[opensc-devel] Cyberflex 64k not supported issue
Hello all, I found some manuals on how to install MuscleApplet onto Cyberflex card: http://old.nabble.com/Axalto-CyberFlex-64k-tt21931066.html#a21931297 and of course http://www.opensc-project.org/opensc/wiki/Cyberflex It all goes well until the opensc part, when I try to call anything, opensc-explorer or pkcs11-tool, I always get C:\Program Files\OpenSC Project\OpenSCpkcs15-tool -D PKCS#15 binding failed: Unsupported card C:\Program Files\OpenSC Project\OpenSCopensc-explorer OpenSC Explorer version 0.12.0 unable to select MF: Not supported Debug says: 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:185:sc_connect_card: trying driver: javacard 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:785:match_atr_table: ATR : 3b:95:95:40:ff:ae:01:03:00:00 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:796:match_atr_table: ATR try : 3b:db:18:00:80:b1:fe:45:1f:83:00:31:c0:64:c7:fc:10:00:01:90:00:fa 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:799:match_atr_table: ignored - wrong length 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:796:match_atr_table: ATR try : 3b:75:94:00:00:62:02:02:02:01 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:796:match_atr_table: ATR try : 3b:95:95:40:ff:ae:01:03:00:00 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:193:sc_connect_card: matched: JavaCard (without supported applet) 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:232:sc_connect_card: card info: JavaCard (without supported applet), 24001, 0x0 2011-09-06 12:12:37.671 [pkcs15-tool] card.c:233:sc_connect_card: returning with: 0 (Success) So whether Muscle is installed or not, I get same output. What am I missing? -- Jeca ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] ECDSA cards
Hello, I'm trying to use the opensc 0.12.x ECDSA support, to allow ECDSA signing in gnutls via PKCS #11. However I have no such cards to test it. Do you have any suggestion on which card to use? (My only requirement is that it must be obtainable without placing a mass order) regards, Nikos ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ECCN number
Hello, On 06/09/11 09:47, HOURY William wrote: I have been asked the Export Control Classification Number (ECCN) number for OpenSC. Never heard. Does anyone know it ? Should it be 5D002 ? Could be 5D992 as well. If you ever find out from authoritative source please enlighten others as well. This belongs to the wiki, together with licensing information I guess. Best, ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ECDSA cards
On 9/6/2011 6:21 AM, Nikos Mavrogiannopoulos wrote: Hello, I'm trying to use the opensc 0.12.x ECDSA support, to allow ECDSA signing in gnutls via PKCS #11. However I have no such cards to test it. Do you have any suggestion on which card to use? (My only requirement is that it must be obtainable without placing a mass order) The OpenSC ECDSA code was developed using Oberthur ID-One PIV FIPS 201 Validated Dual Interface Smart Card These cards were obtained from Oberthur at about $10 each in small quantities. I do not know their policies on selling to individuals. I know at least one of the other developers obtained some of these cards. I am not sure if the OpenSC ECDSA code was added to any of the other OpenSC card-*.c drivers. It could be, as Gemalto also says their IAS ECC card can do ECDSA, and ECDH, http://www.gemalto.com/products/multiapp_id_ias_ecc/ I have not tried these. If you get any of the PIV cards, I can fill you in on generating keys and signing cert requests using the card. regards, Nikos ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Aladdin 64K 4.2B tokens and OpenSC 0.12.2 Aladdin tokens no longer working?
Hello, This seems very similar to what I was experiencing with my SmartCafe cards, however, I haven't found a solution yet either… Perhaps the card detection is broken for more than one card? Kind regards, Thomas On 6-sep.-2011, at 18:54, Dan Peterson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have not been able to get this message to get posted to the users list so I thought I might post it here. Sorry if I am double posting - - I have been using the aladden Etokens for some time now 2-3 yrs. I have an older version of opensc (files are dated March 4th 2010) installed on a windows 7 system and it works great I am doing things like: I recently installed the latest opensc for windows 0.12.2 However; I am not able to create a pkcs15 container anymore (possibly other things as well but I have not gotten there yet.) With the 0.12.2 code when I do: C:\Program Files\OpenSC Project\OpenSC\toolspkcs15-init --create-pkcs15 - --use-default-transport-key Using reader with a card: AKS ifdh 0 Failed to read PIN: Not supported Failed to create PKCS #15 meta structure: Generic PKCS#15 initialization error C:\Program Files\OpenSC Project\OpenSC\tools With 0.11.3 code: C:\Apps\opensc\binpkcs15-init --create-pkcs15 --use-default-transport-key Using reader with a card: AKS ifdh 0 New Security Officer PIN (Optional - press return for no PIN). Please enter Security Officer PIN: Please type again to verify: Unblock Code for New User PIN (Optional - press return for no PIN). Please enter User unblocking PIN (PUK): Please type again to verify: C:\Apps\opensc\bin -BEGIN PGP SIGNATURE- Version: PGP Desktop 10.1.2 (Build 9) Charset: us-ascii wj8DBQFOZlA+5chTNtilRz8RAu4qAKCvXEp9kS49A9L3vCjy9iRct7czYwCbBMAb wamcmbryzbQ/HyS3QOzoJdc= =9TOn -END PGP SIGNATURE- ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] libp11 engine_pkcs11 support for ECDSA keys
I've tested your mods and they work well =). I can sign and verify with most EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot load public keys when using p-521 curves. It seems that I can load the private key and sign, but the public key is not loaded. I confess that I didn't look much at engine_pkcs11 source code, but if you could give me some appointments I can try to fix that. OpenSSL error is the following, after loading the key: error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding Regards, 2011/8/13 Felipe Blauth f...@inf.ufsc.br Thank you, I'll check it out. 2011/8/12 Douglas E. Engert deeng...@anl.gov No it has not been incorporated because it requires an OpenSSL internal header file ecs_locl.h, thus making it impractical to compile in to any package. This is a known bug: http://rt.openssl.org/Ticket/Display.html?id=2459user=guestpass=guest It also appeared on the OpenSSL mailing list. The patch should still work. Please try it, and you can also add comments to the OpenSSL bug report. On 8/12/2011 2:12 PM, Felipe Blauth wrote: Hello. I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough ENGINE_load_key_type_key methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys. Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg07785.html . Was that ever incorporated? I couldn't find in the latest snapshots. Thank you very much. -- Felipe Menegola Blauth ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Felipe Menegola Blauth -- Felipe Menegola Blauth ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
