Re: [opensc-devel] OpenSC 0.13.0

[Andreas Schwier]

A big "Thank you" to everyone contributing to this release.

It's a great piece of work.

Andreas


Am 04.12.2012 22:13, schrieb Viktor Tarasov:
> Hello,
>
> The next release is tagged on the github OpenSC/OpenSC project,
> thanks to all of you for your contributions.
>
> Tarball and MSI installers can be found on github, sourceforge or the CI 
> server:
> https://github.com/OpenSC/OpenSC/tags
> https://sourceforge.net/projects/opensc/files/OpenSC/
> https://opensc.fr/jenkins/
> The packages for the other OSs will be added.
>
>
> The list, not complete, of the new features:
> * New card driver ePass2003.
> * OpenPGP card:
>   greatly improved card driver and PKCS#15 emulation;
>   implemented write (pkcs15init) mode;
>   greatly enhanced documentation and tools.
> * ECDSA keys supported in 'read' and 'write' modes by
>   internal PKCS#15 library, PKCS#11 and tools.
> * Minidriver in 'write' mode.
> * SM: secure messaging in GlobalPlatform-SP01 and CW14890 specifications;
>   supported by ePass2003, IAS/ECC and AuthentIC cards;
>   "ACL" and "APDU" modes to trigger secure messaging session;
>   'local' version of the external secure messaging module.
> * PKCS#15: support of 'secret-key' PKCS#15 objects
>support of 'authentication-object' PKCS#15 objects
>support of 'algReference' common key PKCS#15 attribute
>support of 'algReference' common key PKCS#15 attribute
>support of 'subjectName' common public key PKCS#15 attribute
> * PKCS#11: removed 'onepin' version of pkcs#11 module
>configuration options to expose slots for PINs and present on-card 
> applications.
>support GOSTR3410 generate key mechanism
>support of EC key type
> * Support of PACE reader.
> * Remove libltdl reference.
> * ECDSA supported by MyEID card.
> * New card driver for the SmartCard-HSM, a light-weight hardware security 
> module.
> * New useful commands in 'opensc-explorer' tool: 'find', 'put-data', ...
> * fixes SIGV issue related to the unsupported public key format
> * fixes for the number of documentation issues
>
>
> This release was pushed ahead by the number of new features and new card 
> drivers eager for their place in the project,
> as well as by the necessity to restore the regular release process.
>
> You are heartily invited to comment/test/use this release.
>
>
>
> Also at this time we are migrating the OpenSC project to the new hosting.
> Currently:
> - the sources of OpenSC sources and its sub-projects are migrated to github 
> (thanks to Ludovic);
> - mailing-list on sourceforge is ready to substitute the mailing-list on 
> opensc-project.org (once more thanks to Ludovic);
> - Peter Stuge have to migrate the OpenSC trac & wiki onto one of his platform 
> ;
> - sourceforge will replace the file server hosted by opensc-project.org 
> (currently the CI service sends the release and 'nightly' packages to both 
> sourceforge and opensc-project);
> - CI service is currently running for OpenSC/OpenSC github project, but can 
> be extended and include the other OpenSC sub-projects.
>
>
> Currently the github OpenSC/OpenSC contains two branches 'master' and 
> 'staging', rigorously synchronized between each other.
> I guess that we can eliminate the 'staging' branch and use only the 'master' 
> one.
>
>
> The OpenSC wiki pages are largely outdated;
> but I think it's reasonable to wait Peter to finish migration of existing 
> trac before starting to update it.
>
>
> Kind regards,
> Viktor.
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


-- 

-CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#   #|   Schülerweg 38
   |#   #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
-http://www.cardcontact.de
 http://www.tscons.de
 http://www.openscdp.org

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

[Rns Course]

Hi all;

I have a smart card (SmartCafe Expert 3.2 72k) and I've loaded and initialized 
Muscle applet (0.9.11) on it.
Now, I have problem with pkcs15 initializing...
In Windows, I couldn't initialize the card using "pkcs15-init" tool, so I 
decided to compile opensc-0.12.2 in linux (fedora 16) and use "pkcs15-init" 
tool in linux.

I have fedora on VMWare ( my host OS is Windows7) and installed Card Reader 
driver on fedora with name "ifdokccid.so" (my Card Reader is Omnikey CardMan 
3121).
I've got and installed "pcsc-tools" package on linux and run "pcsc_scan" 
command on Terminal, the output was as below:

---
PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.6.6
Scanning present readers...
0: VMware Virtual USB CCID 00 00

Wed Dec  5 11:03:39 2012
 Reader 0: VMware Virtual USB CCID 00 00
  Card state: Card inserted, 
  ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4

ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
+ TS = 3B --> Direct Convention
+ T0 = F7, Y(1): , K: 7 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-
  TA(3) = FE --> IFSC: 254
  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
+ Historical bytes: 73 66 74 65 2D 6E 66
  Category indicator byte: 73 (proprietary format)
+ TCK = C4 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
SmartCafe Expert 3.2 72K
--

My problem is that VMWare finds the reader as:
 Reader 0: VMware Virtual USB CCID 00 00


NOT

Reader 0: Omnikey CardMan 3121 00 00 !!

So, the command "opensc-tool -a" has the following output:

Using reader with a card: VMware Virtual USB CCID 00 00
Failed to connect to card: Unresponsive card (correctly inserted?)

When I connect the reader to the system, VMWare recognizes it as :
"Shared OMNIKEY CardMan 3x21 0" in Removable Devices section of VM, so fedora 
finds it as  "VMware Virtual USB CCID 00 00" reader not Omnikey!
How should the card reader be introduced in VM to solve this problem? 
I guess the problem is because of VMWare settings for card reader not OpenSC, 
but I've not found more related forum than here to ask this question;

Could you help me please?
TIA.___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

[Ludovic Rousseau]

2012/12/5 Rns Course :
> Hi all;

Hello,

> I have a smart card (SmartCafe Expert 3.2 72k) and I've loaded and
> initialized Muscle applet (0.9.11) on it.
> Now, I have problem with pkcs15 initializing...
> In Windows, I couldn't initialize the card using "pkcs15-init" tool, so I
> decided to compile opensc-0.12.2 in linux (fedora 16) and use "pkcs15-init"
> tool in linux.
>
> I have fedora on VMWare ( my host OS is Windows7) and installed Card Reader
> driver on fedora with name "ifdokccid.so" (my Card Reader is Omnikey CardMan
> 3121).
> I've got and installed "pcsc-tools" package on linux and run "pcsc_scan"
> command on Terminal, the output was as below:
>
> ---
> PC/SC device scanner
> V 1.4.17 (c) 2001-2009, Ludovic Rousseau 
> Compiled with PC/SC lite version: 1.6.6
> Scanning present readers...
> 0: VMware Virtual USB CCID 00 00
>
> Wed Dec  5 11:03:39 2012
>  Reader 0: VMware Virtual USB CCID 00 00
>   Card state: Card inserted,
>   ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
>
> ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
> + TS = 3B --> Direct Convention
> + T0 = F7, Y(1): , K: 7 (historical bytes)
>   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
> 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
>   TB(1) = 00 --> VPP is not electrically connected
>   TC(1) = 00 --> Extra guard time: 0
>   TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
> -
>   TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
> -
>   TA(3) = FE --> IFSC: 254
>   TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
> + Historical bytes: 73 66 74 65 2D 6E 66
>   Category indicator byte: 73 (proprietary format)
> + TCK = C4 (correct checksum)
>
> Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
> 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
> SmartCafe Expert 3.2 72K
> --
>
> My problem is that VMWare finds the reader as:
>  Reader 0: VMware Virtual USB CCID 00 00
>
> NOT
>
> Reader 0: Omnikey CardMan 3121 00 00 !!
>
> So, the command "opensc-tool -a" has the following output:
>
> Using reader with a card: VMware Virtual USB CCID 00 00
> Failed to connect to card: Unresponsive card (correctly inserted?)
>
> When I connect the reader to the system, VMWare recognizes it as :
> "Shared OMNIKEY CardMan 3x21 0" in Removable Devices section of VM, so
> fedora finds it as  "VMware Virtual USB CCID 00 00" reader not Omnikey!
> How should the card reader be introduced in VM to solve this problem?
> I guess the problem is because of VMWare settings for card reader not
> OpenSC, but I've not found more related forum than here to ask this
> question;
>
> Could you help me please?

VMWare uses a trick to show the smart card reader in the VM without
disconnecting it from the host.
VMWare uses PC/SC on Windows to access the reader and shows it as a
fake CCID reader in the VM.

It is strange that you can get the ATR using pcsc_scan but not using
"opensc-tool -a".

It is also possible to connect your reader directly to the VM as any
other USB device. It will then not be available from Windows.

Bye

-- 
 Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

[Rns Course]

Thank you Dr. Rousseau,


> It is also possible to connect your reader directly to the VM as any
> other USB device. It will then not be available from Windows.


Yes, exactly!
My problem is because of not disconnecting card reader from windows.
Now, how should I connect the reader directly to the VM as any USB device?

Since, upon connecting the reader to system, shared reader icon appears on the 
VM task bar!
Indeed, I have problem in VM setting to recognize the reader just as a USB 
device.
Could you guide me about this? 

Best Regards.



 From: Ludovic Rousseau 
To: "opensc-devel@lists.opensc-project.org" 
 
Sent: Wednesday, 5 December 2012, 16:51:28
Subject: Re: [opensc-devel] The smart card reader is known as "VMware Virtual 
USB CCID 00 00" in linux ??!!
 

2012/12/5 Rns Course :

> Hi all;


Hello,


> I have a smart card (SmartCafe Expert 3.2 72k) and I've loaded and

> initialized Muscle applet (0.9.11) on it.

> Now, I have problem with pkcs15 initializing...

> In Windows, I couldn't initialize the card using "pkcs15-init" tool, so I

> decided to compile opensc-0.12.2 in linux (fedora 16) and use "pkcs15-init"

> tool in linux.

>

> I have fedora on VMWare ( my host OS is Windows7) and installed Card Reader

> driver on fedora with name "ifdokccid.so" (my Card Reader is Omnikey CardMan

> 3121).

> I've got and installed "pcsc-tools" package on linux and run "pcsc_scan"

> command on Terminal, the output was as below:

>

> ---

> PC/SC device scanner

> V 1.4.17 (c) 2001-2009, Ludovic Rousseau 

> Compiled with PC/SC lite version: 1.6.6

> Scanning present readers...

> 0: VMware Virtual USB CCID 00 00

>

> Wed Dec  5 11:03:39 2012

>  Reader 0: VMware Virtual USB CCID 00 00

>   Card state: Card inserted,

>   ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4

>

> ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4

> + TS = 3B --> Direct Convention

> + T0 = F7, Y(1): , K: 7 (historical bytes)

>   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU

>     129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s

>   TB(1) = 00 --> VPP is not electrically connected

>   TC(1) = 00 --> Extra guard time: 0

>   TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0

> -

>   TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1

> -

>   TA(3) = FE --> IFSC: 254

>   TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5

> + Historical bytes: 73 66 74 65 2D 6E 66

>   Category indicator byte: 73 (proprietary format)

> + TCK = C4 (correct checksum)

>

> Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):

> 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4

> SmartCafe Expert 3.2 72K

> --

>

> My problem is that VMWare finds the reader as:

>  Reader 0: VMware Virtual USB CCID 00 00

>

> NOT

>

> Reader 0: Omnikey CardMan 3121 00 00 !!

>

> So, the command "opensc-tool -a" has the following output:

>

> Using reader with a card: VMware Virtual USB CCID 00 00

> Failed to connect to card: Unresponsive card (correctly inserted?)

>

> When I connect the reader to the system, VMWare recognizes it as :

> "Shared OMNIKEY CardMan 3x21 0" in Removable Devices section of VM, so

> fedora finds it as  "VMware Virtual USB CCID 00 00" reader not Omnikey!

> How should the card reader be introduced in VM to solve this problem?

> I guess the problem is because of VMWare settings for card reader not

> OpenSC, but I've not found more related forum than here to ask this

> question;

>

> Could you help me please?


VMWare uses a trick to show the smart card reader in the VM without

disconnecting it from the host.

VMWare uses PC/SC on Windows to access the reader and shows it as a

fake CCID reader in the VM.


It is strange that you can get the ATR using pcsc_scan but not using

"opensc-tool -a".


It is also possible to connect your reader directly to the VM as any

other USB device. It will then not be available from Windows.


Bye


-- 

Dr. Ludovic Rousseau

___

opensc-devel mailing list

opensc-devel@lists.opensc-project.org

http://www.opensc-project.org/mailman/listinfo/opensc-devel___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

[Douglas E. Engert]

On 12/5/2012 8:55 AM, Rns Course wrote:
> Thank you Dr. Rousseau,
>
>> It is also possible to connect your reader directly to the VM as any
>> other USB device. It will then not be available from Windows.
>
> Yes, exactly!
> My problem is because of not disconnecting card reader from windows.
> Now, how should I connect the reader directly to the VM as any USB device?
>
> Since, upon connecting the reader to system, shared reader icon appears on 
> the VM task bar!
> Indeed, I have problem in VM setting to recognize the reader just as a USB 
> device.
> Could you guide me about this?
>
> Best Regards.

In addition to trying to connect the card directly to the VM, you said
you had built OpenSC-0.12.2. Could you try and build the new 0.13.0
and test again?

   Tarball and MSI installers can be found on github, sourceforge or the CI 
server:
   https://github.com/OpenSC/OpenSC/tags
   https://sourceforge.net/projects/opensc/files/OpenSC/
   https://opensc.fr/jenkins/

Ludovic had said it was strange that pcsc_scan worked but opensc-tool -a did 
not.

If you could post some debugging output for OpenSC-0.13.0, that would be 
helpful.
Either (1) modify the opensc.conf, changing the debug = 0; to debug = 7;
and uncomment the debug_file = line. (2) add a -v option to the opensc-tool
command line and output would be directed to stderr.

Although then vendor provided the ifdokccid.so driver, it might not be needed
as PCSClite says it is supported as CCID. But since the VMware is changing
the name on the card, (and maybe idVendor and idPproduct) things might
not work as expected.

>
> 
> *From:* Ludovic Rousseau 
> *To:* "opensc-devel@lists.opensc-project.org" 
> 
> *Sent:* Wednesday, 5 December 2012, 16:51:28
> *Subject:* Re: [opensc-devel] The smart card reader is known as "VMware 
> Virtual USB CCID 00 00" in linux ??!!
>
> 2012/12/5 Rns Course mailto:rns_cou...@yahoo.com>>:
>  > Hi all;
>
> Hello,
>
>  > I have a smart card (SmartCafe Expert 3.2 72k) and I've loaded and
>  > initialized Muscle applet (0.9.11) on it.
>  > Now, I have problem with pkcs15 initializing...
>  > In Windows, I couldn't initialize the card using "pkcs15-init" tool, so I
>  > decided to compile opensc-0.12.2 in linux (fedora 16) and use "pkcs15-init"
>  > tool in linux.
>  >
>  > I have fedora on VMWare ( my host OS is Windows7) and installed Card Reader
>  > driver on fedora with name "ifdokccid.so" (my Card Reader is Omnikey 
> CardMan
>  > 3121).
>  > I've got and installed "pcsc-tools" package on linux and run "pcsc_scan"
>  > command on Terminal, the output was as below:
>  >
>  > 
> ---
>  > PC/SC device scanner
>  > V 1.4.17 (c) 2001-2009, Ludovic Rousseau  >
>  > Compiled with PC/SC lite version: 1.6.6
>  > Scanning present readers...
>  > 0: VMware Virtual USB CCID 00 00
>  >
>  > Wed Dec  5 11:03:39 2012
>  >  Reader 0: VMware Virtual USB CCID 00 00
>  >  Card state: Card inserted,
>  >  ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
>  >
>  > ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
>  > + TS = 3B --> Direct Convention
>  > + T0 = F7, Y(1): , K: 7 (historical bytes)
>  >  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
>  >129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
>  >  TB(1) = 00 --> VPP is not electrically connected
>  >  TC(1) = 00 --> Extra guard time: 0
>  >  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
>  > -
>  >  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
>  > -
>  >  TA(3) = FE --> IFSC: 254
>  >  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
>  > + Historical bytes: 73 66 74 65 2D 6E 66
>  >  Category indicator byte: 73 (proprietary format)
>  > + TCK = C4 (correct checksum)
>  >
>  > Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
>  > 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4
>  > SmartCafe Expert 3.2 72K
>  > 
> --
>  >
>  > My problem is that VMWare finds the reader as:
>  >  Reader 0: VMware Virtual USB CCID 00 00
>  >
>  > NOT
>  >
>  > Reader 0: Omnikey CardMan 3121 00 00 !!
>  >
>  > So, the command "opensc-tool -a" has the following output:
>  >
>  > Using reader with a card: VMware Virtual USB CCID 00 00
>  > Failed to connect to card: Unresponsive card (correctly inserted?)
>  >
>  > When I connect the reader to the system, VMWare recognizes it as :
>  > "Shared OMNIKEY CardMan 3x21 0" in Removable Devices section of VM, so
>  > fedora finds it as  "VMware Virtual USB CCID 00 00" reader not Omnikey!
>  > How should the card reader be introduced in VM to s

Re: [opensc-devel] OpenSC 0.13.0

[Greg Troxel]

  https://github.com/OpenSC/OpenSC/tags
  https://sourceforge.net/projects/opensc/files/OpenSC/
  https://opensc.fr/jenkins/

The source used to be at:

  http://www.opensc-project.org/files/opensc/

Is that no longer the canonical location?

The wiki at

   https://www.opensc-project.org/opensc

still says the latest release is 0.12.2.


pgpnh8V0MRO49.pgp
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Which libraries/APIs needed?

[Andreas Jellinghaus]

opensc has a test suite that does very similar things - create a key,
take some content, hash it, sign the hash, verify it.
or take some content, and encrypt/decrypt it, verify the result is ok.
check that code, most of it will be very similar to
what you have, except for the smart card specific parts.

http://www.opensc-project.org/opensc/browser/OpenSC/src/tests/regression/init0009

Regards, Andreas

2012/12/4 Markus Wernig :
> Hi all
>
> I have a rather basic question on which libraries/APIs to use for
> implementing the following in eg. a C or Java program.
> The basic idea is:
> init:
> - create 256bit key for AES-256
> - create RSA keypair on token (no x.509)
> - encrypt aes-key with pubkey of rsa-pair, delete cleartext version
> loop:
> - when needed, decrypt aes-key with private rsa key, load to memory
> - perform symmetric en-/decryption with key in memory
>
> Mainly the question is: Since the cryptographic functions on the token
> (which could also be a network HSM) appear to be carried out by the
> pkcs#15 driver, do I need the cryptoki API and pkcs#11 at all?
>
> Thanks in advance for any pointer.
>
> Here's the shellcode that should be "translated" into a compiled program:
>
> echo "Generate AES Key"
> secret=`head -c64 /dev/urandom`
> openssl enc -aes-256-cbc -k "$secret" -P -md sha1 > aes.key
> echo "Generate keypair on pkcs#15 storage"
> pkcs15-init -G rsa/4096 -i 45 -a 01 -u sign,decrypt --pin XXX:YYY
> pkcs15-tool --read-public-key 45 -o rsa.pub
> echo "Encrypt AES Key"
> openssl rsautl -pubin -inkey rsa.pub -encrypt -in aes.key -out aes.key.c
> echo "Remove AES Key"
> for i in `seq 0 7`
> do
> size=`stat aes.key | grep Size | awk {'print $2'}`
> head -c $size /dev/urandom > aes.key
> sync
> sync
> sleep 1
> done
> rm aes.key
> sync
> echo "Decrypt AES Key to memory (depending on shell)"
> eval `pkcs15-crypt -c --pkcs1 -i aes.key.c` | tr -d " "`
> echo "Encrypt data"
> openssl enc -K $key -iv $iv -S $salt -in data.file -out data.file.crypt
> -aes256
> echo "Decrypt data"
> openssl enc -d -K $key -iv $iv -in data.file.crypt -out
> data.file.decrypt -aes256
> echo "Clear memory"
> unset key iv salt
>
> kind regards & thanks
>
> Markus
>
> PS: The above shellcode is based on
> http://www.gooze.eu/howto/smartcard-quickstarter-guide/signing-crypting-and-verifying
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] minimal requirements for working with crypto tokens?

[Anthony Foiani]

Greetings, all.

As with a similar posted in the last day or two, I'm working deploying
an embedded linux system, and I'm trying to figure out the smallest
set of libraries that I need to do this.

The desired use for tokens in the field is:

1. Sign binary blobs, generating a detached RFC5652 signature file
from each data file.

2. (Eventually) for both client and server-side SSL handshaking.

On a typical Linux workstation, I can do all this already, thanks to
the developers here and on libusb, ccid, and pcsc-lite.  Barring
late-breaking changes, this functionality is already available in
packages for the distribution I'm using here (Fedora 17).

To test the latest and greatest, I had to build:

libusb-1.0.9
pcsc-lite-1.8.6
ccid-1.4.8
openssl-1.0.1c
libp11-0.2.8
opensc-0.13.0rc1-g2895729 (from CardContact)
engine_pkcs11-0.1.8

Other than having to adjust the interprocess expectations of pcscd and
its users, that also works fine.

However, the embedded box is not running the typical workstation
daemons.  There's no udev at all; I'm handling the event stream
directly within my application.  (E.g., I'm receiving and handling USB
mass storage device insertions / removals.)

What I'm looking for is guidance on which libraries are required to do
the work, if I can tell those libraries exactly which USB device to
use, and only when there is something there to be used.

Is libusb used only for discovery, or for access as well?  Likewise,
if there is only ever one process accessing the token (and I can
guarantee that it's single-threaded access), then is pcscd necessary?

Even further, if I know exactly which token will be used, is it
possible and/or advisable to short-circuit the generic aspects of
libpkcs11 and somehow use that token's driver directly?

Either way, it seems that I'll still want to use OpenSSL libraries (or
equiv, e.g., NSS) to do the ASN.1 streaming and on-cpu crypto ops.
(This is the easiest part, as I already have OpenSSL in my build.)

Are all these questions stupid, and do I need to be hit over the head
with a heavy book?  :)

I'm still investigating, but if anyone has experience with this sort
of setup, I would very much appreciate any advice they could share
with me.

Thanks for your time.

Best regards,
Anthony Foiani
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel