problem
> might be it can't find the libs.
> 
> Have you tried putting the OpenSC libs under windows\system32?

I don't try this, but trainee that make some tests and manage to start 
login, 

but server refuse the certificat (don't have exactly the cause). 

So I guess that opensc successfully start... 


The best way is to have a one build dll carmod.dll without need of 
external dll

(libtool, etc...) and put it in system32.


> 
> Can you get any debug output from opensc.dll?
> by adding in opensc.conf debuf_file= to some file that is writable 
> by everyone?
> There is also no stdout or stderr, so debug has to be to a file.
> 
> If you are on a 64 bit windows machine, does it need a 64-bit opensc?


I don't known.


> 
> >
> >
> > For now, Cardmod  is a good start for use of opens under windows but 
still
> > to be improve since some
> >
> > functions missing like:
> >
> > - Avaibility writing certificats with cardmod (today use smartcard 
already
> > initialised by other way)
> > - Logon (Missing flags on certificats or some needed functions not
> > implemented yet?)
> >
> >
> > Hope I've give some usefull elements,
> >
> > Regards,
> >
> > François.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > De :
> > Jean-Michel Pouré - GOOZE
> > A:
> > opensc-devel@lists.opensc-project.org
> > Date:
> > 10/01/2011 19:54
> > Objet :
> > Re: [opensc-devel] Consistence between the OpenSC and proprietary 
drivers
> > Envoyé par :
> > opensc-devel-boun...@lists.opensc-project.org
> >
> >
> >
> > Le lundi 10 janvier 2011 à 11:13 -0600, Douglas E. Engert a écrit :
> >> Google for "Windows Vista Smart Card Infrastructure"
> >> There was a 67 page document from 2007 that could be interesting.
> >
> > Thanks a lot. Highly interesting.
> 
> -- 
> 
>   Douglas E. Engert  
>   Argonne National Laboratory
>   9700 South Cass Avenue
>   Argonne, Illinois  60439
>   (630) 252-5444
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Misleading information about capabilities of readers

2011-01-11 Thread Andre Zepezauer 
Hello,

the wiki page of MyEID [1] contains the following paragraph:

"Many readers don't support receiving the default amount of data (254).
Problems will only appear when reading larger files from the card (e.g.
certificates). So if you have problems with reading the card with no
apparent reason, try to set this to e.g. 192, to be on the safe side.
You can then try to iterate to find the maximum for your card reader."

That statement is simply wrong, because every USB reader can handle
Short-APDUs of every size. For that reason no other card has similar
problems.

If there are readers that don't work properly with MyEID, then list them
explicitly by name. That would definitely of more help to users then
such a vague statement like "Many readers don't support [...]".

Regards
Andre

[1] http://www.opensc-project.org/opensc/wiki/MyEID





___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Jean-Michel Pouré - GOOZE 
Le mardi 11 janvier 2011 à 20:53 +0100, Ludovic Rousseau a écrit :
> After insertion of the reader?

I don't know. I would say before insertion.

There is always a short delay between the time that you insert the token
or smartcard+reader, and you can run commands like pkcs15-tool. I did
not try to calculate the time, but it seems to me a little bit longer
since pcscd is running from libhal.

I am comparing my own user experience. Before, when pcscd was always
running, I would be able to run commands instantly. Now, I may need to
wait about 1 second.

But I prefer pcscd running from libhal, it is more interesting.

-- 
  Jean-Michel Pouré - Gooze - http://www.gooze.eu

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Ludovic Rousseau 
Le 11 janvier 2011 17:36, Jean-Michel Pouré - GOOZE  a écrit :
> Le mardi 11 janvier 2011 à 17:14 +0200, Martin Paljak a écrit :
>> You are talking about readers (or USB tokens) here, not cards.
>> Nevertheless, this is not a hang but a delay.
>
> I am talking about readers.
>
> pcsc-lite 1.6.0 now starts with udev,

No. udev is not used.
libhal is used by pcscd.

