Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-27 Thread NdK 
Il 23/09/2012 12:04, Andreas Jellinghaus ha scritto:

> > In my mind, the SE should take over display and touch controller by
> > hardware means, so absolutely no app can snoop user input or fake it.
> > Too bad seems nobody really *needs* that level of security...
> The problem with that is that is impossible for a user to distinguish
> between a real PIN dialog and a fake ditto.  The SKS' "work-around" to
> this particular issue is that there is an OS-based PIN dialog and that
> keys can specify that they only accepts PINs through the system PIN
> dialog
> (trusted path).
I knew something that didn't need "trusted software" (in the PC) should
exist. And Finally I found it:
http://www.ftsafe.com/product/epass/interpass
Seems quite near to my idea of a "really-smart card": big display to
show transaction details and button to review/confirm/cancel (and, I
hope, to insert a gesture that replaces the PIN...).
Just evolve that a bit and it's perfect :)

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Read safesign card

2012-09-27 Thread Edmundo Valle Neto 
Hello

Im trying to use a brazilian e-cnpj card issued by certisign in Ubuntu 
and would like to know if anyone can confirm to me if its supported.

The pcsc_scan shows the following about the reader and the card:

Scanning present readers...
0: Gemalto GemPC Twin 00 00

Thu Sep 27 15:54:37 2012
  Reader 0: Gemalto GemPC Twin 00 00
   Card state: Card inserted,
   ATR: 3B 7D 18 00 02 80 57 59 50 53 49 44 30 33 83 7F 90 00

ATR: 3B 7D 18 00 02 80 57 59 50 53 49 44 30 33 83 7F 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7D, Y(1): 0111, K: 13 (historical bytes)
   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
   TB(1) = 00 --> VPP is not electrically connected
   TC(1) = 02 --> Extra guard time: 2
+ Historical bytes: 80 57 59 50 53 49 44 30 33 83 7F 90 00
   Category indicator byte: 80 (compact TLV data object)
 Tag: 5, len: 7 (card issuer's data)
   Card issuer data: 59 50 53 49 44 30 33
 Tag: 8, len: 3 (status indicator)
   LCS (life card cycle): 7F (Proprietary)
   SW: 9000 (Normal processing.)

Possibly identified card (using /home/edmundo/.smartcard_list.txt):
3B 7D 18 00 02 80 57 59 50 53 49 44 30 33 83 7F 90 00
 Sagem YpsID s2 (SafeSign)

But pkcs15-tool --list-certificates, says its an unsupported card:

Using reader with a card: Gemalto GemPC Twin 00 00
PKCS#15 binding failed: Unsupported card

Can anyone confirm that?

Regards.

Edmundo Valle Neto

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-27 Thread Andreas Jellinghaus 
2012/9/27 Martin Paljak 

> On Sat, Sep 22, 2012 at 1:41 PM, Andreas Jellinghaus
>  wrote:
> >> In my mind keys could optionally contain application-oriented ACL
> telling
> >> which
> >> applications they trust so that even if you install a "bad" App, it
> would
> >> for
> >> example not be able to use your bank or eID-key in the background.
> >
> >
> > I must admit I don't know how many apps are managed and seperated. given
> the
> > restricted resources a smart
> > card has, I assume there is a master key that creates contain of specific
> > sizes/dimensions/... and the app is
> > loaded into such a container, limiting it and reserving the unallocated
> > space for further applications/containers?
> >
> > Is there a standard on doing this, or is it all JCOP magic under NDA?
>
> Are you referring to GlobalPlatform? That's public, with docs and API
> references (when applicable) available on globalplatform.org.
>

I thought JCOP had more commands than GlobalPlattform, e.g. to manage
card specific settings (e.g. change the ATR and communication settings).


> I bet there are probably vendors who tweak/amend/change/molest the
> spec, but the general principles should be there and followed by many
> vendors.
>
> There is an interesting thing called Trusted Execution Environment
> that might come to existence some time in the future, called TEE:
>
>
> http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf
>
> But for a mobile solutions and experiences, I think the time now is as
> good as pre-CCID for smart card readers: wild-wild-west and with a
> *much* tougher competition situation. Who needs standards if you have
> an iPhone  :)
>
> Martin
>
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-27 Thread Martin Paljak 
On Sun, Sep 23, 2012 at 12:52 PM, Andreas Jellinghaus
 wrote:
> 2012/9/22 NdK 
>>
>> Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:
>>
>> > In my mind keys could optionally contain application-oriented ACL
>> > telling which
>> > applications they trust so that even if you install a "bad" App, it
>> > would for
>> > example not be able to use your bank or eID-key in the background.
>> In my mind, the SE should take over display and touch controller by
>> hardware means, so absolutely no app can snoop user input or fake it.
>> Too bad seems nobody really *needs* that level of security...
>
>
> like "credsticks" from scifi novels decades ago? that owuld be a single use
> appliance, and I think easy to hack, similar how it is trivial to have a
> chip recording keystrokes placed inside a laptop etc. and I guess a multi
> app would be extreme complex and unlikely to be secure either.

I don't know about credsticks but hardware-secured, sealed and
intrusion-detecting&evident device (think: handheld HSM) is the only
way to have a "reasonably assured" system. Talking about all the
application and OS-layer things to make interception more difficult
(binding apps to identities and checking hashes and signatures and
whatnot) is nice to have, but eventually doomed, as you can run code
alongside the semi-trusted code that implements it. Unless the path
from SE to input-output devices (keypad, display) is physically
separated, something can always go wrong (which does of course not
mean that having them forbids something from going wrong :))

Mandatory link: http://news.cnet.com/obamas-new-blackberry-the-nsas-secure-pda/

There are cards out there that are ID1 size with a chip and a small
display, unfortunatley the display is not connected to the "main cpu"
but  a separate OTP generator. Once those displays get hooked to
JavaCard inputs, interesting (and secure) schemes can be built. But
I've not heard of any serious players planning to come out with
something like that. Hooking them up with either on-card keys or
secure pinpad readers would be really nice.

Martin
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-27 Thread Martin Paljak 
On Sat, Sep 22, 2012 at 1:41 PM, Andreas Jellinghaus
 wrote:
>> In my mind keys could optionally contain application-oriented ACL telling
>> which
>> applications they trust so that even if you install a "bad" App, it would
>> for
>> example not be able to use your bank or eID-key in the background.
>
>
> I must admit I don't know how many apps are managed and seperated. given the
> restricted resources a smart
> card has, I assume there is a master key that creates contain of specific
> sizes/dimensions/... and the app is
> loaded into such a container, limiting it and reserving the unallocated
> space for further applications/containers?
>
> Is there a standard on doing this, or is it all JCOP magic under NDA?

Are you referring to GlobalPlatform? That's public, with docs and API
references (when applicable) available on globalplatform.org.

I bet there are probably vendors who tweak/amend/change/molest the
spec, but the general principles should be there and followed by many
vendors.

There is an interesting thing called Trusted Execution Environment
that might come to existence some time in the future, called TEE:

http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf

But for a mobile solutions and experiences, I think the time now is as
good as pre-CCID for smart card readers: wild-wild-west and with a
*much* tougher competition situation. Who needs standards if you have
an iPhone  :)

Martin
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] new release?

2012-09-27 Thread Andreas Schwier 
Hi Viktor,

I've created a pull request into staging for adding SmartCard-HSM write
support.

Andreas

Am 25.09.2012 17:04, schrieb Viktor Tarasov:
> Hi Andreas,
>
> On Tue, Sep 25, 2012 at 9:14 AM, Andreas Schwier
>  > wrote:
>
> we've completed the development of write support for the SmartCard-HSM
> and are in the middle of testing and bug-fixing.
>
>
> Fine, 
> what part of the common OpenSC libraries are involved into your tests
> (pkcs11, minidriver, pkcs15, ...) ?
> What are the OSs?
>
>  
>
>
> The code is based on the latest version in OpenSC/staging and changes
> mostly apply to our own code.
>
> Is there a chance to get write support into the upcomin release ?
>
> If yes, I would prepare a pull request against the CardContact/staging
> branch.
>
>
> Ok, 
> you can make pull request to 'staging' or 'master' of OpenSC/OpenSC --
> two branches are kept syncronized.
>
>
> Andreas
>
>
> Kind wishes,
> Viktor.
>  
>
>
>
>
> Am 17.09.2012 22:00, schrieb Viktor Tarasov:
> > Hello,
> >
> > Le 15/09/2012 16:52, Kalev Lember a écrit :
> >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
> >>> Hello,
> >>>
> >>> current github 'staging' is tagged as v0.13.0-pre1.
> >>>
> >>> If no objections, I will merge this branch into github
> 'master' -- it will be base version to test
> >>> and to prepare the coming release candidate.
> >> Very good idea. I think it makes a lot of sense to have just one
> >> 'master' branch for development; this is what people coming
> over from
> >> other projects tend to expect.
> >
> > 'Master' and 'staging' are actually synchronized and for the new
> pull requests I propose to create them relative to the 'master'
> branch.
> > Until the end of this release the pull requests to 'staging' are
> also accepted.
> >
> > The tag name 'v0.13.0-pre1' has been changed (sorry) to
> '0.13.0pre1' -- still cannot understand which common set of characters
> > could be used for the release-version/tag-name to satisfy 'git',
> 'obs', 'dpkg-build', ...
> >
> > Commits to 'master' and new tags trigger the jenkins jobs of
> build, packaging and some rudimentary test of package and unit
> tests (for Suse).
> > https://opensc.fr/jenkins/view/Open
> SC-release/
> 
> >
> > The resulting packages are transfered to 'download' part of the
> opensc-project.org  file server:
> >  - commits to
> > http://www.opensc-project.org/downloads/projects/opensc/nightly/
> >  - releases to
> >
> http://www.opensc-project.org/downloads/projects/opensc/releases/
> >
> >
> > For a while there are only source tarballs, MSIs for x32 and x64
> and rpm i586 for opensSuSE 12.1 .
> > Hope that rapidly the building of releases packages for some
> debian/ubuntu distributions will be connected.
> >
> > It would be nice if you could look/test the tarball or packages
> of the release 0.13.0pre1.
> > Your remarks, proposals, contributions are heartily welcome.
> >
> > Kind regards,
> > Viktor.
> > ___
> > opensc-devel mailing list
> > opensc-devel@lists.opensc-project.org
> 
> > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
> --
>
> -CardContact Software & System Consulting
>|.##> <##.|   Andreas Schwier
>|#   #|   Schülerweg 38
>|#   #|   32429 Minden, Germany
>|'##> <##'|   Phone +49 571 56149 
> -http://www.cardcontact.de
>  http://www.tscons.de
>  http://www.openscdp.org
>
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> 
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
-http://www.cardcontact.de
 http://www.tscons.de
 http://www.openscdp.org

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] PIV-tool in windows environment

2012-09-27 Thread Douglas E. Engert 
First of all, the piv-tool was designed to be used for test cards only,
and only supports the commands from NIST 800-73-3, as each card vendor
may have additional commands and requirements, such as Global Platform
commands, or the need to finalize a card. NIST 800-73-3 does not provide
a way to write a private key to or from the card, thus there is no
standard way to escrow a key. That said, piv-tool does have a -s option
to allow other commands to be sent to the card, asnd can be used with the
vendor documentation.

You will need a lot more then piv-tool to do proper card management.
http://fips201ep.cio.gov/apl.php
has a list of approved products, including card management.


On 9/26/2012 7:07 PM, Ravneet Singh Khalsa wrote:
> Hello experts,
>
> I am considering using PIV-tool for certificate enrollment for PIV cards for 
> my company. I am following the instructions specified in the link 
> http://www.opensc-project.org/opensc/wiki/PivTool. I have
> downloaded the opensc-i686-w64-mingw32-011-base build on my windows 7 client 
> machine. The instructions on the above link looks like UNIX instructions. Can 
> I get equivalent windows instructions ? I was
> able to generate public key using piv-tool, but I could not generate 
> certificate request using SSL. Is there equivalent command for Windows 
> specific environment ?
>
> The command seems to be pointing to engine_pkcs11.so and opensc-pkcs11.so 
> files. I couldn’t find these files anywhere.
>

As Peter saind look for the .dlls

I do have a set of scripts to manage test cards, but they are Unix.
I can send them, but they are not in top shape, and get changed as needed.


> Any help would be appreciated.
>
> Thanks,
>
> Ravneet
>
> I am a programmer and I understand only programming languages.



>
>
>
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>

-- 

  Douglas E. Engert  
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Viktor Tarasov 
On Thu, Sep 27, 2012 at 1:13 PM, Andreas Schwier <
andreas.schw...@cardcontact.de> wrote:

> Just tried the same.
>
> There is also a SIGV if you try to delete the public key alone.
> Apparently the public key object in the framework has no related object
> in the pkcs15 layer.
>


Public key PKCS#11 object is created from certificate if there is no
corresponding PKCS#15 public key object.
https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L544

As we see, the deletion of the 'parent' cert object has not been
sufficiently tested.



>
> Andreas
>
> Am 27.09.2012 13:04, schrieb Viktor Tarasov:
> >
> >
> > On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge  > > wrote:
> >
> > Andreas Schwier wrote:
> > > I will first need to write a small test in C to reproduce the
> > problem.
> > > Right now we test from Java, which makes debugging a real
> nightmare.
> >
> > Maybe you can reproduce it using some of the existing command line
> > tools?
> >
> >
> > It can be reproduced, using command
> > #  pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l
> > --pin "1234" --delete-object --type cert --id 
> >
> > and patched pkcs11-tool:
> > diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
> > index f23948b..30074d8 100644
> > --- a/src/tools/pkcs11-tool.c
> > +++ b/src/tools/pkcs11-tool.c
> > @@ -824,6 +824,9 @@ int main(int argc, char * argv[])
> >  util_fatal("You should specify at least one
> > of the "
> >  "object ID, object label,
> > application label or application ID\n");
> > delete_object(session);
> > +
> > +   printf("Now list public keys ...\n");
> > +   list_objects(session, CKO_PUBLIC_KEY);
> > }
> >
> > if (do_set_id) {
> >
> >
> > I will look for the solution.
> >
> >
> >
> > //Peter
> > ___
> > opensc-devel mailing list
> > opensc-devel@lists.opensc-project.org
> > 
> > http://www.opensc-project.org/mailman/listinfo/opensc-devel
> >
> >
> >
> >
> > ___
> > opensc-devel mailing list
> > opensc-devel@lists.opensc-project.org
> > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
> --
>
> -CardContact Software & System Consulting
>|.##> <##.|   Andreas Schwier
>|#   #|   Schülerweg 38
>|#   #|   32429 Minden, Germany
>|'##> <##'|   Phone +49 571 56149
> -http://www.cardcontact.de
>  http://www.tscons.de
>  http://www.openscdp.org
>
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Andreas Schwier 
Just tried the same.

There is also a SIGV if you try to delete the public key alone.
Apparently the public key object in the framework has no related object
in the pkcs15 layer.

Andreas

Am 27.09.2012 13:04, schrieb Viktor Tarasov:
>
>
> On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge  > wrote:
>
> Andreas Schwier wrote:
> > I will first need to write a small test in C to reproduce the
> problem.
> > Right now we test from Java, which makes debugging a real nightmare.
>
> Maybe you can reproduce it using some of the existing command line
> tools?
>
>
> It can be reproduced, using command 
> #  pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l
> --pin "1234" --delete-object --type cert --id 
>
> and patched pkcs11-tool:
> diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
> index f23948b..30074d8 100644
> --- a/src/tools/pkcs11-tool.c
> +++ b/src/tools/pkcs11-tool.c
> @@ -824,6 +824,9 @@ int main(int argc, char * argv[])
>  util_fatal("You should specify at least one
> of the "
>  "object ID, object label,
> application label or application ID\n");
> delete_object(session);
> +
> +   printf("Now list public keys ...\n");
> +   list_objects(session, CKO_PUBLIC_KEY);
> }
>  
> if (do_set_id) {
>
>
> I will look for the solution.
>
>
>
> //Peter
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> 
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
-http://www.cardcontact.de
 http://www.tscons.de
 http://www.openscdp.org

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Viktor Tarasov 
On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge  wrote:

> Andreas Schwier wrote:
> > I will first need to write a small test in C to reproduce the problem.
> > Right now we test from Java, which makes debugging a real nightmare.
>
> Maybe you can reproduce it using some of the existing command line
> tools?
>
>
It can be reproduced, using command
#  pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l
--pin "1234" --delete-object --type cert --id 

and patched pkcs11-tool:
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index f23948b..30074d8 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -824,6 +824,9 @@ int main(int argc, char * argv[])
 util_fatal("You should specify at least one of the
"
 "object ID, object label,
application label or application ID\n");
delete_object(session);
+
+   printf("Now list public keys ...\n");
+   list_objects(session, CKO_PUBLIC_KEY);
}

if (do_set_id) {


I will look for the solution.



> //Peter
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Peter Stuge 
Andreas Schwier wrote:
> I will first need to write a small test in C to reproduce the problem.
> Right now we test from Java, which makes debugging a real nightmare.

Maybe you can reproduce it using some of the existing command line
tools?


//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Andreas Schwier 
Hi Peter,

I will first need to write a small test in C to reproduce the problem.
Right now we test from Java, which makes debugging a real nightmare.

Andreas

Am 27.09.2012 11:25, schrieb Peter Stuge:
> Andreas Schwier (ML) wrote:
>> there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV
>> when via PKCS#11 a certificate object is deleted, but not the related
>> public key object.
>>
>> Occasionally this triggers a SIGV when the caller later accesses the
>> CKA_ID attribute which tries to access the then deleted certificate object.
>>
>> Is there any expert on the list that has intimate knowledge of the
>> framework code that could take a look at it ?
> Please send a backtrace.
>
> Build the program with debugging, run the program with gdb --args
> program, then type bt after the crash. Post output.
>
>
> //Peter
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
-http://www.cardcontact.de
 http://www.tscons.de
 http://www.openscdp.org

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Peter Stuge 
Andreas Schwier (ML) wrote:
> there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV
> when via PKCS#11 a certificate object is deleted, but not the related
> public key object.
> 
> Occasionally this triggers a SIGV when the caller later accesses the
> CKA_ID attribute which tries to access the then deleted certificate object.
> 
> Is there any expert on the list that has intimate knowledge of the
> framework code that could take a look at it ?

Please send a backtrace.

Build the program with debugging, run the program with gdb --args
program, then type bt after the crash. Post output.


//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] SIGV when deleting certificate but not related public key

2012-09-27 Thread Andreas Schwier (ML) 
Hi all,

there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV
when via PKCS#11 a certificate object is deleted, but not the related
public key object.

Occasionally this triggers a SIGV when the caller later accesses the
CKA_ID attribute which tries to access the then deleted certificate object.

Is there any expert on the list that has intimate knowledge of the
framework code that could take a look at it ?

Andreas


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
-http://www.cardcontact.de
 http://www.tscons.de
 http://www.openscdp.org

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] PIV-tool in windows environment

2012-09-27 Thread Peter Stuge 
Ravneet Singh Khalsa wrote:
> Is there equivalent command for Windows specific environment ?
> 
> The command seems to be pointing to engine_pkcs11.so and
> opensc-pkcs11.so files. I couldn't find these files anywhere.
..
> I am a programmer and I understand only programming languages.

It's good for programmers to know about systems too.

Look for the same files named .dll.


//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel