Re: [opensc-devel] PIV-tool in windows environment
Ravneet Singh Khalsa wrote: Is there equivalent command for Windows specific environment ? The command seems to be pointing to engine_pkcs11.so and opensc-pkcs11.so files. I couldn't find these files anywhere. .. I am a programmer and I understand only programming languages. It's good for programmers to know about systems too. Look for the same files named .dll. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] SIGV when deleting certificate but not related public key
Hi all, there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV when via PKCS#11 a certificate object is deleted, but not the related public key object. Occasionally this triggers a SIGV when the caller later accesses the CKA_ID attribute which tries to access the then deleted certificate object. Is there any expert on the list that has intimate knowledge of the framework code that could take a look at it ? Andreas -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
Hi Peter, I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Andreas Am 27.09.2012 11:25, schrieb Peter Stuge: Andreas Schwier (ML) wrote: there is apparently a nasty bug in framework-pkcs15.c that causes a SIGV when via PKCS#11 a certificate object is deleted, but not the related public key object. Occasionally this triggers a SIGV when the caller later accesses the CKA_ID attribute which tries to access the then deleted certificate object. Is there any expert on the list that has intimate knowledge of the framework code that could take a look at it ? Please send a backtrace. Build the program with debugging, run the program with gdb --args program, then type bt after the crash. Post output. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge pe...@stuge.se wrote: Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin 1234 --delete-object --type cert --id object-id and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal(You should specify at least one of the object ID, object label, application label or application ID\n); delete_object(session); + + printf(Now list public keys ...\n); + list_objects(session, CKO_PUBLIC_KEY); } if (do_set_id) { I will look for the solution. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
Just tried the same. There is also a SIGV if you try to delete the public key alone. Apparently the public key object in the framework has no related object in the pkcs15 layer. Andreas Am 27.09.2012 13:04, schrieb Viktor Tarasov: On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge pe...@stuge.se mailto:pe...@stuge.se wrote: Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin 1234 --delete-object --type cert --id object-id and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal(You should specify at least one of the object ID, object label, application label or application ID\n); delete_object(session); + + printf(Now list public keys ...\n); + list_objects(session, CKO_PUBLIC_KEY); } if (do_set_id) { I will look for the solution. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org mailto:opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIGV when deleting certificate but not related public key
On Thu, Sep 27, 2012 at 1:13 PM, Andreas Schwier andreas.schw...@cardcontact.de wrote: Just tried the same. There is also a SIGV if you try to delete the public key alone. Apparently the public key object in the framework has no related object in the pkcs15 layer. Public key PKCS#11 object is created from certificate if there is no corresponding PKCS#15 public key object. https://github.com/OpenSC/OpenSC/blob/master/src/pkcs11/framework-pkcs15.c#L544 As we see, the deletion of the 'parent' cert object has not been sufficiently tested. Andreas Am 27.09.2012 13:04, schrieb Viktor Tarasov: On Thu, Sep 27, 2012 at 11:30 AM, Peter Stuge pe...@stuge.se mailto:pe...@stuge.se wrote: Andreas Schwier wrote: I will first need to write a small test in C to reproduce the problem. Right now we test from Java, which makes debugging a real nightmare. Maybe you can reproduce it using some of the existing command line tools? It can be reproduced, using command # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot-index 0 -l --pin 1234 --delete-object --type cert --id object-id and patched pkcs11-tool: diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f23948b..30074d8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -824,6 +824,9 @@ int main(int argc, char * argv[]) util_fatal(You should specify at least one of the object ID, object label, application label or application ID\n); delete_object(session); + + printf(Now list public keys ...\n); + list_objects(session, CKO_PUBLIC_KEY); } if (do_set_id) { I will look for the solution. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org mailto:opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Technical Description - Android Embedded SE
2012/9/27 Martin Paljak mar...@martinpaljak.net On Sat, Sep 22, 2012 at 1:41 PM, Andreas Jellinghaus andr...@ionisiert.de wrote: In my mind keys could optionally contain application-oriented ACL telling which applications they trust so that even if you install a bad App, it would for example not be able to use your bank or eID-key in the background. I must admit I don't know how many apps are managed and seperated. given the restricted resources a smart card has, I assume there is a master key that creates contain of specific sizes/dimensions/... and the app is loaded into such a container, limiting it and reserving the unallocated space for further applications/containers? Is there a standard on doing this, or is it all JCOP magic under NDA? Are you referring to GlobalPlatform? That's public, with docs and API references (when applicable) available on globalplatform.org. I thought JCOP had more commands than GlobalPlattform, e.g. to manage card specific settings (e.g. change the ATR and communication settings). I bet there are probably vendors who tweak/amend/change/molest the spec, but the general principles should be there and followed by many vendors. There is an interesting thing called Trusted Execution Environment that might come to existence some time in the future, called TEE: http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf But for a mobile solutions and experiences, I think the time now is as good as pre-CCID for smart card readers: wild-wild-west and with a *much* tougher competition situation. Who needs standards if you have an iPhone :) Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Technical Description - Android Embedded SE
Il 23/09/2012 12:04, Andreas Jellinghaus ha scritto: In my mind, the SE should take over display and touch controller by hardware means, so absolutely no app can snoop user input or fake it. Too bad seems nobody really *needs* that level of security... The problem with that is that is impossible for a user to distinguish between a real PIN dialog and a fake ditto. The SKS' work-around to this particular issue is that there is an OS-based PIN dialog and that keys can specify that they only accepts PINs through the system PIN dialog (trusted path). I knew something that didn't need trusted software (in the PC) should exist. And Finally I found it: http://www.ftsafe.com/product/epass/interpass Seems quite near to my idea of a really-smart card: big display to show transaction details and button to review/confirm/cancel (and, I hope, to insert a gesture that replaces the PIN...). Just evolve that a bit and it's perfect :) BYtE, Diego. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel