Re: [opensc-devel] TaiwanEid
Hello, On 13/09/11 05:35, 周彥江 wrote: I have some TaiwanEid tokens and interesting in OpenSC. How should I make some contribution on the project? I am a C# / Java programmer. Great! Start by updating the wiki [1] with factual information to include relevant bits and pieces (card, ATR, known information/docs (preferably in English) OpenSC is mostly C, so sharpening your C skills might also be useful. For the starters you might follow the procedure on ReportingBugs [2] to get the basic information about your card. Best, Martin [1] http://www.opensc-project.org/opensc/wiki/TaiwanEid [2] http://www.opensc-project.org/opensc/wiki/ReportingBugs ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] PATCH: serbian national EID
Hi, ::: here are two little patches that add basic support for the serbian national EID. I've just committed them as well to my opensc repository fork at github (https://github.com/vigsterkr/OpenSC). any comments/remarks are more than welcome! ::: there's still a lot to debug and implement, e.g pkcs15 support. cheers, viktor 0001-Add-basic-support-for-the-Serbian-National-EID.patch Description: Binary data 0002-Extract-ID-info-from-the-Serbian-EID.patch Description: Binary data ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Questions for first-time CardOS chip acquisition and linux-centric management
Edited a bit for brevity... On Mon, Aug 29, 2011 at 11:59 PM, Martin Paljak mar...@martinpaljak.net wrote: I'm in the process of preparing a migration from Aladdin USB eToken (CardOS 4.2) PKI tokens to credit-card contact chip PKI ID cards with built-in OTP functionality. The vendor has provided me with the specifications for the chips (Infineon SLE66C44PE_0105) which are CardOS based. Most of the time, from OpenSC perspective, the actual chip will be irrelevant as you will be only able to do what has been exposed by the on-card software through the API it provides through APDU-s. For that matter, it could be an ARM9 or caasua x86 chip. Here is some information and a few requirements as I can think of them: - I've already validated that the electronic interface will work with our existing card readers (integrated, and USB). Ask for CCID/ICCD which is supported by the open source driver [1]. That's exactly the sort of advice I was looking for. Thanks! I've forwarded a few more questions to our vendor to get answers to some of these items. - We use 2048 bit RSA keys from certificates generated on an Active Directory (yeah... I know) 2008 R2 infrastructure, and imported onto the cards. The keys are also generated by AD, or just the certificates? Go for onboard key generation if possible. I can be flexible here, but at the moment, AD generates both. Most of our linux servers generate their own certs via OpenSSL, and they just get signed by our AD CA. However, these cards will only deal with user certificates, and eventually allow SSO capabilities via certificate-based logon if I can get everything right. We're already doing that with our USB tokens, so I'm hoping the implementation here will be the same. Here's what I know I need to tell the vendor based on things I have researched from OpenSC sources and my own experiences so far: - I need the chips blank, not pre-initialized. - I need to know what version(s) of CardOS are available for shipment on that chip Why do you insist on using CardOS? Because it's what I'm familiar with, and one of the only ones I know for certain already work with our existing systems thanks to the Aladdin eToken USB NG-OTP tokens we implement. As it stands now, I have a fully linux-based solution in place to program the tokens using provided API example code, enroll them in our RADIUS server, assign them to users, and add the user's AD certificates to them in almost one fell swoop. If there would be an easier/more flexible/better route to take, I'm certainly open for suggestions. But my requirements are as follows: - All-in-one HOTP Event-based OTP + PKI contact-chip + RFID + ID Card solution. - Ability to re-seed the OTP function is essential. I don't like using factory-provided seeds. - I would like to be able to add a data object via McAfee EEPC to the cards to use them for booting encrypted laptops. My largest concerns are: moving from my now-familiar USB programming environment which uses the Aladdin middleware to this contact-chip environment with no 3rd-party middleware. I have no real experience working with this interface directly. (And to be honest, my current USB programming system is a hacked together set of php scripts, C programs, and shell scripts.) I'm hoping to leverage the abilities of the opensc/pcsc linux utilities to initialize, personalize, and maintain these new cards. - I need to have 64k of memory available for certificate and object storage - I need the chip to support 2048 bit RSA keys, and SHA1/SHA256 message digests Hashes can be computed off-card. Support for last round of hashing on the card before signatures [3] is not supported (needs code) From the data sheet the vendor sent me, it claims: 68-Kbytes User ROM, 2304 Bytes RAM, 4-Kbytes EEPROM Dual Key Triple DES Transmission protocols T=1 and T=0 32 bytes security area (OTP) (tons more, but I won't spam the list with it. I can email you a pdf if you'd lke to see it) I believe the 68K is the primary certificate storage location, but correct me if I'm wrong there. The on-board cert generation capabilities aren't clearly stated from the chip perspective, but I believe that should be a function of the software where the hardware would provide acceleration capabilities for it. Again, I'm very new to this, so please push me in the right direction if I'm making mistakes. - I need to know what SDK, emulation/simulation options are available for the chip for further development and testing If you go for a SDK from a vendor you'll be often bound to that SDK (and that vendor). Use standard API-s. I'll take that to heart, thanks. I truly appreciate the information so far, and look forward to any further advice, suggestions, or comments. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] memory corruption while using 2 tokens Aladdin eToken PRO 64
Hello people I want some help of you in order to get 2 tokens Aladdin eToken PRO 64 working at same time When I have pcscd running with one token everything is fine, but with two, they don't work and sometimes I get a segfault on libopenctapi.so I have some background in C, so I used valgrind to run pcscd in order to discovery what is happing and valgrind is saying that libopenctapi.so is using a memory location already free'd (see attached file) I have tested at 2 Ubuntu 11.04 (x86 64 bits and 32bits with default package) and 1 Debian 6.0 (x86 32 bits with last compiled packages) If someone has the key to fix this problem or can give me where I can get start in order to try to fix the problem, I will appreciate that. -- Iuri Diniz http://iuridiniz.com [Sou um agitador, não um advogado] http://blog.igdium.com [Linux on Limbo] ==14646== Memcheck, a memory error detector ==14646== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==14646== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info ==14646== Command: /usr/sbin/pcscd -f -d ==14646== debuglog.c:277:DebugLogSetLevel() debug level=debug configfile.l:245:DBGetReaderListDir() Parsing conf directory: /etc/reader.conf.d configfile.l:287:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/openct configfile.l:287:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/libccidtwin pcscdaemon.c:550:main() pcsc-lite 1.7.0 daemon ready. hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/003/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/004/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x0C45, PID: 0x63E0, path: /dev/bus/usb/001/002 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x0C45, PID: 0x63E0, path: /dev/bus/usb/001/002 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/005/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/006/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/006/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1BCF, PID: 0x053A, path: /dev/bus/usb/006/002 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1BCF, PID: 0x053A, path: /dev/bus/usb/006/002 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0001, path: /dev/bus/usb/007/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/002/001 hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x0529, PID: 0x0600, path: /dev/bus/usb/006/014 hotplug_libudev.c:309:HPAddDevice() Adding USB device: Aladdin eToken PRO 64 readerfactory.c:934:RFInitializeReader() Attempting startup of Aladdin eToken PRO 64 00 00 using /usr/lib/pcsc/drivers/openct-ifd.bundle/Contents/Linux/openct-ifd.so dyn_unix.c:81:DYN_GetAddress() IFDHCreateChannelByName: /usr/lib/pcsc/drivers/openct-ifd.bundle/Contents/Linux/openct-ifd.so: undefined symbol: IFDHCreateChannelByName readerfactory.c:792:RFBindFunctions() Loading IFD Handler 2.0 readerfactory.c:290:RFAddReader() Using the pcscd polling thread eventhandler.c:256:EHStatusHandlerThread() powerState: POWER_STATE_POWERED Card ATR: 3B F2 18 00 02 C1 0A 31 FE 58 C8 09 75 Error: Bad CTBCS APDU, ins=0x15 eventhandler.c:446:EHStatusHandlerThread() powerState: POWER_STATE_UNPOWERED hotplug_libudev.c:258:get_driver() Looking for a driver for VID: 0x0529, PID: 0x0600, path: /dev/bus/usb/005/009 hotplug_libudev.c:309:HPAddDevice() Adding USB device: Aladdin eToken PRO 64 readerfactory.c:587:RFSetReaderName() Support 16 simultaneous readers readerfactory.c:934:RFInitializeReader() Attempting startup of Aladdin eToken PRO 64 01 00 using /usr/lib/pcsc/drivers/openct-ifd.bundle/Contents/Linux/openct-ifd.so readerfactory.c:738:RFLoadReader() Reusing already loaded driver for /usr/lib/pcsc/drivers/openct-ifd.bundle/Contents/Linux/openct-ifd.so dyn_unix.c:81:DYN_GetAddress() IFDHCreateChannelByName: /usr/lib/pcsc/drivers/openct-ifd.bundle/Contents/Linux/openct-ifd.so: undefined symbol: IFDHCreateChannelByName readerfactory.c:792:RFBindFunctions() Loading IFD Handler 2.0 readerfactory.c:965:RFInitializeReader() Open Port 0x21 Failed (usb:0529/0600:libudev:0:/dev/bus/usb/005/009) readerfactory.c:275:RFAddReader() Aladdin eToken PRO 64 init failed. readerfactory.c:985:RFUnInitializeReader() Attempting shutdown of Aladdin eToken PRO 64 01 00. hotplug_libudev.c:377:HPAddDevice() Failed adding USB device: Aladdin eToken PRO 64