> and therefore there is a (very) short delay
> before the smartcard system is ready for use after insertion.
>
> I don't know whether this is related to your issue,
> but we noticed a short 1 / 2 seconds delay before you can use the
> smartcard reader upon insertion.

After insertion of the reader?

I just tried with a Feitian SCR310 reader and a Feitian PKI card. I
get the card ATR 528 ms after reader connection.
Using the same card and a Gemalto GemPC Twin I get the ATR after only 325 ms.

If you have a 1/2 seconds delay please report a pcscd trace. Generate
the trace on the terminal and cut-n-paste it so I get the delay in the
first column of log with the time delta.

Bye

-- 
 Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread Douglas E. Engert 


On 1/11/2011 2:39 AM, francois.lebl...@cev-sa.com wrote:
> Hello,
>
> I come back after some holidays so sorry if I missing some things or
> answers.
>
> First I've seen talk about gina used in XP and it's obsolete since this
> change in Vista and 7.
>
> Second for use smart card you can build your own CSP/KSP or use minidriver
> a subset of
>
> CSP/KSP managing smart card only and not providing all cryptographics
> fonctions.
>
> If you want to develop a CSP/KSP you can make it like a  pkcs11 bridge,
> the main trouble is
>
> the need to sign this module. The second way use a minidriver with BaseCsp
> witch provide a basic
>
> CSP/KSP that you complete with your minidriver witch access the card
> functionnalities (certificats
>
> management, cryptographics functions, etc etc). There are two problems
> with this, first you need to
>
> understand how minidriver work (
> http://www.opensc-project.org/opensc/wiki/MiniDriver) second
>
> the BaseCsp module take the hand on card so your software must be
> throw/call with the handle of
>
> smart card under pcsc...
>
>
> I've started to develop such minidriver for opensc, see cardmod (card
> module), and successfully have
>
> smartcard use on windows with tools like certutil.exe, but for now I've
> not be able to log on with opensc
>
> and smartcard.

After reading the wiki, I see you say you need the the OpenSC libs in your
path. But during login there is no user yet, and there is no HKCU registry
hive available and so I don't think the PATH is set either. So your problem
might be it can't find the libs.

Have you tried putting the OpenSC libs under windows\system32?

Can you get any debug output from opensc.dll?
by adding in opensc.conf debuf_file= to some file that is writable by everyone?
There is also no stdout or stderr, so debug has to be to a file.

If you are on a 64 bit windows machine, does it need a 64-bit opensc?

>
>
> For now, Cardmod  is a good start for use of opens under windows but still
> to be improve since some
>
> functions missing like:
>
> - Avaibility writing certificats with cardmod (today use smartcard already
> initialised by other way)
> - Logon (Missing flags on certificats or some needed functions not
> implemented yet?)
>
>
> Hope I've give some usefull elements,
>
> Regards,
>
> François.
>
>
>
>
>
>
>
>
>
> De :
> Jean-Michel Pouré - GOOZE
> A:
> opensc-devel@lists.opensc-project.org
> Date:
> 10/01/2011 19:54
> Objet :
> Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers
> Envoyé par :
> opensc-devel-boun...@lists.opensc-project.org
>
>
>
> Le lundi 10 janvier 2011 à 11:13 -0600, Douglas E. Engert a écrit :
>> Google for "Windows Vista Smart Card Infrastructure"
>> There was a 67 page document from 2007 that could be interesting.
>
> Thanks a lot. Highly interesting.

-- 

  Douglas E. Engert  
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread Jean-Michel Pouré - GOOZE 
Le mardi 11 janvier 2011 à 15:50 +0100, Jan Just Keijser a écrit :
> The Feitian cards work with the OpenSC driver
> The Feitian cards also work with the proprietary driver from Feitian 
> itself, in a way that is almost 100% compatible with OpenSC.
> How did the Feitian driver writers achieve this compatibility? Is
> their 
> driver perhaps based on OpenSC code, or did they merely follow the 
> specifications? If it *is* based on the OpenSC codebase, then what
> about 
> GPL licencing? 

Please don't make any illegitimate assertion.

Please note GOOZE are just a distributor, we cannot speak for Feitian,
this is my personal opinion:

My opinion is that Feitian made a standard smartcard, to answer a market
need for standard tools. The Feitian PKI is a fully native PKCS#15 card.
This is why it works so well with OpenSC, which is designed for native
cards.

That's it.

Kind regards,
-- 
  Jean-Michel Pouré - Gooze - http://www.gooze.eu

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo

2011-01-11 Thread Martin Paljak 

On Jan 11, 2011, at 6:21 PM, Mr Dash Four wrote:

> 
>>> Something like that might actually warrant a new point release of opensc 
>>> to make sure Linux distros pick up the fix.
>>> 
>> 
>> Having a point release for every single bug fix would be overkill. So
>> the question is, what's the best approach to quickly distribute
>> important fixes? What would fit the workflow of the package maintainers?
>> Any suggestions?
>> 
> May be distribute a patch with the fix directly with the various 
> distributors and make a 'dash' release (i.e. 12.0-2) - at least that is 
> how it works, I think, with FC.
The first thing would be an easy way to track real regressions, it would be 
nice if they could be gathered to Trac, so that actual changesets required to 
fix regressions (or other small things) could be tracked.

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Jean-Michel Pouré - GOOZE 
Le mardi 11 janvier 2011 à 17:14 +0200, Martin Paljak a écrit :
> You are talking about readers (or USB tokens) here, not cards.
> Nevertheless, this is not a hang but a delay. 

I am talking about readers.

pcsc-lite 1.6.0 now starts with udev, 
and therefore there is a (very) short delay
before the smartcard system is ready for use after insertion.

I don't know whether this is related to your issue,
but we noticed a short 1 / 2 seconds delay before you can use the
smartcard reader upon insertion.

What is your pcsc-lite version?

-- 
  Jean-Michel Pouré - Gooze - http://www.gooze.eu

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo

2011-01-11 Thread Mr Dash Four 

>> Something like that might actually warrant a new point release of opensc 
>> to make sure Linux distros pick up the fix.
>> 
>
> Having a point release for every single bug fix would be overkill. So
> the question is, what's the best approach to quickly distribute
> important fixes? What would fit the workflow of the package maintainers?
> Any suggestions?
>   
May be distribute a patch with the fix directly with the various 
distributors and make a 'dash' release (i.e. 12.0-2) - at least that is 
how it works, I think, with FC.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread Martin Paljak 
Hello,
On Jan 11, 2011, at 4:50 PM, Jan Just Keijser wrote:
> I've been reading this discussion and a question comes to mind.
> 
> The Feitian cards work with the OpenSC driver
> The Feitian cards also work with the proprietary driver from Feitian 
> itself, in a way that is almost 100% compatible with OpenSC.
> How did the Feitian driver writers achieve this compatibility? Is their 
> driver perhaps based on OpenSC code, or did they merely follow the 
> specifications? If it *is* based on the OpenSC codebase, then what about 
> GPL licencing?
> 
> Just a thought,
OpenSC should strive for PKCS#15, which is a public spec and which should be an 
encouraged standard to any other software vendor.
The card is proprietary, so the functioning of the code in OpenSC is hard to 
judge from basic review, what it does and how it related to "pure" PKCS#15 (and 
ISO-7816-X) etc.
I don't see (at least obvious) signs of OpenSC code re-use inside the Windows 
CSP, based on strings.

But thanks for bringing up the subject, I just reviewed the CSP binary and 
there *is* one licensing problem with it:
The CSP makes use of "OpenSSL 0.9.8j 07 Jan 2009" without mentioning it 
anywhere in the documentation or website, as it is (AFAIK) required by the 
OpenSSL license.

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo

2011-01-11 Thread Andre Zepezauer 
On Tue, 2011-01-11 at 16:17 +0200, Kalev Lember wrote:
> On 01/11/2011 03:28 PM, Aventra development wrote:
> > Hi,
> >
> > Thank you very much! This fixed the problem, could it be committed to the 
> > trunk?
> > Too bad the release was already done, but when is the next one, so that 
> > this fix could be included.
> > Getting this to the Linux distributions would be even more important.
> 
> Something like that might actually warrant a new point release of opensc 
> to make sure Linux distros pick up the fix.

Having a point release for every single bug fix would be overkill. So
the question is, what's the best approach to quickly distribute
important fixes? What would fit the workflow of the package maintainers?
Any suggestions?

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo

2011-01-11 Thread Martin Paljak 
Hello,
On Jan 10, 2011, at 11:21 AM, Aventra development wrote:
> I have been testing the new release and sadly found a braking change that 
> causes cards that are not initialized with (the current version of) OpenSC to 
> result in the message “Unsupported card”. The cause is the token info (5032 
> file). There is some element that OpenSC requires, otherwise it results in 
> “Unsupported Card”.
It would be good if you could file such things as "regression" type tickets on 
Trac if you find such issues in the future.

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread Jan Just Keijser 
Hi all,

Viktor TARASOV wrote:
> On 11.01.2011 09:23, Xiaoshuo Wu wrote:
>   
>> On Mon, 10 Jan 2011 16:50:37 +0800, Viktor TARASOV 
>>  wrote:
>>
>> 
>>> Do we have any chance to influence the card producer and to change behavior 
>>> of their middlewares ?
>>> If so, then it make a sense to wait.
>>>   
>> OpenSC compatibility is an important feature in Feitian's current middleware.
>> New model will also be OpenSC compatible.
>>
>> 
>
> Sun is really raising in the East.
>
>   

I've been reading this discussion and a question comes to mind.

The Feitian cards work with the OpenSC driver
The Feitian cards also work with the proprietary driver from Feitian 
itself, in a way that is almost 100% compatible with OpenSC.
How did the Feitian driver writers achieve this compatibility? Is their 
driver perhaps based on OpenSC code, or did they merely follow the 
specifications? If it *is* based on the OpenSC codebase, then what about 
GPL licencing?

Just a thought,

JJK

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Martin Paljak 
2011/1/11 Jean-Michel Pouré - GOOZE :
> Le mardi 11 janvier 2011 à 08:48 -0600, Brian Thomas a écrit :
>> Sometimes I can return information about the card instantaneously, for
>> example "opensc-tool -n" or "pkcs15-tool -D" but most of the time the
>> commands just hang.
>
> What are your PC/SC Lite and libccid versions?
> The latest version of PC/SC lite offers udev support.
>
> So, after inserting the card, I noticed it could take take 1-2 seconds
> before PC/SC daemon is running.

You are talking about readers (or USB tokens) here, not cards.
Nevertheless, this is not a hang but a delay.

> There is a bug described and fixed in OepnSC SVN, which targets blank
> cards.
Which one?
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Jean-Michel Pouré - GOOZE 
Le mardi 11 janvier 2011 à 08:48 -0600, Brian Thomas a écrit :
> Sometimes I can return information about the card instantaneously, for
> example "opensc-tool -n" or "pkcs15-tool -D" but most of the time the
> commands just hang.  

What are your PC/SC Lite and libccid versions?
The latest version of PC/SC lite offers udev support.

So, after inserting the card, I noticed it could take take 1-2 seconds
before PC/SC daemon is running.

There is a bug described and fixed in OepnSC SVN, which targets blank
cards. But I could not reproduce any problem with the Feitian PKI.

Kind regards,
-- 
  Jean-Michel Pouré - Gooze - http://www.gooze.eu

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Martin Paljak 

On Jan 11, 2011, at 4:48 PM, Brian Thomas wrote:

> Hello:
> 
> I am trying to get the Feitian FTCOS/PK-01C smart card to work with OpenSC 
> version 12 and far my observations have been very intermittent communication. 
>  Sometimes I can return information about the card instantaneously, for 
> example "opensc-tool -n" or "pkcs15-tool -D" but most of the time the 
> commands just hang.  The same observation applies to erasing the card, 
> creating a PKCS15 file system, installing certificates, and installing keys.  
> I have tried two different smart cards using two different readers with the 
> same behavior.  Does anybody have any words of wisdom?

Are you sure that the command line utilities are the only applications 
accessing the reader(or card in it) ?

Are you sure that you don't have competing smart card reader drivers (OpenCT 
and pcsc-lite) installed?
-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Jean-Michel Pouré - GOOZE 
Le mardi 11 janvier 2011 à 08:48 -0600, Brian Thomas a écrit :
> 
> I am trying to get the Feitian FTCOS/PK-01C smart card to work with
> OpenSC version 12 and far my observations have been very intermittent
> communication.  Sometimes I can return information about the card
> instantaneously, for example "opensc-tool -n" or "pkcs15-tool -D" but
> most of the time the commands just hang.  The same observation applies
> to erasing the card, creating a PKCS15 file system, installing
> certificates, and installing keys.  I have tried two different smart
> cards using two different readers with the same behavior.  Does
> anybody have any words of wisdom? 

What reader have you been using?

Kind regards,
-- 
  Jean-Michel Pouré - Gooze - http://www.gooze.eu

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Feitian FTCOS/PK-01C intermittent Communication

2011-01-11 Thread Brian Thomas 
Hello:

I am trying to get the Feitian FTCOS/PK-01C smart card to work with OpenSC 
version 12 and far my observations have been very intermittent communication.  
Sometimes I can return information about the card instantaneously, for example 
"opensc-tool -n" or "pkcs15-tool -D" but most of the time the commands just 
hang.  The same observation applies to erasing the card, creating a PKCS15 file 
system, installing certificates, and installing keys.  I have tried two 
different smart cards using two different readers with the same behavior.  Does 
anybody have any words of wisdom?

Thanks,
Brian Thomas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo

2011-01-11 Thread Kalev Lember 
On 01/11/2011 03:28 PM, Aventra development wrote:
> Hi,
>
> Thank you very much! This fixed the problem, could it be committed to the 
> trunk?
> Too bad the release was already done, but when is the next one, so that this 
> fix could be included.
> Getting this to the Linux distributions would be even more important.

Something like that might actually warrant a new point release of opensc 
to make sure Linux distros pick up the fix.

Regards,
Kalev
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo

2011-01-11 Thread Aventra development 
Hi,

Thank you very much! This fixed the problem, could it be committed to the trunk?
Too bad the release was already done, but when is the next one, so that this 
fix could be included.
Getting this to the Linux distributions would be even more important.

Thanks,
Toni

> -Original Message-
> From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de]
> Sent: 10. tammikuuta 2011 16:24
> 
> This patch should fix it:
> 
> Index: libopensc/pkcs15.c
> ===
> --- libopensc/pkcs15.c(revision 5078)
> +++ libopensc/pkcs15.c(working copy)
> @@ -42,8 +42,8 @@
>   { "algorithmPKCS#11",   SC_ASN1_INTEGER,SC_ASN1_TAG_INTEGER,
>   0, NULL, NULL },
>   { "parameters", SC_ASN1_NULL,   SC_ASN1_TAG_NULL,   
> 0,
> NULL, NULL },
>   { "supportedOperations",SC_ASN1_BIT_FIELD,  SC_ASN1_TAG_BIT_STRING,
>   0, NULL, NULL },
> - { "objId",  SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, 
> 0,
> NULL, NULL },
> - { "algRef", SC_ASN1_INTEGER,SC_ASN1_TAG_INTEGER,
> 0,
> NULL, NULL },
> + { "objId",  SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT,
>   SC_ASN1_OPTIONAL, NULL, NULL },
> + { "algRef", SC_ASN1_INTEGER,SC_ASN1_TAG_INTEGER,
>   SC_ASN1_OPTIONAL, NULL, NULL },
>   { NULL, 0, 0, 0, NULL, NULL }
>  };
> 
> On Mon, 2011-01-10 at 11:21 +0200, Aventra development wrote:
> > Hi,
> >
> >
> >
> > I have been testing the new release and sadly found a braking change
> > that causes cards that are not initialized with (the current version
> > of) OpenSC to result in the message “Unsupported card”. The cause is
> > the token info (5032 file). There is some element that OpenSC
> > requires, otherwise it results in “Unsupported Card”.
> >
> >
> >
> > Previously OpenSC worked well with cards not initialized with it, but
> > now it seems that it does not. Does anybody know what changed and why?
> >
> > I tried to browse the source and the changes, but did not manage to
> > track it back to any change that affected this… I’m not even sure when
> > this change has been done, but somewhere between versions 0.11.13 and
> > 0.12.0.
> >
> >
> >
> > Any help would be appreciated. Below is a log that shows the error and
> > the content of the tokenInfo file. The major difference is that cards
> > not initialized by OpenSC does not have the lastUpdate value.
> >
> >
> >
> > Debug log and below that there is a more detailed log about ASN.1
> > parsing:
> >
> >
> >
> > 2011-01-05 12:26:07.066 [pkcs15-tool] card.c:548:sc_select_file:
> > called; type=2, path=3f0050155032
> >
> > 2011-01-05 12:26:07.066 [pkcs15-tool]
> > card-myeid.c:202:myeid_select_file: called
> >
> >
> >
> > 2011-01-05 12:26:07.066 [pkcs15-tool] apdu.c:527:sc_transmit_apdu:
> > called
> >
> > 2011-01-05 12:26:07.066 [pkcs15-tool] card.c:295:sc_lock: called
> >
> > 2011-01-05 12:26:07.081 [pkcs15-tool] reader-pcsc.c:242:pcsc_transmit:
> > reader 'O2 O2Micro CCID SC Reader 0'
> >
> > 2011-01-05 12:26:07.081 [pkcs15-tool] apdu.c:187:sc_apdu_log:
> >
> > Outgoing APDU data [   10 bytes] =
> >
> > 00 A4 08 00 04 50 15 50 32 FF .P.P2.
> >
> > ==
> >
> > 2011-01-05 12:26:07.081 [pkcs15-tool]
> > reader-pcsc.c:175:pcsc_internal_transmit: called
> >
> > 2011-01-05 12:26:07.175 [pkcs15-tool] apdu.c:187:sc_apdu_log:
> >
> > Incoming APDU data [   27 bytes] =
> >
> > 6F 17 80 02 00 46 82 01 01 83 02 50 32 86 03 03 oF.P2...
> >
> > 3F FF 85 02 00 00 8A 01 07 90 00?..
> >
> > ==
> >
> > 2011-01-05 12:26:07.175 [pkcs15-tool] card.c:329:sc_unlock: called
> >
> > 2011-01-05 12:26:07.175 [pkcs15-tool]
> > card-myeid.c:240:myeid_process_fci: called
> >
> >
> >
> > 2011-01-05 12:26:07.191 [pkcs15-tool]
> > iso7816.c:304:iso7816_process_fci: processing FCI bytes
> >
> > 2011-01-05 12:26:07.191 [pkcs15-tool]
> > iso7816.c:309:iso7816_process_fci:   file identifier: 0x5032
> >
> > 2011-01-05 12:26:07.191 [pkcs15-tool]
> > iso7816.c:316:iso7816_process_fci:   bytes in file: 70
> >
> > 2011-01-05 12:26:07.191 [pkcs15-tool]
> > iso7816.c:335:iso7816_process_fci:   shareable: no
> >
> > 2011-01-05 12:26:07.191 [pkcs15-tool]
> > iso7816.c:355:iso7816_process_fci:   type: working EF
> >
> > 2011-01-05 12:26:07.206 [pkcs15-tool]
> > iso7816.c:357:iso7816_process_fci:   EF structure: 1
> >
> > 2011-01-05 12:26:07.206 [pkcs15-tool]
> > card-myeid.c:256:myeid_process_fci: id (5032) sec_attr (3 3F FF)
> >
> > 2011-01-05 12:26:07.206 [pkcs15-tool]
> > card-myeid.c:269:myeid_process_fci: File id (5032) status
> > SC_FILE_STATUS_ACTIVATED (0x7)
> >
> > 2011-01-05 12:26:07.222 [pkcs15-tool]
> > card-myeid.c:274:myeid_process_fci: returning wit

Re: [opensc-devel] Creation of card pkcs#15 structure

2011-01-11 Thread Viktor TARASOV 

Hello,

On 11.01.2011 13:32, Aventra development wrote:

What do you think about the possibility that when a card is initialized using 
pkcs15-init that it would create the whole structure that is defined in the 
profile used.
Currently it only creates the necessary files during initialization, but not 
any private or public key DIR files etc, that are essential when actually using 
the card.


It can be and, imho, has to be done.
There is no need of additional configuration option --
condition to create xDF files during initialization is its 'CREATE' operation 
protected by SOPIN.

In your profile, do you have different 'CREATE' ACLs for xDF and object data 
(for ex. certificates) files?



After initialization the SO-PIN might not be given to the end user, since it 
might give them too much power over the card content and accidentally might 
mess it up.

Kind regards,
Toni


Kind wishes,
Viktor.





___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel



--
Viktor Tarasov 
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Creation of card pkcs#15 structure

2011-01-11 Thread Aventra development 
Hi,

 

What do you think about the possibility that when a card is initialized
using pkcs15-init that it would create the whole structure that is defined
in the profile used.

Currently it only creates the necessary files during initialization, but not
any private or public key DIR files etc, that are essential when actually
using the card.

 

After initialization the SO-PIN might not be given to the end user, since it
might give them too much power over the card content and accidentally might
mess it up.

 

Kind regards,

Toni

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread Viktor TARASOV 
On 11.01.2011 09:23, Xiaoshuo Wu wrote:
> On Mon, 10 Jan 2011 16:50:37 +0800, Viktor TARASOV 
>  wrote:
>
>> Do we have any chance to influence the card producer and to change behavior 
>> of their middlewares ?
>> If so, then it make a sense to wait.
> OpenSC compatibility is an important feature in Feitian's current middleware.
> New model will also be OpenSC compatible.
>

Sun is really raising in the East.

-- 
Viktor Tarasov  

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread francois . leblanc 
Hello,

I come back after some holidays so sorry if I missing some things or 
answers.

First I've seen talk about gina used in XP and it's obsolete since this 
change in Vista and 7.

Second for use smart card you can build your own CSP/KSP or use minidriver 
a subset of

CSP/KSP managing smart card only and not providing all cryptographics 
fonctions.

If you want to develop a CSP/KSP you can make it like a  pkcs11 bridge, 
the main trouble is

the need to sign this module. The second way use a minidriver with BaseCsp 
witch provide a basic

CSP/KSP that you complete with your minidriver witch access the card 
functionnalities (certificats 

management, cryptographics functions, etc etc). There are two problems 
with this, first you need to 

understand how minidriver work (
http://www.opensc-project.org/opensc/wiki/MiniDriver) second 

the BaseCsp module take the hand on card so your software must be 
throw/call with the handle of 

smart card under pcsc...


I've started to develop such minidriver for opensc, see cardmod (card 
module), and successfully have

smartcard use on windows with tools like certutil.exe, but for now I've 
not be able to log on with opensc 

and smartcard.


For now, Cardmod  is a good start for use of opens under windows but still 
to be improve since some

functions missing like:

- Avaibility writing certificats with cardmod (today use smartcard already 
initialised by other way)
- Logon (Missing flags on certificats or some needed functions not 
implemented yet?)


Hope I've give some usefull elements,

Regards,

François.

 
 






De :
Jean-Michel Pouré - GOOZE 
A:
opensc-devel@lists.opensc-project.org
Date:
10/01/2011 19:54
Objet :
Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers
Envoyé par :
opensc-devel-boun...@lists.opensc-project.org



Le lundi 10 janvier 2011 à 11:13 -0600, Douglas E. Engert a écrit :
> Google for "Windows Vista Smart Card Infrastructure"
> There was a 67 page document from 2007 that could be interesting. 

Thanks a lot. Highly interesting.
-- 
  Jean-Michel Pouré - Gooze - http://www.gooze.eu

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Consistence between the OpenSC and proprietary drivers

2011-01-11 Thread Xiaoshuo Wu 
On Mon, 10 Jan 2011 16:50:37 +0800, Viktor TARASOV  
 wrote:

> On 09.01.2011 12:41, Martin Paljak wrote:
>>> Proprietary card dump:
>>>
>>> PKCS#15 Card [Gooze   ]:
>>> Version: 0
>>> Serial number  : 0834493916261110
>>> Manufacturer ID: www.ftsafe.com
>>> Flags  : Login required
>> This flag should not be used:
>> "login (i.e. authentication) is required before accessing any data".  
>> This should not be used and is incorrect.
>> In fact, the correctness of the flags should be checked against actual  
>> behavior of the card as well as the "wished behavior of the host  
>> software".
>> OpenSC can probably read certificates without any authentication, so  
>> the flag is false.
Maybe use sanity check to do this so as to not affect old cards?

> Do we have any chance to influence the card producer and to change  
> behavior of their middlewares ?
> If so, then it make a sense to wait.
OpenSC compatibility is an important feature in Feitian's current  
middleware.
New model will also be OpenSC compatible.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] ruToken question

2011-01-11 Thread Aktiv Co. Kirill Mescheryakov 
Hello Viktor,

Rutoken device with with vid=0x0a89 and pid=0x0004 is earlier version of Aktiv 
Rutoken S Device.
It contains several errors in PCSC layer and supported only by Aktiv Co. 
proprietary windows drivers and libs.
These devices are not supported by OpenSC. These are not CCID too.

>> On Windows also I do not succeeded to access this token .
>> (I was trying to uses drivers from 
>> http://www.rutoken.ru/hotline/download/drivers/)

This should work.
What is the problem you encountered?

Best regards, Cyril.


From: opensc-devel-boun...@lists.opensc-project.org 
[mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Viktor 
TARASOV
Sent: Monday, January 03, 2011 2:42 PM
Cc: opensc-devel@lists.opensc-project.org
Subject: Re: [opensc-devel] ruToken question

On 03.01.2011 12:24, Martin Paljak wrote:

On Jan 3, 2011 1:06 PM, "Viktor TARASOV" 
mailto:viktor.tara...@opentrust.com>> wrote:
>
> Hi,
>
> can the following device be supported by OpenSC, please?
>
> idVendor=0a89, idProduct=0004
> Mfr=1, Product=2, SerialNumber=0
> Product: ruToken
> Manufacturer: Aktiv Co.
>

Is it CCID? What is the ATR?

I don't know . This device is not actually in the list supported CCID devices.

On Windows also I do not succeeded to access this token .
(I was trying to uses drivers from 
http://www.rutoken.ru/hotline/download/drivers/)



--

Viktor Tarasov 

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel