Re: [opensc-devel] Integrating p11-kit into pkcs11-helper?
So Stef, How do you want to proceed? On Thu, Aug 4, 2011 at 7:58 PM, Alon Bar-Lev alon.bar...@gmail.com wrote: 2011/8/4 Jean-Michel Pouré - GOOZE jmpo...@gooze.eu: Le lundi 01 août 2011 à 14:11 +0200, Stef Walter a écrit : * Initializing modules via p11-kit so that refcounting, and pInitArgs stuff works if more than one app/library in the same process uses a PKCS#11 module. * Safe forking (pkcs11-helper already does this, but p11-kit forking stuff integrates with the initialization refcounting). IMHO, the biggest stopper in the spread of OpenSC is the inability to handle several sessions on a smartcard reliably. I mean without special development in the application client side. So if p11-kit solves this multiple-access issue, this would great. Do you think p11-kit would solve the issues for: * OpenVPN * Iceweasel / Firefox This is core issue of OpenSC and should be solved within the core of OpenSC. Aka - stateless card access. Alon. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Cryptotech Setcos card signing problem
-Original Message- From: Douglas E. Engert [mailto:deeng...@anl.gov] Sent: Friday, August 12, 2011 4:55 PM To: TMS Brokers / Łukasz Kościesza Cc: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] Cryptotech Setcos card signing problem Developers, Could this be a card that is enforcing user_consent. i.e. CKA_ALWAYS_AUTHENTICATIE and the pkcs11-tool is not doing this? The one card I know that does enforce it (newewr PIV cards), requires the sign operation to be preceeded immediatley by the presentation of the pin. Łukasz, Can you look at your trace and see if any other operations are sent to the card between these too? Hi all, Were my log information helpful? Anyone has any ideas what is wrong here? Regards Łukasz ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Problem with Gemplus GemXpresso Pro R3 E32 PK
Hello, I have a Brazilian e-cnpj certisign certificate. The card is a Gemplus GemXpresso Pro R3 E32 PK. I'm trying to get this work in linux, but i'm having some errors. It works on windows. Can anyone help me? If you need aditional commands just ask me. Thanks a lot ! Here is the output of the command: # pkcs15-tool --list-certificates - 0x7f9422606720 13:39:54.725 [pkcs15-tool] sc.c:195:sc_detect_card_presence: called 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:364:pcsc_detect_card_presence: called 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:277:refresh_attributes: ACS ACR 38U-CCID 00 00 check 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:293:refresh_attributes: returning with: 0 (Success) 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:369:pcsc_detect_card_presence: returning with: 1 0x7f9422606720 13:39:54.725 [pkcs15-tool] sc.c:200:sc_detect_card_presence: returning with: 1 Using reader with a card: ACS ACR 38U-CCID 00 00 0x7f9422606720 13:39:54.725 [pkcs15-tool] sc.c:195:sc_detect_card_presence: called 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:364:pcsc_detect_card_presence: called 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:277:refresh_attributes: ACS ACR 38U-CCID 00 00 check 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:293:refresh_attributes: returning with: 0 (Success) 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:369:pcsc_detect_card_presence: returning with: 1 0x7f9422606720 13:39:54.725 [pkcs15-tool] sc.c:200:sc_detect_card_presence: returning with: 1 Connecting to card in reader ACS ACR 38U-CCID 00 00... 0x7f9422606720 13:39:54.725 [pkcs15-tool] card.c:115:sc_connect_card: called 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:444:pcsc_connect: called 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:277:refresh_attributes: ACS ACR 38U-CCID 00 00 check 0x7f9422606720 13:39:54.725 [pkcs15-tool] reader-pcsc.c:293:refresh_attributes: returning with: 0 (Success) 0x7f9422606720 13:39:54.728 [pkcs15-tool] reader-pcsc.c:473:pcsc_connect: Initial protocol: T=0 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:829:match_atr_table: ATR : 3b:7a:94:00:00:80:65:a2:01:01:01:3d:72:d6:43 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:a8 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:56:1b:16:83:01:90:00:86 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:01:90:00:e1 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:0f:90:00:ef 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:840:match_atr_table: ATR try : 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:843:match_atr_table: ignored - wrong length 0x7f9422606720 13:39:54.728 [pkcs15-tool] card.c:829:match_atr_table: ATR :
Re: [opensc-devel] Cryptotech Setcos card signing problem
Hello, Le 15/08/2011 12:40, TMS Brokers / Łukasz Kościesza a écrit : Were my log information helpful? Anyone has any ideas what is wrong here? Can you set 'lock_login = true' in the pkcs11 section of opensc.conf and re-try? Regards Łukasz Kind wishes, Viktor. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel