Re: [opensc-devel] Aladdin 64K 4.2B tokens and OpenSC 0.12.2 Aladdin tokens no longer working?

2011-09-07 Thread Dan Peterson 
Could be.
I have or can create debug logs if anyone is interested. 
I an looking into if this happens on the  MAC code base as well, I think it
does but I am not sure
Once I init the token with the older 11.3 code then I can do some things
from the 12.2. release and the token.
--
Dan

-Original Message-
From: Thomas De Reyck [mailto:tho...@dereyck.eu] 
Sent: Tuesday, September 06, 2011 1:48 PM
To: drpeter...@es.net
Cc: opensc-devel@lists.opensc-project.org
Subject: Re: [opensc-devel] Aladdin 64K 4.2B tokens and OpenSC 0.12.2
Aladdin tokens no longer working?

Hello,

This seems very similar to what I was experiencing with my SmartCafe cards,
however, I haven't found a solution yet either. Perhaps the card detection
is broken for more than one card?

Kind regards,
Thomas

On 6-sep.-2011, at 18:54, Dan Peterson wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
 I have not been able to get this message to get posted to the users 
 list so I thought I might post it here.
 Sorry if I am double posting
 
 - -
 
 I have been using the aladden Etokens for some time now 2-3 yrs.
 I have an older version of opensc (files are dated March 4th 2010) 
 installed on a windows 7 system and it works great I am doing things like:
 
 I recently installed the latest opensc for windows 0.12.2 However; I 
 am not able to create a pkcs15 container anymore (possibly other 
 things as well but I have not gotten there yet.)
 
 With the 0.12.2 code when I do: 
 C:\Program Files\OpenSC Project\OpenSC\toolspkcs15-init 
 --create-pkcs15
 - --use-default-transport-key Using reader with a card: AKS ifdh 0 
 Failed to read PIN: Not supported Failed to create PKCS #15 meta 
 structure: Generic
 PKCS#15 initialization error
 
 C:\Program Files\OpenSC Project\OpenSC\tools
 
 With 0.11.3 code:
 C:\Apps\opensc\binpkcs15-init --create-pkcs15 
 --use-default-transport-key Using reader with a card: AKS ifdh 0 New 
 Security Officer PIN (Optional - press return for no PIN).
 Please enter Security Officer PIN:
 Please type again to verify:
 Unblock Code for New User PIN (Optional - press return for no PIN).
 Please enter User unblocking PIN (PUK):
 Please type again to verify:
 
 C:\Apps\opensc\bin
 
 
 
 -BEGIN PGP SIGNATURE-
 Version: PGP Desktop 10.1.2 (Build 9)
 Charset: us-ascii
 
 wj8DBQFOZlA+5chTNtilRz8RAu4qAKCvXEp9kS49A9L3vCjy9iRct7czYwCbBMAb
 wamcmbryzbQ/HyS3QOzoJdc=
 =9TOn
 -END PGP SIGNATURE-
 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel




PGP.sig
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Aladdin 64K 4.2B tokens and OpenSC 0.12.2 Aladdin tokens no longer working?

2011-09-07 Thread Martin Paljak 
Hello,

On Wed, Sep 7, 2011 at 09:10, Dan Peterson drpeter...@es.net wrote:
 Could be.
I don't think the problem is same by nature.

 I have or can create debug logs if anyone is interested.
 I an looking into if this happens on the  MAC code base as well, I think it
 does but I am not sure

I think it will behave the same. Please provide the logs for success
(0.11) and failure(0.12) as well if possible.

Best,
Martin
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] libp11 engine_pkcs11 support for ECDSA keys

2011-09-07 Thread Douglas E. Engert 


On 9/6/2011 4:53 PM, Felipe Blauth wrote:
 I've tested your mods and they work well =). I can sign and verify with most 
 EC keys (I've tested with p-192, p-224, p-384 and p-521). However I cannot 
 load public keys when using p-521 curves. It
 seems that I can load the private key and sign, but the public key is not 
 loaded.

 I confess that I didn't look much at engine_pkcs11 source code, but if you 
 could give me some appointments I can try to fix that.

It is not clear where the error could be, it could be in the actual
encoding of the public key, or the ASN1 decoding or in in some size limit.
All the other keys are a multiple of 8 bits. The 521 is not,
and thus the asn1 octet would need an extra byte. Look at the
libp11 src/p11_ec.c and pkcs11_get_ec_private() and the ec_pointlen
variable.

Do you have a dump of the public key?

If you are using OpenSC's PKCS#11, you could turn on the OpenSC debug,
by adding to the opensc.conf someting like:
  debug = 7;
  debug_file = /tmp/opensc-debug.log;

You could use the OpenSC pkcs11-spy.so to trace the PKCS#11 calls,
that should show the public key being transfered. This can
work with any PKCS#11 module including the opensc-pkcs11.so

Set the environment variables:

  export PKCS11SPY=/path/to/your/pkcs11.module.so
  export PKCS11SPY_OUTPUT=/tmp/tb.spy.txt


 OpenSSL error is the following, after loading the key:
 error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid 
 encoding

 Regards,

 2011/8/13 Felipe Blauth f...@inf.ufsc.br mailto:f...@inf.ufsc.br

 Thank you, I'll check it out.

 2011/8/12 Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov

 No it has not been incorporated because it requires an OpenSSL
 internal header file ecs_locl.h, thus making it impractical to
 compile in to any package.

 This is a known bug:

 
 http://rt.openssl.org/Ticket/Display.html?id=2459user=guestpass=guest 
 http://rt.openssl.org/Ticket/Display.html?id=2459user=guestpass=guest

 It also appeared on the OpenSSL mailing list.

 The patch should still work. Please try it, and you can
 also add comments to the OpenSSL bug report.


 On 8/12/2011 2:12 PM, Felipe Blauth wrote:
   Hello.
  
   I've started using engine_pkcs11 to access PKCS #11 tokens from 
 OpenSSL EVP_PKEY's trough ENGINE_load_key_type_key methods. It works very 
 well with RSA keys, but it doesn't recognize
 ECDSA keys.
  
   Searching trough the web, I've found that Douglas had a patch for 
 it at 
 http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg07785.html.
  
   Was that ever incorporated? I couldn't find in the latest 
 snapshots.
  
   Thank you very much.
  
   --
   Felipe Menegola Blauth
  
  
  
   ___
   opensc-devel mailing list
   opensc-devel@lists.opensc-project.org 
 mailto:opensc-devel@lists.opensc-project.org
   http://www.opensc-project.org/mailman/listinfo/opensc-devel

 --

   Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov
   Argonne National Laboratory
   9700 South Cass Avenue
   Argonne, Illinois  60439
 (630) 252-5444 tel:%28630%29%20252-5444
 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org 
 mailto:opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel




 --
 Felipe Menegola Blauth




 --
 Felipe Menegola Blauth

-- 

  Douglas E. Engert  deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel