Re: [opensc-devel] Experiences with Java smartcardio
We have been using java for quite a long time to use the certificates stored in our smartcards. So far, we didnt have many issues. Actually we are using jss to attack our pkcs#11 module (or csp), but since we got some problems on osx (i talked with NdK some weeks ago), we decided to move to sunPKCS11 and avoid jss. Our new applet, not yet in production but on tests, seems to work perfectly. As i said other times, im the one that makes the pkcs#11 library, not the applet guy...so i cannot give you much information. Will be great if ALL the browsers could use a javascript GOOD interface to sign (more than a pkcs#1)/PKI, anyone knows something about that? ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
On Wednesday, November 23 at 10:07PM, Anders Rundgren wrote: Hi, I just wonder what your opinion is about Java smart card io which is a part of JDK 1.6 and forward. I did a minute test and it wasn't overly convincing :-( OTOH, as we all know that smart card middle ware is hell on earth I may simple haven't given it enough time. AFAIK, smartcardio is only a wrapper to PC/SC. Have a look at http://www.openscdp.org/ It is a fork of the OpenCard-Framework, which is more what you would expect from a smart card middleware. GPL licensed, a lot of cards supported, nice tools, actively developed, can use smartcardio as backend. Cheers, Frank. pgpU8QBEQ1gyy.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
2011/11/23 Anders Rundgren anders.rundg...@telia.com: Hi, Hello, I just wonder what your opinion is about Java smart card io which is a part of JDK 1.6 and forward. I did a minute test and it wasn't overly convincing :-( OTOH, as we all know that smart card middle ware is hell on earth I may simple haven't given it enough time. Do you know PCSC sample in Java [1]? import javax.smartcardio.*; import java.util.List; public class smart { public static void main (String[] args) { try { // show the list of available terminals TerminalFactory factory = TerminalFactory.getDefault(); ListCardTerminal terminals = factory.terminals().list(); // get the first terminal if (terminals.isEmpty ()) { System.out.println (No terminals found!); } else { System.out.println(Terminals: + terminals); CardTerminal terminal = terminals.get(0); // establish a connection with the card Card card = terminal.connect(T=0); System.out.println(card: + card); CardChannel channel = card.getBasicChannel(); // disconnect card.disconnect(false); } } catch (Exception e) { e.printStackTrace (); } } } On windows you get an exception if there is no reader connected! I can't tell about Windows. On Ubuntu I always get No terminals found! Ubuntu has a special configuration of pcsc-lite. Read pcsc-lite upgrade and Ubuntu special configuration [2]. On both machines I have other smart card apps working including pcscd on Ubuntu that in debug mode shows that the card is connected etc. You have not tried hard enough :-) Bye, [1] http://ludovicrousseau.blogspot.com/2010/06/pcsc-sample-in-java.html [2] http://ludovicrousseau.blogspot.com/2010/10/pcsc-lite-upgrade-and-ubuntu-special.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
Hi Ludovic, You are a true smart card middleware expert. I'm not and my customers are even less of that. They just want to plug in and go. As it appears the smart card community/industry have created uniquely complex middleware for reasons unclear to me. It is proven beyond doubt that the platform vendors can't keep up with it either [2]. Do they even bother testing this stuff? I understand that there are layers but if not even layer-0 works right-out-of-the-box the value of java-based software is greatly reduced. Write once run everywhere actually works for sophisticated applications like EJBCA http://ejbca.org without low-level platform tweaks. Anders unconvinced On 2011-11-24 10:31, Ludovic Rousseau wrote: 2011/11/23 Anders Rundgren anders.rundg...@telia.com: Hi, Hello, I just wonder what your opinion is about Java smart card io which is a part of JDK 1.6 and forward. I did a minute test and it wasn't overly convincing :-( OTOH, as we all know that smart card middle ware is hell on earth I may simple haven't given it enough time. Do you know PCSC sample in Java [1]? import javax.smartcardio.*; import java.util.List; public class smart { public static void main (String[] args) { try { // show the list of available terminals TerminalFactory factory = TerminalFactory.getDefault(); ListCardTerminal terminals = factory.terminals().list(); // get the first terminal if (terminals.isEmpty ()) { System.out.println (No terminals found!); } else { System.out.println(Terminals: + terminals); CardTerminal terminal = terminals.get(0); // establish a connection with the card Card card = terminal.connect(T=0); System.out.println(card: + card); CardChannel channel = card.getBasicChannel(); // disconnect card.disconnect(false); } } catch (Exception e) { e.printStackTrace (); } } } On windows you get an exception if there is no reader connected! I can't tell about Windows. On Ubuntu I always get No terminals found! Ubuntu has a special configuration of pcsc-lite. Read pcsc-lite upgrade and Ubuntu special configuration [2]. On both machines I have other smart card apps working including pcscd on Ubuntu that in debug mode shows that the card is connected etc. You have not tried hard enough :-) Bye, [1] http://ludovicrousseau.blogspot.com/2010/06/pcsc-sample-in-java.html [2] http://ludovicrousseau.blogspot.com/2010/10/pcsc-lite-upgrade-and-ubuntu-special.html ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
Hi Frank, thanks for the flowers. I owe you a drink. We've been accessing smart cards from Java for quite a while. It works well on Windows, Linux and Mac OS. You just need to know what you are doing. Andreas Maintainer of OpenSCDP Am 24.11.2011 10:04, schrieb Frank Morgner: On Wednesday, November 23 at 10:07PM, Anders Rundgren wrote: Hi, I just wonder what your opinion is about Java smart card io which is a part of JDK 1.6 and forward. I did a minute test and it wasn't overly convincing :-( OTOH, as we all know that smart card middle ware is hell on earth I may simple haven't given it enough time. AFAIK, smartcardio is only a wrapper to PC/SC. Have a look at http://www.openscdp.org/ It is a fork of the OpenCard-Framework, which is more what you would expect from a smart card middleware. GPL licensed, a lot of cards supported, nice tools, actively developed, can use smartcardio as backend. Cheers, Frank. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 171 8334920 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
On 2011-11-24 09:38, helpcrypto helpcrypto wrote: We have been using java for quite a long time to use the certificates stored in our smartcards. So far, we didnt have many issues. Actually we are using jss to attack our pkcs#11 module (or csp), but since we got some problems on osx (i talked with NdK some weeks ago), we decided to move to sunPKCS11 and avoid jss. Our new applet, not yet in production but on tests, seems to work perfectly. As i said other times, im the one that makes the pkcs#11 library, not the applet guy...so i cannot give you much information. PKCS #11 is another level to hook into Java. It has (AFAIK) nothing to do with the javax.smartcardio package I referred to. Will be great if ALL the browsers could use a javascript GOOD interface to sign (more than a pkcs#1)/PKI, anyone knows something about that? Self-promotion is bad? :-) http://webpki.org/papers/wasp/wasp-tutorial.pdf Anders Other smart card middleware solution: http://webpki.org/papers/keygen2/sks-api-arch.pdf ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
This WASP thing is very interesting. Do you know of any browser already supporting the WebPKI content type? Also, do you think there could be a way to create an embedded PDF signature with a similar solution (i.e. without using an applet)? Cheers, Rafael. On Thu, Nov 24, 2011 at 9:19 AM, Anders Rundgren anders.rundg...@telia.comwrote: On 2011-11-24 09:38, helpcrypto helpcrypto wrote: We have been using java for quite a long time to use the certificates stored in our smartcards. So far, we didnt have many issues. Actually we are using jss to attack our pkcs#11 module (or csp), but since we got some problems on osx (i talked with NdK some weeks ago), we decided to move to sunPKCS11 and avoid jss. Our new applet, not yet in production but on tests, seems to work perfectly. As i said other times, im the one that makes the pkcs#11 library, not the applet guy...so i cannot give you much information. PKCS #11 is another level to hook into Java. It has (AFAIK) nothing to do with the javax.smartcardio package I referred to. Will be great if ALL the browsers could use a javascript GOOD interface to sign (more than a pkcs#1)/PKI, anyone knows something about that? Self-promotion is bad? :-) http://webpki.org/papers/wasp/wasp-tutorial.pdf Anders Other smart card middleware solution: http://webpki.org/papers/keygen2/sks-api-arch.pdf ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Experiences with Java smartcardio
On 2011-11-24 17:29, Rafael Coninck Teigão wrote: This WASP thing is very interesting. Thanx! Do you know of any browser already supporting the WebPKI content type? No. I started 2004 with the WASP project but turned to KeyGen2 2007 since I realized that first you must get the keys, then you can sign etc. However, after beginning a new job, I found that the *real* problem isn't the protocol but the combination protocol+middleware+container. Although Google already have a working on-line provisioning system in their wallet, I believe with its GP heritage to be is fairly primitive so I haven't given in. Yet. WASP and KeyGen2 are built on the same platform. Also, do you think there could be a way to create an embedded PDF signature with a similar solution (i.e. without using an applet)? WASP supports signature profiles and one I have defined a native PDF signer. Cheers, Anders Cheers, Rafael. On Thu, Nov 24, 2011 at 9:19 AM, Anders Rundgren anders.rundg...@telia.comwrote: On 2011-11-24 09:38, helpcrypto helpcrypto wrote: We have been using java for quite a long time to use the certificates stored in our smartcards. So far, we didnt have many issues. Actually we are using jss to attack our pkcs#11 module (or csp), but since we got some problems on osx (i talked with NdK some weeks ago), we decided to move to sunPKCS11 and avoid jss. Our new applet, not yet in production but on tests, seems to work perfectly. As i said other times, im the one that makes the pkcs#11 library, not the applet guy...so i cannot give you much information. PKCS #11 is another level to hook into Java. It has (AFAIK) nothing to do with the javax.smartcardio package I referred to. Will be great if ALL the browsers could use a javascript GOOD interface to sign (more than a pkcs#1)/PKI, anyone knows something about that? Self-promotion is bad? :-) http://webpki.org/papers/wasp/wasp-tutorial.pdf Anders Other smart card middleware solution: http://webpki.org/papers/keygen2/sks-api-arch.pdf ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel