Re: [opensc-devel] Misleading information about capabilities of readers
Hi, Well this is just something we (and our customers) have encountered with the readers that we have tested. I don't know what causes the limitation (probably not the reader itself, because they work in windows just fine). So it might be in pcsc-lite, the ccid driver or something to do with usb in linux?? Readers we have tested are: - ACS ACR38 CCID - Gemalto Twin Reader - and some OmniKey reader (maybe 3121 if remember correctly) All of these have the same issue, so I suspect that they are not the cause of the problem. Many of our customers have had the same problem and setting this value has helped also them, so it is not only in our environment. We have not investigated this further, because this setting solves the problem, and does not affect performance that much that it would matter. Kind regards, Toni -Original Message- From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de] Sent: 12. tammikuuta 2011 0:21 To: Aventra development Cc: opensc-devel Subject: Misleading information about capabilities of readers Hello, the wiki page of MyEID [1] contains the following paragraph: Many readers don't support receiving the default amount of data (254). Problems will only appear when reading larger files from the card (e.g. certificates). So if you have problems with reading the card with no apparent reason, try to set this to e.g. 192, to be on the safe side. You can then try to iterate to find the maximum for your card reader. That statement is simply wrong, because every USB reader can handle Short-APDUs of every size. For that reason no other card has similar problems. If there are readers that don't work properly with MyEID, then list them explicitly by name. That would definitely of more help to users then such a vague statement like Many readers don't support [...]. Regards Andre [1] http://www.opensc-project.org/opensc/wiki/MyEID ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Misleading information about capabilities of readers
Hi, -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- boun...@lists.opensc-project.org] On Behalf Of Ludovic Rousseau Sent: 12. tammikuuta 2011 11:22 To: opensc-devel Subject: Re: [opensc-devel] Misleading information about capabilities of readers 2011/1/11 Andre Zepezauer andre.zepeza...@student.uni-halle.de: Hello, the wiki page of MyEID [1] contains the following paragraph: Many readers don't support receiving the default amount of data (254). Problems will only appear when reading larger files from the card (e.g. certificates). So if you have problems with reading the card with no apparent reason, try to set this to e.g. 192, to be on the safe side. You can then try to iterate to find the maximum for your card reader. That statement is simply wrong, because every USB reader can handle Short-APDUs of every size. For that reason no other card has similar problems. Every _non-bogus_ reader. For example the Feitian SCR301 [2] is bogus and can't support CASE 2 APDU with Le=0 (256 bytes). That is why this reader is listed in the unsupported list of my CCID driver. If there are readers that don't work properly with MyEID, then list them explicitly by name. That would definitely of more help to users then such a vague statement like Many readers don't support [...]. The reader above has a problem with Le=256. Le=254 should work and the reader should not have a problem with MyEID. I don't know which readers have problem with MyEID. An explicit list of bogus readers would be great so that users can avoid buying such readers. There is nothing special about MyEID that would cause the issue. In windows everything works just fine if we follow the readers maxIFSD value. One difference with many other cards supported by OpenSC that they use T=0 protocol (MyEID use T=1). We have not investigated this further, because the setting solves the problem. Kind regards, Toni Bye [1] http://www.opensc-project.org/opensc/wiki/MyEID [2] http://pcsclite.alioth.debian.org/ccid/unsupported.html#0x096E0x0503 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Misleading information about capabilities of readers
Hi, -Original Message- From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de] Sent: 12. tammikuuta 2011 12:46 There is nothing special about MyEID that would cause the issue. In windows everything works just fine if we follow the readers maxIFSD value. One difference with many other cards supported by OpenSC that they use T=0 protocol (MyEID use T=1). I have a guess about the source of trouble: MyEID cards do not support T1-Block-Chaining. MyEID supports this block chaining because it is based on standard NXP JCOP smartcard chips. However, block chaining is used only after the maximum packet size is reached, i.e. above 256 bytes, so it would not be used here anyway. From our point of view, this is handled totally transparently by the reader and the smartcard chip. Kind regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Creation of card pkcs#15 structure
Hi, What do you think about the possibility that when a card is initialized using pkcs15-init that it would create the whole structure that is defined in the profile used. Currently it only creates the necessary files during initialization, but not any private or public key DIR files etc, that are essential when actually using the card. After initialization the SO-PIN might not be given to the end user, since it might give them too much power over the card content and accidentally might mess it up. Kind regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Braking change in OpenSC 0.12.0 tokenInfo
Hi, Thank you very much! This fixed the problem, could it be committed to the trunk? Too bad the release was already done, but when is the next one, so that this fix could be included. Getting this to the Linux distributions would be even more important. Thanks, Toni -Original Message- From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de] Sent: 10. tammikuuta 2011 16:24 This patch should fix it: Index: libopensc/pkcs15.c === --- libopensc/pkcs15.c(revision 5078) +++ libopensc/pkcs15.c(working copy) @@ -42,8 +42,8 @@ { algorithmPKCS#11, SC_ASN1_INTEGER,SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, { parameters, SC_ASN1_NULL, SC_ASN1_TAG_NULL, 0, NULL, NULL }, { supportedOperations,SC_ASN1_BIT_FIELD, SC_ASN1_TAG_BIT_STRING, 0, NULL, NULL }, - { objId, SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, 0, NULL, NULL }, - { algRef, SC_ASN1_INTEGER,SC_ASN1_TAG_INTEGER, 0, NULL, NULL }, + { objId, SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, SC_ASN1_OPTIONAL, NULL, NULL }, + { algRef, SC_ASN1_INTEGER,SC_ASN1_TAG_INTEGER, SC_ASN1_OPTIONAL, NULL, NULL }, { NULL, 0, 0, 0, NULL, NULL } }; On Mon, 2011-01-10 at 11:21 +0200, Aventra development wrote: Hi, I have been testing the new release and sadly found a braking change that causes cards that are not initialized with (the current version of) OpenSC to result in the message “Unsupported card”. The cause is the token info (5032 file). There is some element that OpenSC requires, otherwise it results in “Unsupported Card”. Previously OpenSC worked well with cards not initialized with it, but now it seems that it does not. Does anybody know what changed and why? I tried to browse the source and the changes, but did not manage to track it back to any change that affected this… I’m not even sure when this change has been done, but somewhere between versions 0.11.13 and 0.12.0. Any help would be appreciated. Below is a log that shows the error and the content of the tokenInfo file. The major difference is that cards not initialized by OpenSC does not have the lastUpdate value. Debug log and below that there is a more detailed log about ASN.1 parsing: 2011-01-05 12:26:07.066 [pkcs15-tool] card.c:548:sc_select_file: called; type=2, path=3f0050155032 2011-01-05 12:26:07.066 [pkcs15-tool] card-myeid.c:202:myeid_select_file: called 2011-01-05 12:26:07.066 [pkcs15-tool] apdu.c:527:sc_transmit_apdu: called 2011-01-05 12:26:07.066 [pkcs15-tool] card.c:295:sc_lock: called 2011-01-05 12:26:07.081 [pkcs15-tool] reader-pcsc.c:242:pcsc_transmit: reader 'O2 O2Micro CCID SC Reader 0' 2011-01-05 12:26:07.081 [pkcs15-tool] apdu.c:187:sc_apdu_log: Outgoing APDU data [ 10 bytes] = 00 A4 08 00 04 50 15 50 32 FF .P.P2. == 2011-01-05 12:26:07.081 [pkcs15-tool] reader-pcsc.c:175:pcsc_internal_transmit: called 2011-01-05 12:26:07.175 [pkcs15-tool] apdu.c:187:sc_apdu_log: Incoming APDU data [ 27 bytes] = 6F 17 80 02 00 46 82 01 01 83 02 50 32 86 03 03 oF.P2... 3F FF 85 02 00 00 8A 01 07 90 00?.. == 2011-01-05 12:26:07.175 [pkcs15-tool] card.c:329:sc_unlock: called 2011-01-05 12:26:07.175 [pkcs15-tool] card-myeid.c:240:myeid_process_fci: called 2011-01-05 12:26:07.191 [pkcs15-tool] iso7816.c:304:iso7816_process_fci: processing FCI bytes 2011-01-05 12:26:07.191 [pkcs15-tool] iso7816.c:309:iso7816_process_fci: file identifier: 0x5032 2011-01-05 12:26:07.191 [pkcs15-tool] iso7816.c:316:iso7816_process_fci: bytes in file: 70 2011-01-05 12:26:07.191 [pkcs15-tool] iso7816.c:335:iso7816_process_fci: shareable: no 2011-01-05 12:26:07.191 [pkcs15-tool] iso7816.c:355:iso7816_process_fci: type: working EF 2011-01-05 12:26:07.206 [pkcs15-tool] iso7816.c:357:iso7816_process_fci: EF structure: 1 2011-01-05 12:26:07.206 [pkcs15-tool] card-myeid.c:256:myeid_process_fci: id (5032) sec_attr (3 3F FF) 2011-01-05 12:26:07.206 [pkcs15-tool] card-myeid.c:269:myeid_process_fci: File id (5032) status SC_FILE_STATUS_ACTIVATED (0x7) 2011-01-05 12:26:07.222 [pkcs15-tool] card-myeid.c:274:myeid_process_fci: returning with: 0 (Success) 2011-01-05 12:26:07.222 [pkcs15-tool] card-myeid.c:208:myeid_select_file: returning with: 0 (Success) 2011-01-05 12:26:07.222 [pkcs15-tool] card.c:569:sc_select_file: returning with: 0 (Success) 2011-01-05 12:26:07.222
Re: [opensc-devel] #269
Hello Andre, Thank you very much for the patch, it fixed the bug. Kind regards Toni -Original Message- From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de] Sent: 10. marraskuuta 2010 11:42 To: Aventra development Cc: opensc-devel Subject: #269 Hello Toni, please could you try the attached patch. It should fix #269. Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] FW: Problem with 0.12.0 RC1
Retry, the previous message try apparently did not go through. From: Aventra development [mailto:developm...@aventra.fi] Sent: 3. marraskuuta 2010 15:38 To: 'OpenSC-devel' Subject: Problem with 0.12.0 RC1 Hi, I have been testing the 0.12.0 RC1 and Im having problems with it when using MyEID cards. I traced the problem, and found out that the setting max_recv_size in opensc.conf file for the reader pcsc has no effect, the value seems to be always 0, and therefore the limitations wont apply. I think this is an issue only for T=1 cards. I created a new ticket for this, #269 (http://www.opensc-project.org/opensc/ticket/269) Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Problem with 0.12.0 RC1
Hi, I have been testing the 0.12.0 RC1 and Im having problems with it when using MyEID cards. I traced the problem, and found out that the setting max_recv_size in opensc.conf file for the reader pcsc has no effect, the value seems to be always 0, and therefore the limitations wont apply. I think this is an issue only for T=1 cards. I created a new ticket for this, #269 (http://www.opensc-project.org/opensc/ticket/269) Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Patch to MyEID profile
Hi, -Original Message- From: Viktor TARASOV Hi, Aventra development wrote: Here is a small patch that modifies the MyEID profile. This profile now initializes the cards like we want them (users are of course free to modify the profile to get cards like they want, but we think this should be the default). I suppose the ACL for card initialization (clearing card) is not desired to be NONE and therefore we undefined the KEEP_AC_NONE_FOR_INIT_APPLET, and you can anyway set it to anything you like by configuring the profile. Your patch do not working for me when applied to trunk . The reasons are: - actual implementation of pkcs15init needs to verify 'DELETE' acl of the PKCS15-AppDF when doing 'create object' operations. So, your have to set it to 'NONE' or 'User PIN'; - take into account my mail http://www.opensc-project.org/pipermail/opensc-devel/2010- September/014865.html illustrated by diff from http://www.opensc-project.org/pipermail/opensc-devel/2010- September/014867.html In attachment there is a diff for myeid.profile (relative to trunk) that actually 'works for me'. Thanks Viktor, the your profile patch looks good. I did not test the patch I posted against current trunk, instead I used snapshot from changeset 4707, sorry about that. There is a downside with this configuration, pkcs15-init now asks many times (5 times I think) for the USER PIN when it initializes the MyEID card and creates the required files (it does not matter what you enter, because it wont be verified since the card is in creation state). I propose you to use '--pin' argument for the 'pkcs15-init' command. Pkcs15-init creates the SO-PIN, but not the USER PIN. It would be nice if pkcs15-init would create both PINs, since it is built to support two PINs (User and SO). Currently we create the user pin after initialization and finalize the card after that. If somebody knows how to get rid of the unnecessary user PIN queries please apply fix or help us do it. Pkcs15-init creates both PINs with this kind of command: #pkcs15-init -C --label IDX-SCM -P --auth-id 53434D --so-pin 12345678 -- so-puk 123456 --pin --puk -F Great, this makes the initialization much nicer. #pkcs15-tool --list-pins Using reader with a card: OmniKey CardMan 3121 00 00 PIN [Security Officer PIN] Object Flags : [0x3], private, modifiable ID : ff Flags : [0xB0], initialized, needs-padding, soPin Length : min_len:4, max_len:8, stored_len:8 Pad char : 0xFF Reference : 3 Type : ascii-numeric Path : PIN [IDX-SCM] Object Flags : [0x3], private, modifiable ID : 53434d Flags : [0x30], initialized, needs-padding Length : min_len:4, max_len:8, stored_len:8 Pad char : 0xFF Reference : 1 Type : ascii-numeric Path : Please apply this small patch, thanks! Kind regards, Toni Kind wishes, viktor. Best wishes, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Patch to MyEID profile
Hi, Here is a small patch that modifies the MyEID profile. This profile now initializes the cards like we want them (users are of course free to modify the profile to get cards like they want, but we think this should be the default). I suppose the ACL for card initialization (clearing card) is not desired to be NONE and therefore we undefined the KEEP_AC_NONE_FOR_INIT_APPLET, and you can anyway set it to anything you like by configuring the profile. There is a downside with this configuration, pkcs15-init now asks many times (5 times I think) for the USER PIN when it initializes the MyEID card and creates the required files (it does not matter what you enter, because it wont be verified since the card is in creation state). Pkcs15-init creates the SO-PIN, but not the USER PIN. It would be nice if pkcs15-init would create both PINs, since it is built to support two PINs (User and SO). Currently we create the user pin after initialization and finalize the card after that. If somebody knows how to get rid of the unnecessary user PIN queries please apply fix or help us do it. Please apply this small patch, thanks! Kind regards, Toni opensc-0.12.0-aventra.patch Description: Binary data ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with 2K keys and MyEID
Hi, Thanks for the patch! The initial value for the FIXME could be the following (the FIXME): priv-card_state = SC_FILE_STATUS_CREATION; Otherwise the patch looks good, please commit it. Kind regards, Toni -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- boun...@lists.opensc-project.org] On Behalf Of Viktor TARASOV Sent: 6. syyskuuta 2010 18:08 Cc: 'OpenSC-devel' Subject: Re: [opensc-devel] Problem with 2K keys and MyEID Martin Paljak wrote: Hello, On Sep 6, 2010, at 11:02 AM, Viktor TARASOV wrote: Aventra development wrote: - PIN change and unblock (code added to MyEID driver, but it does not work with pkcs15-tool (does nothing), There is little 'copypast' issue in your patch. It's corrected in r4682. The included patch does it even better in less (almost no) code, at least pin change and unblock seem to work without problems. The card_state handling should also be fixed, but I don't know what the initial value for it should be, thus the FIXME. In fact, it's better. Let's wait Tony to test and approve. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] MyEID microSD
Hello Andre, Yes we can provide you with microSD cards that have our MyEID applet on them. Currently you also need a SDK to be able to integrate the card to your application. Currently there is no linux ifd-handler available. To be able to communicate with the card, you need a library that is only available in the card manufacturers SDK. The card supports common PKI standards, just like the standard MyEID card. While the demand for these kind of microSD cards is very limited, the purchase of a SDK and implementing the software you want is currently the only approach we can offer you. The SDK's library is supported on Windows, Windows Mobile, Android, Symbian and Linux. Best Regards, Toni -Original Message- From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de] Sent: 1. syyskuuta 2010 21:51 To: Aventra development Cc: opensc-devel Subject: MyEID microSD Hello Toni, by visiting the webshop of Aventra I have noticed, that there is a smart card in microSD format in there portfolio. I have been looking for such a device for a while, but haven't found a supplier so far. Are you able to provide some more information on it. Most important to me is the existence of an ifd-handler for Linux. Kind Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with 2K keys and MyEID
Hi, I don’t have any objections on the change you proposed Andre. I have also prepared and attached to this message a patch, please review and commit. It adds the following features to the MyEID driver (based on trunk) includes also some fixes on whitespace: - Card initialization and finalization (activation) - Key generation (thanks to Viktor, however now I have some problem with pcsc transmit failing after some time while the card is generating the key) - PIN change and unblock (code added to MyEID driver, but it does not work with pkcs15-tool (does nothing), pkcs11-tool works, but pkcs#11 module does not when using Firefox). Other problems with firefox is that certificate enrollment does not work when using the pkcs#11 module, e.g. when using this site: pkitest.gdm.de/starsign Anyway it's a step forward. If somebody is able to help with the Firefox problem or knows why the pkcs15-tool does not work, feel free to edit the code or send some information to me so we will get also these working. Kind regards, Toni -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- boun...@lists.opensc-project.org] On Behalf Of Andre Zepezauer Sent: 31. elokuuta 2010 21:02 To: Viktor TARASOV Cc: 'OpenSC-devel' Subject: Re: [opensc-devel] Problem with 2K keys and MyEID On Tue, 2010-08-31 at 18:40 +0200, Viktor TARASOV wrote: Andre Zepezauer wrote: On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote: Aventra development wrote: The 1K key generation works nicely, but we are having a problem generating a 2K key using OpenSC 0.11.13 and our own MyEID card. OpenSC correctly finds a new file id and creates the file, and after that it tries to store the key to that file. The issue is that the created file’s size is only 1024 bytes, so the card will answer with 67 00 (Wrong length). Some code in OpenSC decides to create the wrong sized file, but I have not been able to find it. Now I’m curious that, does other cards work when generating (or just loading) 2048 byte keys? For me, to generate the 2048 bits key on the Aventra card, the following path was needed to be applied to the OpenSC trunk. If no objection, I'll commit this patch to trunk. Hello Viktor, I would write the check for supported modulus length a bit more generic. But it's functional the same like yours, because myeid supports only 1024 and 2048 bit (at least the driver does). Therefore it doesn't matter a lot. #include internal.h pkcs15init/pkcs15-myeid.c:513 /* check that the card supports the requested modulus length */ if (_sc_card_find_rsa_alg(p15card-card, keybits) == NULL) SC_TEST_RET(ctx, LEVEL, ERROR, MSG); Agree, it's much better. I hope that Toni (maintainer of myEID driver) have no objections. On the other hand it would be fine to give a good example, because someone may want to copy+paste your code. See copy+paste in the card drivers [1]. The same check also occurs in line 427, 514, 574, 637. And interestingly _always_ some lines below there is the following conditional assignment: if (file-size 1024) file-size = 1024; Will you prepare the patch? Haven't the required hardware, therefore testing isn't possible to me. But if someone would send me some pieces of these cards, I could do it myself the next time. Regards Andre Kind wishes, Viktor. [1]http://www.opensc-project.org/pipermail/opensc-devel/2010- August/014615.html ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel opensc-myeid.patch Description: Binary data ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with 2K keys and MyEID
Thanks Victor! No objections here, the patch looks good. br, Toni -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- boun...@lists.opensc-project.org] On Behalf Of Viktor TARASOV Sent: 30. elokuuta 2010 16:19 Cc: 'OpenSC-devel' Subject: Re: [opensc-devel] Problem with 2K keys and MyEID Aventra development wrote: The 1K key generation works nicely, but we are having a problem generating a 2K key using OpenSC 0.11.13 and our own MyEID card. OpenSC correctly finds a new file id and creates the file, and after that it tries to store the key to that file. The issue is that the created files size is only 1024 bytes, so the card will answer with 67 00 (Wrong length). Some code in OpenSC decides to create the wrong sized file, but I have not been able to find it. Now Im curious that, does other cards work when generating (or just loading) 2048 byte keys? For me, to generate the 2048 bits key on the Aventra card, the following path was needed to be applied to the OpenSC trunk. If no objection, I'll commit this patch to trunk. Regards, Toni Sjöblom Kind wishes, Viktor. -- Viktor Tarasovviktor.tara...@opentrust.com ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Problem with 2K keys and MyEID
Hi, The 1K key generation works nicely, but we are having a problem generating a 2K key using OpenSC 0.11.13 and our own MyEID card. OpenSC correctly finds a new file id and creates the file, and after that it tries to store the key to that file. The issue is that the created files size is only 1024 bytes, so the card will answer with 67 00 (Wrong length). Some code in OpenSC decides to create the wrong sized file, but I have not been able to find it. Now Im curious that, does other cards work when generating (or just loading) 2048 byte keys? Regards, Toni Sjöblom ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Question about patches
Hello Martin and others, We have been improving the MyEID card driver and have soon a new patch for this. Do you still apply any patches to the 0.11.xx line of OpenSC or is any new patch only for the upcoming 0.12 release? Im asking this because Im not sure how much the versions differ from each other, and do the 0.12 version have different requirements e.g. regarding pcsc-lite version etc. And should we have a patch for both, or only for 0.12? Kind regards, Toni Sjöblom ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] MyeID card in OpenSC
Hello all, Our MyEID card works in our environment and we have some customers who use it with OpenSC. We use pscs-lite. I'm sorry that we haven't had time to investigate the problems that you Andreas had with the card. Our plan is to also support PKCS#15 init, but with lack of time and understanding of how the init works, we have not been able to completely implement the init functionality. Many of the other card types have separate tools for initializing the cards, and this is perhaps something we have to go for too. One issue you Andreas might have is with the send and receive size, since the card is a T=1 protocol card while many other are T=0. Look here for more information: http://www.opensc-project.org/opensc/wiki/MyEID (Smart card reader configuration). Kind regards, Toni Sjöblom Aventra Ltd. -Original Message- From: Martin Paljak [mailto:martin.pal...@gmail.com] On Behalf Of Martin Paljak Sent: 1. helmikuuta 2010 15:57 To: Viktor TARASOV Cc: Aventra development; opensc-devel (opensc-devel) Subject: MyeID card in OpenSC Hello. On Feb 1, 2010, at 15:07 , Viktor TARASOV wrote: actually this card is the only one that partly uses the Old pkcs15init API. This card was added just recently (September 2009) so there should not be many (if any) public users and the developer should be reachable (added to Cc just in case). I would like to migrate it to the New API. I suggest to make a best effort try and if it fails, it will be reported. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Difference betwen pkcs15-init/pkcs11-tool generate key .
Hi! I have the same issue with 0.11.11 version.. just traced the problem to the same place. Any ideas what is wrong? Regards, Toni -Original Message- From: François Leblanc I try to use more pkcs11-tool since I guess pkcs11 will be the standard way for use opensc and I can't generate key with pkcs11. I notice that pkcs15-init call 'sc_pkcs15init_set_callbacks' and pkcs11-tool not and is why do_get_and_verify_secret fails later. Does someone use pkcs11-tool to generate key pairs on cards without so-pin, and does it works? François. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC 0.11.11 build
Hi! I built and tested the 0.11.11 version and the pcsc-lite stopped working. The cause is that the shared object that OpenSC tries to find is now libpcsclite.so.1, previously it was libpcsclite.so. Since I didnt have this file, pcsc stopped working. I have fixed this temporarily by making a copy of the file with the right name, and now everything works as before. Was this change intended or was this changed by mistake? Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.11.11 released today
Hi! You need to add the switch --enable-pcsc to the configure command to enable PCSC. About the NSPlugin I don't know, but there has been some discussion on that it is really old and not maintained. Regards, Toni -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- boun...@lists.opensc-project.org] On Behalf Of Johannes Becker Sent: 29. lokakuuta 2009 12:27 To: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] OpenSC 0.11.11 released today Hello, when configuring OpenSC 0.11.11 under Debian lenny and squeeze I get PC/SC support: no NSPlugin support:no I have installed libpcsclite-dev (Version: 1.4.102-1) What else do I need? By the way: opensc doesn't work as it comes with Debian squeeze pcsc_scan detects reader and card, but opensc-tool doesn't find the reader. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Update to MyEID driver
Hi Andreas, Ok, attached is the new patch without the white space changes. I hope it is the way you like it. Thanks! Br, Toni -Original Message- From: Andreas Jellinghaus [mailto:a...@dungeon.inka.de] Sent: 22. lokakuuta 2009 21:38 To: opensc-devel@lists.opensc-project.org Cc: Aventra development Subject: Re: [opensc-devel] Update to MyEID driver Am Mittwoch 21 Oktober 2009 12:31:31 schrieb Aventra development: Attached is a update to the MyEID driver. In the patch only the drivers own files have been updated. Also all warnings should have been fixed. The patch is done to the 0.11.10 release. thanks. can you re-do the patch using diff -udb? the b) option will ignore all whitespace changes - in many places there something with space only changed, so the diff is very hard to read. if you want to cleanup/unify whitespace, we can do that in a seperate change, that does nothing but whitespace changes. (or I run indent on the files or something like that). Thanks, Andreas p.s. if you used svn diff - it does not support -b option. you can do two new checkouts svn co http://www.opensc-project.org/svn/opensc/trunk opensc and the same with opensc.orig, then copy the modified files into opensc checkout to overwrite the versions there, and then diff opensc.orig against opensc to generate a diff with diff -udrNPpb opensc.orig opensc opensc-0.11.10-aventra.patch2.tar.gz Description: Binary data ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Update to MyEID driver
Hi! Attached is a update to the MyEID driver. In the patch only the drivers own files have been updated. Also all warnings should have been fixed. The patch is done to the 0.11.10 release. Kind regards, Toni opensc-0.11.10-aventra.patch.tar.gz Description: Binary data ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] pkcs15 init, problem with the profile
Hi! We are trying to implement the pkcs15 initialization to the MyEID cards and cant get it to work. The current problem is that the ACL definitions are not set correctly according to how we have set them in the profile file. The ACL written to the card is always 0, regardless of what the profile has set. The MyEID drivers function that gets called, receives the ACL values 0 every time. We tried to look at the other drivers code, but could not find a solution there. Does anybody know where the problem might be? Does the other drivers work when initializing a card, and is the ACL set correctly? Any help would be much appreciated. Otherwise we have to do as many others, develop own tool for the initialization. At this point it feels that that would be much easier, that trying to fully understand why the profile handling does not work. Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Patch adding support for Aventra MyEID card
Hi! The previous patch I sent replaces the one I sent earlier. Then a question about the wiki page. How do I do it? Where are they located? I could not find any example of the other drivers wiki pages. Some example would be nice to get started. Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Patch adding support for Aventra MyEID card
Hi! Thanks for the comments Andreas and Martin. I will look into these once you have committed the current patch. I could then fix the things Martin commented on. I will then post a new patch file and hope to also have a small wiki page with information about the card. We will send you Andreas some pre-initialized test cards. The card is a standards based PKI card using Java technology. It supports common ISO7816 and PKCS#15 standards. The cards are commonly used in Finnish health care and other organizations and companies. Currently the driver doesn't support PKCS initialization, we will add this later. Regards, Toni -Original Message- From: Andreas Jellinghaus [mailto:a...@dungeon.inka.de] Sent: 14. syyskuuta 2009 10:43 To: opensc-devel@lists.opensc-project.org Cc: Aventra development Subject: Re: [opensc-devel] Patch adding support for Aventra MyEID card hi Toni, the patch looks good, here are the small issues I found: * doesn't apply to trunk, but only very small fixes needed (westcos driver was added last week, so off by one errors) * indent creates some ugly long lines in its default formatting, in some places a lot of tabs could be removed (usualy the function definition, 2nd+ line) to keep the code more readable. * no need to patch Makefile.in * a few dos \r\n line ends in the patch all these things are minor, I could edit the source and commit the current patch with minimal changes. lets see if anyone finds other issues. (also I didn't compile-test the patch so far) can you tell us more about the card? I read on your web page you use javacards with your own applet? will this opensc implementation allow everything we can do with normal cards, or is it in anyway limited? is the card if used with opensc compatible with the software you sell or are there any issues? and if you want to donate a card or two for testing, my address is Andreas Jellinghaus, Vogelhartstrasse 17, 80807 Munich, Germany :) for many cards we have a special tool so we access low level functions of the card like formatting, debuggging, getting firmware version etc. are there any such functions that could require such a low level tool? or does the card driver everything, so no need for that? Once the driver is commited we would welcome a wiki page about the card, so users can read up what it is, where to buy it, if there are limitations (e.g. is your software required to initialize the card or anything like that?) Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel