Re: [opensc-devel] EF(DIR) and sc_pkcs15_bind_internal

[Martin Paljak]

Hello,

On Fri, Jun 1, 2012 at 9:45 PM, Douglas E. Engert deeng...@anl.gov wrote:

 An example might be a PIV card application has the ATR may contain the
 default
 application on the card. Thus it could be possible that a card has both a
 default
 application that is not PKCS#15 and the card could also be a PKCS#15 card.

I don't now understand what you want to imply.

Should the logic be tuned further?

What I'm trying to do is to create a card application that would
require minimal or even no changes at all to OpenSC to be recognized
as a PKCS#15 card. But adhering to standards, I believe that the first
check should be trying to select the PKCS#15 application by AID, if
EF(DIR) is not present.

As I've not found a reference to 5015 either (except that it has been
used by other applications for PKCS#15 DF in the wild), this might
also reply to the question of why the file ID-s are as they currently
ar.

The best description of the issue is of course a patch, which solves
the problem as I see it. Will send it on Monday.

Best,
Martin
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] EF(DIR) and sc_pkcs15_bind_internal

[Viktor Tarasov]

Le 02/06/2012 14:10, Martin Paljak a écrit :
 Hello,

 On Fri, Jun 1, 2012 at 9:45 PM, Douglas E. Engert deeng...@anl.gov wrote:

 An example might be a PIV card application has the ATR may contain the
 default
 application on the card. Thus it could be possible that a card has both a
 default
 application that is not PKCS#15 and the card could also be a PKCS#15 card.

 I don't now understand what you want to imply.

 Should the logic be tuned further?

 What I'm trying to do is to create a card application that would
 require minimal or even no changes at all to OpenSC to be recognized
 as a PKCS#15 card. But adhering to standards, I believe that the first
 check should be trying to select the PKCS#15 application by AID, if
 EF(DIR) is not present.

There is also EF.ATR, where the (default) application ID could be encoded.

I have no ISO-7816-5,
but according to 'ISO-7816-4 2005' ch.8.2.2 'Application selection'
there are following application selection methods:
- implicit application selection. For this method an application ID or initial 
application selection command has to be present in historical bytes of ATR. If 
there is no such data in historical bytes, then application identifier has to 
be looked for in EF.ATR.

- selection using the SELECT-DF-NAME command with the AID found in historical 
bytes or in EF.ATR

- selection using composed data from EF.DIR and EF.ATR.

Parsing of EF.ATR content is already present in the common part of OpenSC.

 As I've not found a reference to 5015 either (except that it has been
 used by other applications for PKCS#15 DF in the wild), this might
 also reply to the question of why the file ID-s are as they currently
 ar.

Afaiu, the '5015' (P15) is nowhere in the standards.
It's used by OpenSC convention and also by other card producers (Oberthur 
AuthentIC 3.2).

 The best description of the issue is of course a patch, which solves
 the problem as I see it. Will send it on Monday.

 Best,
 Martin

Kind regards,
Viktor.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] ECDH in 'staging' of github OpenSC/OpenSC

[Viktor Tarasov]

Hi Douglas,

ECDH support, that you have tested in SM branch,
has been committed into the 'staging' branch of github OpenSC/OpenSC.
https://github.com/OpenSC/OpenSC/tree/staging

I've made only basic (list on-card objects) tests with PIV card.
More substantial tests will be performed later,
when the rest of pending proposals will find their place in 'staging'.

If you are using Windows environment you can try one of MSIs from
https://opensc.fr/jenkins/view/OpenSC-staging/

Kind regards,
Viktor.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel