from:"François Leblanc"

Re: [opensc-devel] OpenSC Windows installer

2010-03-24 Thread François Leblanc

The download link for i386 installer is included in the wiki page together 
with some comments and questions. Unlike NSIS InnoSetup is a win32 
application but I have successfully used it from wine. 


It's the main reason why we choice NSIS, I think using wine to build installer 
a bit complicated.


Regards,
François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] pkcs15-oberthur.h

2010-03-23 Thread François Leblanc

Hi,

I get some trouble to cross build opensc, pkcs15-oberthur.h not included

In archive opensc-0.12.0-svn.tar.gz when I run make dist.


Moreover licence is missing in pkcs15-oberthur.h and pkcs15-oberthur.c seems

To be the only file with a separate header file, if possible it will be fine

To put pkcs15-oberthur.h to pkcs15-oberthur.c unless necessary for multiple

Oberthur cards?

What do you think about this ?

François.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] pkcs15-oberthur.h

2010-03-23 Thread François Leblanc


Sorry, where from you are getting this archive?

It's standard way to cross build with OpenSC Build system, I build it 

myself with make, make dist from current svn sources.

 Moreover licence is missing in pkcs15-oberthur.h and pkcs15-oberthur.c 
 seems

 To be the only file with a separate header file, if possible it will be fine

 To put pkcs15-oberthur.h to pkcs15-oberthur.c unless necessary for 
 multiple

 Oberthur cards?
   

This header file used by src/pkcs15init/pkcs15-oberthur.c and 
src/pkcs15init/pkcs15-oberthur-awp.c .
License is present in 'pkcs15-oberthur.c'; as for the license in 
'pkcs15-oberthur.h' -- is it really mandatory ?


Don't know if it's mandatory but other headers get it so...


I don't know the particularities of cross compilation. Probably your 
problems comes from the fact
that this header file is not in 'noinst_HEADERS' list?


 What do you think about this ?
   

If the only way to resolve the current problem is to join all three file 
in one,
we'll do it.


No it's certainly not the only way, just suggest this to keep simple (one file 
by card)

if possible... 

 François.
   

Kind wishes,
Viktor.

Regards,
François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4091] internal.h must be before winreg.h include, and change path for include log.h in cardmod.c

2010-03-09 Thread François Leblanc




hmm, why move internal.h? what is in internal.h that changes the winreg.h 
include?

Winreg.h depends of definition in windows.h witch is included in
internal.h...

usually it is not internal.h that has some special define, but config.h,
and we have that as first include everywhere. so if there is something
special in internal.h that I missed, I would like to know :)

Perhaps config.h should include windows.h in case of _WIN32 ? Don't know
if it's the correct solution (and possible). In doubt I keep the actual 
code but change doesn't mind me.

also it would be good to add a comment with these specifics, so we
have this special case documented in the source code.

Yes even though for windows developpment it's not 'specifics' since
all start with windows.h, it's confirm that it will be fine to have
it in config.h like said up.

Thanks, Andreas

Regards,
François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4091] internal.h must be before winreg.h include, and change path for include log.h in cardmod.c

2010-03-09 Thread François Leblanc



so we could revert this check, and instead add a
/* windows.h required before winreg.h*/
#include windows.h
#include winreg.h

inside the #ifdef _WIN32 ?
looks cleaner to me...

Ok for me, I will do the test and make the change if you are ok?

François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Cosmetic change to sc_pkcs15_verify_pin()

2010-03-08 Thread François Leblanc



I propose to change the sc_pkcs15_verify_pin() prototype from 
    int sc_pkcs15_verify_pin(struct sc_pkcs15_card *, struct
sc_pkcs15_pin_info *, const u8 *, size_t);
to
    int sc_pkcs15_verify_pin(struct sc_pkcs15_card *, struct
sc_pkcs15_object *, const u8 *, size_t);


The reason is that every time this procedure is called,
the 'pin_info' is extracted from 'object' either directly in the call line,
or a few lines earlier.
In every actual call of this procedure the pin object is available.

This change will slightly simplify the existing code.

The same concerns sc_pkcs15_change_pin() and sc_pkcs15_unblock_pin().

Any objections?

No objections for me,

François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Possible issue with pkcs15 emulation

2010-02-23 Thread François Leblanc


Hello Victor,

Im playing with opensc and find that when we use pkcs15 emulation
sc_pkcs15_verify_pin fails,

this is due to 'auth_method' not set by emulation layer (and use to be set
by 'sc_pkcs15_verify_pin'

before changeset 4048). For real pkcs15 card it seems that
'sc_pkcs15_decode_aodf_entry' set this

to SC_AC_CHV. 

What we should do for emulation, I guess we have to set 'auth_method' to
SC_AC_CHV for all cards?

Perhaps set it on 'sc_pkcs15emu_add_pin_obj' ?

What do you think? 

Regards,
François.





smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Possible issue with pkcs15 emulation

2010-02-23 Thread François Leblanc


Ok so Can I apply joined patch? Tested only with Westcos Card...


Hope I forget nobody...


No objections?


François.



emulation-set-auth-method.patch
Description: Binary data


smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Possible issue with pkcs15 emulation

2010-02-23 Thread François Leblanc


 Index: pkcs15-syn.c
 ===
 --- pkcs15-syn.c  (revision 4063)
 +++ pkcs15-syn.c  (working copy)
 @@ -316,6 +316,8 @@
   sc_pkcs15_pin_info_t pin = *in_pin;
  
   pin.magic = SC_PKCS15_PIN_MAGIC;
 + if (!pin.auth_method) /* or SC_AC_NONE */
 + pin.auth_method = SC_AC_CHV;
  
   return sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_AUTH_PIN, obj, 
 pin);
  }


Viktor are you ok for Martin's solution? 

For my point of view both solutions are acceptable... but we have to choice.


François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] opensc-pkcs11 + TrueCrypt

2010-02-19 Thread François Leblanc


Hello,

Does anyone successfully use opensc-pkcs11 module with TrueCrypt ?

Im interrest in feedback of user since I dont manage  to do it.

Regards,
François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn build changed[102] Add command opensc-install. bat at end of nsis install script

2010-02-18 Thread François Leblanc



Why do you run the script?
If you use nsis you need to do all within the nsis and check for
failures too... :)

Script update opensc.conf setting profile_dir and for now I don't
manage to modify directly opensc.conf with nsis...

So to make useable quickly I run opensc-install.bat in future we can
put all in nsis script I think (no time for the moment).

François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Envoi d'un message : build-mi ngw32.patch

2010-02-16 Thread François Leblanc

  
Hello Alon,

Can you have a look on joined patch if it's ok for you.

It's for building process for mingw32 using internal-winscard.h instead of

Winscard.h (like we add cardmod.h I think we can add this minors modification).

What do you think about?

François.




build-mingw32.patch
Description: build-mingw32.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Envoi d'un message : build-min gw32.patch

2010-02-16 Thread François Leblanc




if some file inside opensc source is not found, then it is propably
an issue with some Makefile (e.g. FOO_CFLAGS += -I${srcdir} needed).

can you give details why/when this is needed, so we can find out
what is wrong?

This is needed to cross build opensc with cardmod support with mingw32
since winscard.h not present in this case. So to configure --enable-carmod
witch detect cardmod.h header and in this header we need winscard.h or 
internal-winscard.h

Under mingw64 winscard.h is present under mingw32 we can use 
internal-winscard.h 
But for now configure detect cardmod.h and can't include internal-winscard.h 
(not 
Found in config.log so build process fail with cardmod.h not usuable)

and the internal file is better referenced with filename.h I think.


I will try Alon suggest: 
http://www.opensc-project.org/pipermail/opensc-devel/2010-February/013447.html


Regards, Andreas

Thank you,
François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] remove cardmod pcsc driver from internal.

2010-02-16 Thread François Leblanc


Hello,

In file src/libopensc/ctx.c:

since 'cardmod' driver is a subset of pcsc drivers it should not be use
with pcsc driver, if we use the internal keyword (by default) cardmod is
loaded too and may conflict with pcsc reader.

So I propose to change this with joined patch if someone get better idea 
I can have a look.

Thank you,

François.



cardmod-ctx.patch
Description: cardmod-ctx.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Envoi d'un message : nsis_s etup.patch.tar.gz

2010-02-10 Thread François Leblanc


Alon,

What do you think about this patch to create installable release .

Something like this can be ok ?

(I don't have makensis on my linux developement server but I have it on my 
windows client and I
Run it on script generated and get it working.)

Regards,
François.



nsis-setup.patch.tar.gz
Description: GNU Zip compressed data


smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] build fatal

2010-02-10 Thread François Leblanc

Hello

I cant build anymore opensc, get failure :

Cannot export sc_der_clear: symbol not defined

Should I remove « sc_der_clear » from libopensc.exports list ?

Any objections ?

François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-08 Thread François Leblanc

I have some fixups to the build.

Great Thank you.

Can you please send me a usable cardmod.h so I can compile this stuff?

I will send you in private way.

Also, can we put the .inf and .reg anywhere else but bin?

The .reg is not to stay (just for example until we made it by a tool)

The .inf is close to opensc-cardmod.dll since the .inf should copy 
opensc-cardmod.dll
To system32. Now If I put opensc-cardmod.dll in system32 and use it this don't 
work, I
guess librairies used by opensc-cardmod.dll are not found in this case even 
thougth
the path is set to the bin directory of opensc. If I use opensc-cardmod 
directly on 
bin with other dll this working. 

Regarding the 32bit and 64bit card modules, we do not compile both
64bit and 32bit especially you don't put the suffix of 64 to the card
module. Suffix should be fixed - this for sure, I will handle this.

I keep this part separatly since I don't know anything about the 64bit,don't 
know
If it's necessarry...

But I am not sure the the SmartCardCardModule64 is indeed 64bit and
the SmartCardCardModule is 32bit.

Also, how do you support multiple cards in the .inf file?

To add a card extend the .inf file like this:

[Minidriver.NTx86]
%CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000

%CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000 - add 
your card CID_ provided by windows 7


[AddRegDefault]
HKLM, %SmartCardName%,ATR,0x0001,3f,69,00,00,00,64,01,00,00,00,80,90,00
HKLM, 
%SmartCardName%,ATRMask,0x0001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
HKLM, %SmartCardName%,Crypto Provider,0x,Microsoft Base Smart Card 
Crypto Provider
HKLM, %SmartCardName%,Smart Card Key Storage Provider,0x,Microsoft 
Smart Card Key Storage Provider
HKLM, %SmartCardName%,8001,0x,%SmartCardCardModule%

HKLM, 
%SmartCardNameToto%,ATR,0x0001,3f,69,00,00,00,64,01,00,00,00,80,90,00 - 
add your ATR card
HKLM, 
%SmartCardNameToto%,ATRMask,0x0001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff 
- Add your ATR Mask
HKLM, %SmartCardNameToto%,Crypto Provider,0x,Microsoft Base Smart 
Card Crypto Provider
HKLM, %SmartCardNameToto%,Smart Card Key Storage 
Provider,0x,Microsoft Smart Card Key Storage Provider
HKLM, %SmartCardNameToto%,8001,0x,%SmartCardCardModule%

Thanks!

Concerning your fixup, I remember you that mingw32 seems not to have 
winscard.h it's why

I've make a complex cardmod.h detection since if you don't have winscard.h you 
use internal-winscard.h but

Cardmod.h still use winscard.h (it's code provided by other ms). Have you an 
idea best way to handle this?

I think about perhaps a symbolic link winscard.h-internal-winscard.h make on 
build time?

What do you think about?

Regards,
François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] cross build broken since changeset 3992 due to pthread.h

2010-02-05 Thread François Leblanc

Hi,

Andreas since your change :

http://www.opensc-project.org/opensc/changeset/3992


I can't cross build, the #include pthread.h in log.c file fail
in error no pthread.h file.

This file should be part of compiler or other.. Do you successfully 
Cross build for mingw since the change? Someone do that?

Regards,
François.






smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] cross build broken since changeset 3992 due to pthread.h

2010-02-05 Thread François Leblanc



oops, sorry, didn't know it would be missing on windows.

I commited a fix for that, please test!

I will do.

 This file should be part of compiler or other.. Do you successfully
 Cross build for mingw since the change? Someone do that?

sorry, I haven't found time to setup a cross-compile for opensc with mingw
myself. so I depend on other people testing crosscompile and reporting back.
thanks!

It doesn't mind me it's only to know if the issue can come from my compiler or 
not.

Regards, Andreas
François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-05 Thread François Leblanc


Hi,

Minidriver added.

 - Move libopensc/opensccm.c to cardmod/cardmod.c - build
  opensc-cardmod.dll


leave it as is, and commit the code you posted.

the code can be changed later, when there is an agreement how it can
be changed.

Unfortunatly I can successfully use env to transmit SCARDHANDLE and 
SCARDCONTEXT to
Libopensc-2.dll so I use registry for now (still to be improved).


Things to do,

- Review libopensc/reader-pcsc.c to be better and to match needs 
- Add more pin management (unblocking pin etc...)
- Documentations (wiki + code)
- make card writeable with it (only read only for now)
- and so on...


Bests Regards,

François



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-05 Thread François Leblanc


note: I removed the Makefile.in.
All those files generated by automake, autoconf and libtool
are not submitted to svn, as they change, depending on the
version of these tools used by each developer, and we are
not interested in having these changes in the svn.

Ok.

 Unfortunatly I can successfully use env to transmit SCARDHANDLE and
  SCARDCONTEXT to Libopensc-2.dll so I use registry for now (still to be
  improved).

ah, to transmit the handle from opensc-cardmod.dll to opensc-2.dll?
hmm, we could create some backdoor, like a static public variable
or some function to set a static variable. but that wouldn't be much
nicer either. not sure what the best plan is.

We have to think about the best way to do it.


still a nice start. what works so far? can people read the
certificates, login with user pin, authenticate with signature
or decrypt emails?
did you test with some specific applications?

So I've successfully read certificats (use command certutil.exe -SCinfo)
And sign mails under outloock, I've reached authentification on an internal 
Website with internet-explorer.

For login is still a bit more difficult since you need a domain controller
Configured for login with certificats and I don't have one for the moment.

I use for now westcos card and only this one it's why cardmod.inf and
Cardmod-westcos.reg are not extend to other cards for the moment, they must
be adapted for the card you want to use...

we could create an extra wiki page for testers, where we describe
how to setup opensc with card module, and how to test various functionality,
for example login with smart card authentication or using explorer or
outlook with it.

Yes there are some step to describe to make it more easy...

but I guess most test will be difficult, unless people have the necessary
infrastructure already. (IIRC smart card authentication needs active
directory and a microsoft PKI or something like that?) still it would
be nice to document these challanges, as a step to get more people involved.

Yes it's the goal.

Regards, Andreas
Regards

François.




smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-04 Thread François Leblanc



 Ok, to be more clear I suggest opensc-cardmod.dll...

good idea.

Thank you.

 Yes dlls must be in Path, the Path can be update at install process.

I know you can set the path for users. but can you also set the
path for system processes (e.g. the login window)? 

Oups sorry, of courses you know that, I hope the path is common to all process
But this must be checked and confirm.   

(...)

 - Update code to transmit SCARDHANDLE and SCARDCONTEXT by env to
 reader-pcsc.c
 In first step I keep actual hack code of reader-pcsc.c and if possible
 change it
 to reduce duplicate code.

leave it as is, and commit the code you posted.

the code can be changed later, when there is an agreement how it can
be changed.

Ok change only env part to make it working.

please don't forget to also submit the *.reg file. you posted a binary
last time as attachment, please use iconv to convert it from utf-16
to utf-8 first. that way we can see what is inside the file, and windows
will still be able to install it with a right-click.

I will do.

Thanks, Andreas

Thank you,
François.




smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-03 Thread François Leblanc

Please send us the licence.rtf so we can check it is LGPL compatible.

Thanks

Ok, join licence.rtf and other.

François



License.tar.bz2
Description: Binary data


smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Fwd: Problems developing with Starcos 2.3

2010-02-03 Thread François Leblanc

pkcs11-tool -L show me the slots but they are always empty. I've used my
application with the manufacturer libraries and it works appropriately. So
I think my problem could be related to my opensc configuration. I didn't
modify the opensc.conf file because i'm using a usual card supported by
opensc, Do I have to modify it?


Could someone give me any information? I'm running out of ideas.
Many Thanks again to everybody.
Regards.

Hum for me (but I don't follow all the discussion so it maybe a mistake) I
don't see emulator starting for startcos in log file.

You say you have provider dll working with your card so your card is 
initialized 
And certificat/key are present but not in pkcs15 format. If you tryed to init 
Your card with pkcs15-init -C command you start to add pkcs15 structure in your 
Card it's why the emulator don't take the hand on it...

This can explain your trouble only if pkcs11-tool -L (list slot) don't let see
Slots with only Security Officier pin

Can you try to configure opensc.conf this way: 

try_emulation_first = yes;

and/or 

add a key with pkcs15-init command


François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-03 Thread François Leblanc

  as far as I know both are too much involved in opensc internals to port
  them to pkcs#11 api.
 
 You have the correct understanding.

ok, thanks.

I Will try to think about it.

 The question here is how the feature (pre-opened card handles) is
  implemented inside libopensc. The interface towards BaseCSP is indeed
  constant, but the implementation inside libopensc should be reviewed a
  bit, as there have been other (and alternative) implementations. Current
  reader-pcsc.c copypaste does not look like a long-term solution.

you know that code much better than I do. but didn't the cardmod reader
also share a lot of code with pcsc reader driver? IIRC that was the
argument for keeping it in that file, and not creating a new
reader-cardmod.c
file.

Yes, first patch included a new reader-opensccm, I give up this way.


what do you suggest should be done? and is it ok to commit the patch now
and work on it, or does it have to be changed before it gets into svn?

 How do I compile it, where do I download the SDK from? That should be
  documented in the wiki page for example.

he posted some instructions last time. you need the cardmod.h file from
Microsoft CNG Development Kit (plattform SDK might contain it as well),
point configure to it, and you are done. to use it use the reg (older
windows)
or inf (newer windows) files. These contain code for the Westcos cards
as far as I understand, and need to be extended to handle other cards
as well.

Yes for now opensccm-westcos.reg it's a sample for extend to other cards 
(it can be generating I think by exe tool instand of being write once, like
plug your card call : opensc-tool -carmod and use the card under windows).

Opensccm.inf is to be extended with all card/atr managed by opensc (one file

Will be enougth but require HID give by windows for each kind of card) 


btw: François, do you know if several cards can claim one atr?
in that case we could claim all cards - the user can modify opensc.conf
to remove some drivers, thus opensc will not know the card and hopefully
ignore it / leave it to some other software. or can you have only opensc
or some other software installed, but never both?

For exemple, actually, I use Outloock signing email, connect to linux
serveur with puttysc
and opensc-pkcs11.dll and access to secure website with Firefox
(opensc-pkcs11.dll) all with 
my same card managed by opensc core. (this under windows 7).
(When card is in use opensc Connect it with SCARD_SHARE_MODE and work with
it)

When cardmodule is in use each card managed by opensc (and present in .inf
file) that you insert 
is take in account, reading certificats and put it in store ready to be use
by application.


Regards, Andreas
Regards, 
François



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-03 Thread François Leblanc


Sure, I know the case with windows and BaseCSP and why the driver rocks, if
finalized and why it is good and important.

But the way it is included and integrated with the rest of OpenSC should be
discussed. I don't like the idea of putting it on the same level with
libopensc and I don't like the current pcsc driver diff.

To see what it does and to be able to change anything, a doc on how to
compile it is needed (you probably know it and can put necessary links in
the wiki page and save others a hour of googling)

Ok,

For cross compiling you can refer to

http://www.opensc-project.org/pipermail/opensc-devel/2010-January/013162.htm
l

please, use the latest patch I provide.

For CNG :
http://www.microsoft.com/downloads/details.aspx?familyid=1ef399e9-b018-49db-
a98b-0ced7cb8ff6fdisplaylang=en
 
Regards,

François.



smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add card minidriver base on trunk.

2010-02-03 Thread François Leblanc


Hello,

ok. hmm, but if we create an extra dll for the card module, the
original name opensccm might be better. move the file
to cardmod/opensccm.c and create opensccm.dll?
is that ok for you.


Ok, to be more clear I suggest opensc-cardmod.dll...

 dll-s are OK if they have  a purpose, stuffing many interfaces in a
single
  dll could be useable but not necessarily the best idea. A single
interface
  from a single DLL is the easiest concept to grasp for anyone.

yes. but it requires that not only windows can load the dll mentioned
in the registry, but that this dll can load the other dll it depends
on as well. so I guess they all have to be in the path and/or system32
directory (not sure if you can set the path for the logon process,
thus I guess system32 or system64 is the place it needs to be.
hmm, is the logon process on 64bit windows a 64bit application?
then we would need a 64bit card module and depending libraries I guess).


Yes dlls must be in Path, the Path can be update at install process. 


 b) smaller code changes in the current code path.
 
 Current amount of copypaste should be reduced and should not be commited.

sorry, I can't help with that, as I now next to nothing about
reader-pcsc.c.
can you work with François on that?

Ok for me if a convenient solution can be find.

my preference would be to commit the current code (with other directories
/ filenames etc.): the changes to existing code are minimal and cutpaste
issues can be reduced later without affecting other code. 

It's my point of view too.

 Last time I worked with a minidriver you *had* to have the ATR-s your
card
  is willing to handle in the registry. Installer and registry writer
would
  be necessary.

both? ah, ok. 


I don't understand exactly but Installer (.inf file) write registry so in
windows 7
You need only installer (a .inf file) and for Vista you need registry writer
only... 

let my rephrase my question this way:
can you install both a vendors cardmodule and opensc cardmodule
at the same time, or would they conflict?

The link betwin a card and a module dll is made by ATR in registry,
You provide ATR, ATRMask and CSP to use.

I'm not sure but first matching module take the hand on others...

we will need to tell people not only how to register opensc as
card module, but also how to get rid of those registry keys, if
they cause problems for some vendors card module. and maybe also
make sure we don't blindly overwrite registry keys, but notice
if they already exist and handle that somehow.

Oh yes I don't think about that. 

Regards, Andreas


So I plan to:

- Move libopensc/opensccm.c to cardmod/cardmod.c - build opensc-cardmod.dll


- Update code to transmit SCARDHANDLE and SCARDCONTEXT by env to
reader-pcsc.c
In first step I keep actual hack code of reader-pcsc.c and if possible
change it 
to reduce duplicate code.

Are you agree with this?

Martin can you say if it's acceptable for you ?

Andreas ?

Best Regards,
François




smime.p7s
Description: S/MIME cryptographic signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Problems developing with Starcos 2.3

2010-01-27 Thread François Leblanc


I cannot offer more information about my problem since my program doesn't have 
runtime errors or compiled errors, can I?

You can get more information try to configure opensc.conf put debug = 9 
instead of debug = 0.

François.





___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] State of the developpement minidriver opensccm

2010-01-26 Thread François Leblanc




ok. so we would need a pkcs#11 to Crypto api bridge,
so pkcs#11 api applications can use the certificates available
via crypto api.

Oh yes, think it's good idea, I've not see this possibility. In this case 
getting a statically build of libopensc maybe interesting...


trunk is under development, and I guess it will be for a while.
so we can add your patches whenever you want. since the feature
can be turned on/off via configure flags, there is no harm to
add the code early, even if it is still under development.

Very good, so code can be added early and everybody will can improve it...

simply let me know when you think the code could be added and

Ok, I let me do some cleaning first and see to integrate it.

I will commit it (or you can have access to svn and commit it
yourself).

I can do this myself?

Regards

François
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] configure error

2010-01-22 Thread François Leblanc

Hello,

Does someone successfully build opensc with

m4 1.4.13

autoconf 2.65

libtool 2.2.6b

When  I try to run 'autoreconf -ivf' get result:

autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
autoreconf: running: /usr/bin/autoconf --force
configure.ac:100: error: possibly undefined macro: AC_DEFINE
  If this token and others are legitimate, please use m4_pattern_allow.
  See the Autoconf documentation.
configure.ac:248: error: possibly undefined macro: AC_MSG_ERROR
configure.ac:310: error: possibly undefined macro: AC_CHECK_LIB
autoreconf: /usr/bin/autoconf failed with exit status: 1


Someone can help (google search give me a lot of issue like this

but no explain why or howto solve it)

Regards,

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] card minidriver update for windows.

2010-01-22 Thread François Leblanc


Just a correction of my first patch send concerning opensc minidriver for 
windows,

Now work with XP, vista and windows 7 at least with test application.
(for XP don't knows if certificates are loaded on windows container..., for 
vista and 7 certutil command show me certificates on card.)

Work to do:

- Cleaning code.
- Look at pin management and certificate/private key link to improve.
- Improve register key management and .inf file to manage all cards (with 
options to not manage some cards)
- Documentation
- Review licence of files

Not tested:

- Several kinds of card insertion (a westcos and a Cyberflex for example)
- Pinpad reader
- and lot of other future

After this think we can have a first release that maybe submit for adding to 
opensc. Like you can see, the module add only one source code file opensccm.c 
and some code specific on reader-pcsc.c all this only for windows build it's 
not too much.


In future if this working well, add code to update/write card with windows 
cryptographics API, since this first release consider cards read only.



Regards,
François.


opensccm_trunk.patch17.tar.bz2
Description: opensccm_trunk.patch17.tar.bz2
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Add more functions in libopensc.exports

2010-01-18 Thread François Leblanc


Hello,

I wish to add sc_apdu_log, sc_apdu_get_octets and sc_apdu_set_resp to

libopensc.exports but if I do this compilation fail with :


/usr/bin/ld:.libs/libopensc.ver:216: syntax error in VERSION script
collect2: ld returned 1 exit status

Someone can help me?

I need doing this since I wan't to provide a pcsc drivers in separate dll

for cards minidrivers on windows, and need to formatting apdu for transmit

calls


Regards,

François.



___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Add more functions in libopensc.exports

2010-01-18 Thread François Leblanc



On Jan 18, 2010, at 12:28 PM, François Leblanc wrote:
 I wish to add sc_apdu_log, sc_apdu_get_octets and sc_apdu_set_resp to
Why do you want to do that? These are internal functions and should not be 
used outside of libopensc.


 I need doing this since I wan't to provide a pcsc drivers in separate dll
What do you need to change and why the builtin pcsc driver does not work for 
you (or what kind of changes would it need)?


For windows minidrivers to use opensc with standard windows crytographics API I 
need to run opensc with a SCardHandle and ScardContext set by windows and not 
open my own context and handle to the card. To do this I first provide my own 
pcsc driver without connect, disconnect and other I keep mainly transmit 
function. I give the availability to set card handle and so I use my own driver 
with opensc but I need to access to apdu.

If it's not possible, I can add my driver to libopensc and put my code into 
libopensc but anyway I need to add some export function to libopensc.export too 
to give windows access to newly added functions.

It's certainly not clear because it's quite difficult to explain for me in 
english, but if you help me I'll can provide a patch to show why I need so you 
can accept or reject this patch...

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc minidriver for base csp.

2010-01-12 Thread François Leblanc



Hi Jan,

Yes, I've started again to work on this since the begin of year,

I try to make it working with at least version 6 of 'minidrivers'

this should work with windows 7.

I plan to send a patch in few days to show progress and get feed back.

My goal is to have a first release that we can integrate in opensc

and improve (the last version of 'minidrivers' is 7)...

Regards,
François

-Message d'origine-
De : Jan Suhr [mailto:j...@suhr.info]
Envoyé : mardi 12 janvier 2010 18:34
À : François Leblanc
Objet : Re: [opensc-devel] Opensc minidriver for base csp.

Hi Francois!
I read your patch for OpenSC and Windows base CSP from October. It would
be really great to get OpenSC work this way! Do you plan to work on this
patch later on?

Regards
Jan

--
Jan Suhr
OpenPGP key: http://user.cs.tu-berlin.de/~jansuhr/jansuhr.asc
Anonymous e-mail: https://www.awxcnx.de/jansuhr.msg
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Removal of slots from OpenSC core, reader API changes, PCKS#11 updates,

2009-11-26 Thread François Leblanc







Hi.

Hi.

(...)

For me, the most visible result of this patch is running Firefox with 
opensc-pkcs11.so installed in debug mode - polling for slots is replaced 
with a readable log output thanks to C_WaitForSlotEvent and plugging readers 
and cards back and forth actually works. This has been a major usability 
problem for laptop users this far.

Great. I'm on interest.

It also messes with the API as I did not have the intention of making it a 
clean patch but rather clean things up. The hotplugging feature only works 
with PC/SC and only if all connected readers are PC/SC. That's OK for 99.9% 
users on Windows and Mac. And the reason why I suggested to maybe have 
different packages on Linux - libopensc-pcsc, libopensc-openct and 
libopensc-ctapi is that it is not realistic to have the hotpluggin feature 
work with different subsystems.

Any thoughts on this?

I don't known at all openct and ctapi, but if the solution is to separate in 
three module like you say why not. Now the trouble is to maintain this three
modules, like ctapi seems don't have maintainer what about openct. Perhaps it's 
time to drop some useless module and keep only two or better one module, the 
use is no so huge to spend a lot of time for very small use case.

So I suggest to keep only pcsc that is present linux, windows and mac, but
it's my point of view.

François.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Small correction on westcos card.

2009-11-25 Thread François Leblanc

Hello,



I repost the patch to improve pkcs15init on westcos and I add one to correct 
issue on p15emu



detecting empty westcos card like emulated card and not empty pkcs15 card...



If somebody have the hand on svn and can patch for me,



Thank you.



François.





westcos-improve-pkcs15init.patch
Description: westcos-improve-pkcs15init.patch


westcos-p15emu-issue.patch
Description: westcos-p15emu-issue.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] TR: Small correction on westcos card.

2009-11-25 Thread François Leblanc



Hello,

I repost the patch to improve pkcs15init on westcos and I add one to correct 
issue on p15emu

detecting empty westcos card like emulated card and not empty pkcs15 card...

If somebody have the hand on svn and can patch for me,

Thank you.

François.



westcos-p15emu-issue.patch
Description: westcos-p15emu-issue.patch


westcos-improve-pkcs15init.patch
Description: westcos-improve-pkcs15init.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] TR: Small correction on westcos card.

2009-11-25 Thread François Leblanc



-Message d'origine-
De : François Leblanc
Envoyé : mercredi 25 novembre 2009 08:37
À : 'opensc-devel (opensc-devel)'
Objet : TR: Small correction on westcos card.



Hello,

I repost the patch to improve pkcs15init on westcos and I add one to correct 
issue on p15emu

detecting empty westcos card like emulated card and not empty pkcs15 card...

If somebody have the hand on svn and can patch for me,

Thank you.

François.



westcos-improve-pkcs15init.patch
Description: westcos-improve-pkcs15init.patch


westcos-p15emu-issue.patch
Description: westcos-p15emu-issue.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] test

2009-11-25 Thread François Leblanc

Hello,

It's just for testing ...

Bye.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch to make pkcs11 pin cache working

2009-11-20 Thread François Leblanc


What for there are two PIN cache systems?
Why do not use the unique one?

Probably historic reasons...


As for me, the 'p15card-pin_cache[]' system is more attractive.
Somebody have the reasons for the other or for the both ?

I agree, p15card-pin_cache seems more interesting.

François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch to make pkcs11 pin cache working

2009-11-20 Thread François Leblanc



 As for me, the 'p15card-pin_cache[]' system is more attractive.
 Somebody have the reasons for the other or for the both ?

There's another option: take the part that deals with PIN codes in keycache.c 
and make it use libopensc PIN cache and leave the keycache.c in pkcs15init?


The old bridge that currently is left commented out, as said in the commit 
message of changeset 3784, is at 
http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L3070

The simplest and shortest way is to re-implement that piece. But it still 
leaves two issues: 1) no way of using a pinpad for initialization 2) 
separate copies of PIN values without much control (which was the original


I don't understand why pinpad caching mechanism is not compatible with

pinpad readers. The problem that I see is with pkcs11 it's the application

witch asking for pin and call C_Login and after when needing pin again

for internal use you can't ask for pin yourself in pkcs11 module since

you don't known if you have windows or text screen or other...

With pinpad reader you don't have this problem since it's reader interface

that will be used you can ask for pin at any time. The only sad effect is

that you need to provide pin multiple times ( but you don't initialise card

or create object every days so it maybe acceptable ).

Perhaps I miss something with pinpad readers use?

François.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] pkcs11 trouble on 0.12.0-svn

2009-11-18 Thread François Leblanc


Hi there,

Does someone do commands like :

pkcs11-tool -l -O

It fails for me:

error: PKCS11 function C_OpenSession failed: rv = CKR_TOKEN_NOT_PRESENT (0xe0)

but if I do :

pkcs11-tool -T
Available slots:
Slot 4   CEVGroup Software Reader 1
  token label:   westcos (User PIN)
  token manuf:   CEV
  token model:   PKCS#15
  token flags:   login required, PIN initialized, token initialized
  serial num  :  0102030405060708




Martin,

In revision 3845 you merged [3823:3844] to your branche before swapping it to 
trunk

but it seems that 3823 changes was not included in this merge, I've no noticed 
other change

not included.

Could you have a look please.


Regards,
François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] pkcs11 trouble on 0.12.0-svn

2009-11-18 Thread François Leblanc



for me the following works:

./build/bin/pkcs11-tool --module ./build/lib/opensc-pkcs11.so -T
Available slots:
Slot 4   OmniKey CardMan 3121 01 00
...
./build/bin/pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot 4 -l -O
Please enter User PIN:
...

Yes, thank you, work for me too with --slot option.


François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Difference betwen pkcs15-init/pkcs11-tool generate key .

2009-11-18 Thread François Leblanc



I try to use more pkcs11-tool since I guess pkcs11 will be the standard way for 
use opensc

and I can't generate key with pkcs11. I notice that pkcs15-init call 
'sc_pkcs15init_set_callbacks'

and pkcs11-tool not and is why do_get_and_verify_secret fails later.

Does someone use pkcs11-tool to generate key pairs on cards without so-pin, and 
does it works?

François.



___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Difference betwen pkcs15-init/pkcs11-tool generate key .

2009-11-18 Thread François Leblanc



Hum, my first idea it's to add 'sc_pkcs15init_set_callbacks' somewhere in

opensc-pkcs11.dll (in framework-pkcs15.c for example)... but like I'm not a

specialist of pkcs11 I'd rather wait to have opinion of someone who know

what he do. So for the moment I hope pkcs11 expert to have a look.


'pkcs15-init' provide it's own function to get pin and ask for pin when

necessary, for opensc-pkcs11 the pin is given by application so we can't

provide function to ask pin. I think we can cache pin at login and call

'sc_pkcs15init_set_callbacks' to set functions to retrieve pin back but

what about security and so-pin...


François.


-Message d'origine-
De : Aventra development [mailto:developm...@aventra.fi]
Envoyé : mercredi 18 novembre 2009 15:13
À : 'opensc-devel (opensc-devel)'
Cc : François Leblanc
Objet : RE: [opensc-devel] Difference betwen pkcs15-init/pkcs11-tool generate 
key .

Hi!

I have the same issue with 0.11.11 version.. just traced the problem to the
same place.
Any ideas what is wrong?

Regards,
Toni

 -Original Message-
 From: François Leblanc

 I try to use more pkcs11-tool since I guess pkcs11 will be the standard
way
 for use opensc

 and I can't generate key with pkcs11. I notice that pkcs15-init call
 'sc_pkcs15init_set_callbacks'

 and pkcs11-tool not and is why do_get_and_verify_secret fails later.

 Does someone use pkcs11-tool to generate key pairs on cards without
so-pin,
 and does it works?

 François.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Difference betwen pkcs15-init/pkcs11-tool generate key .

2009-11-18 Thread François Leblanc



There are two targets:
1. If a PIN is entered via software, cache it in a single location, usable by 
all layers above libopensc by same mechanism
2. Allow to personalize a card with all PIN-s going through a pinpad.

1. is possible, but 2 via PKCS#11 might be a problem, if a card requires 
several times a PIN for a single operation...


Actually:
- C_Login() caches PIN in one of the p15card-pin_cache[] entries ;
- sc_pkcs15init_authenticate() (in fact do_get_and_verify_secret()) do not 
look for PIN in this cache, but in a global cache (static 'secret *' and 
'named_pin' in keycache.c) .

What is the reason of co-existence of these two caches?

Maybe sc_pkcs15init_authenticate() should look for the PIN in 
p15card-pin_cache[] also ?
IMHO, at least, it will solve the problem for the 'target 1.', and will not 
change the situation for 'target 2.' .



I've seen in docs

If the token has a protected authentication path, as indicated by the 
CKF_PROTECTED_AUTHENTICATION_PATH flag in its CK_TOKEN_INFO being set, then 
that means that there is some way for a user to be authenticated to the token 
without having the application send a PIN through the Cryptoki library. One 
such possibility is that the user enters a PIN on a PINpad on the token itself, 
or on the slot device. Or the user might not even use a PIN-authentication 
could be achieved by some fingerprint-reading device, for example. To log into 
a token with a protected authentication path, the pPin parameter to C_Login 
should be NULL_PTR. When C_Login returns, whatever authentication method 
supported by the token will have been performed; a return value of CKR_OK means 
that the user was successfully authenticated, and a return value of 
CKR_PIN_INCORRECT means that the user was denied access.


for target 2 it will be ok, after provided CKF_PROTECTED_AUTHENTICATION_PATH 
for pinpad readers,

so for target 1 and 2 we can call 'sc_pkcs15init_set_callbacks' and give a 
function witch return

p15card-pin_cache[] value if not null, ask on pinpad readers if it's a pinpad 
reader and error

elsewhere.

What do you think?

François.





















--
Viktor Tarasov  viktor.tara...@opentrust.com
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Small patch to improve wesctos pkcs15init

2009-11-13 Thread François Leblanc


Hi,

If someone have few minutes to patch, (this concern westcos card only)

thank you very much.

François.




westcos-improve-pkcs15init.patch
Description: westcos-improve-pkcs15init.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Small patch to improve wesctos pkcs15init

2009-11-13 Thread François Leblanc




François Leblanc a écrit :
 Hi,

 If someone have few minutes to patch, (this concern westcos card only)

 thank you very much.

 François.


As I have my hands in the source, I've done it.

Cheers,

Jean-Pierre

Thank you Jean-Pierre.

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Small patch to improve wesctos pkcs15init

2009-11-10 Thread François Leblanc

Hello,



I provide a small patch to improve pkcs15init use of profile in westcos card,



Thanks if someone can integrate it in trunk.



François.





westcos-improve-pkcs15init.patch
Description: westcos-improve-pkcs15init.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Release 0.12

2009-10-26 Thread François Leblanc


Hi,


 2. p15emu-westcos.c. Problem: consistent naming. Rest of the emulation
 drivers use pkcs15-name.c As there are pkcs15-foo.c files in src/
 libopensc that deal with other tasks than emulation, maybe push the
 emulation drivers into a subdirectory for clarity?

I'm fine with renames. a subdirectory below src/ ?
(i.e. not src/libopensc/pkcs15emu).

also I would be fine with merging directories, or other bigger strutural
changes. now is a good time to discuss what changes we can do and if
those will help us to structure the code better, make it easier to understand
and maintainer it easier.

Warning, there are pkcs15-westcos.c in pkcs15init dir so if you change the name 
you will have a problem merging pkcs15init into libopensc (is the reason why 
I've kept p15emu-westcos instead of pkcs15-westcos).

More other pkcs15- in libopensc concern emulated cards, so  I suggest to 
rename all pkcs15-.c in libopensc by p15emu-.c and change pkcs15-foo.c 
name (if it deal other than emulation).

(I use both since I have small westcos 2ko without pkcs15 structure inside and 
bigger one where I can put pkcs15 structure... Perhaps other cards can have the 
same so it will be great to keep it possible and have a convention naming that 
let us do it...)

Regards,

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] gcc warnings from opensc code

2009-10-21 Thread François Leblanc


Hi Andreas,


This is a patch to suppress warnings from westcos.

François.



westcos-suppress-warnings-r3782.patch.tar.gz
Description: westcos-suppress-warnings-r3782.patch.tar.gz
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc minidriver for base csp.

2009-10-12 Thread François Leblanc




we could define some new structure with reader parameters to be passed
as third argument and store the values there. still a hack, but I wonder
if that would be cleaner than using the config file code as transport.

not sure, what does everyone else think?

Ok, I see now what you mean.


I saw this
+   BYTE modulus[1024/8];
and thought it would limit the code to 1024 byte keys maybe?

Yes it is why I replace PUBKEYSTRUCT with PUBKEYSTRUCT_BASE
and dynamically allocate memory for the key.. I need to remove PUBKEYSTRUCT.


 I've in mind to generate this file like it done with opensc-install.bat. I
 think it will be necessary if we want to manage all opensc card since you
 have to provide this for each atr card.

ah. can you document in README maybe what registry keys are necessary?
or maybe better a wiki page about the new baseCSP mini driver,
so we have all the information in that central place.

I guess people will want to customize / configure this, or for debugging
will need to check if some other driver claimed some atr opensc wants to
claim too.


Yes it will be necessary for a clean release.


François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc minidriver for base csp.

2009-10-12 Thread François Leblanc




 +//  THIS CODE AND INFORMATION IS PROVIDED AS IS WITHOUT WARRANTY OF ANY
 +//  KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
 +//  IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
 +//  PURPOSE.

I don't see any reason why we are allowed to use it

The licence text also contains:
+//  Copyright (C) Microsoft Corporation.  All Rights Reserved.

Note the All Rights Reserved.. So unless the 4 fundamental rights
(use, study, redistribute, improve) are not _explicitly_ given they
are not given at all.

Please do not add such a file in an OpenSC project.


Perhaps in doubts an internal-cardmod.h should be the best solution.

François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc minidriver for base csp.

2009-10-12 Thread François Leblanc


1. You don't need to check in versioninfo.rc

Ok.

2. I don't understand the empty winscard.h

Since I don't want to modify cardmod.h (it's not my file) and this file
include winscard.h but I don't have winscard.h with my cross compiler tool 
mingw32...

3. If not absolutely required, put opensccm.reg in ANSI format so we
can edit it easily in other platforms. UCS-2 is difficult to maintain.

See my answer to Andreas.

4. Why do you need to install cardmod.h winscard.h, but are needed
only for compilation, right?

Yes, it need to be changed.

5. Why do you need -I$(top_srcdir)/src/common?

Again need to be changed.

6. Please put opensccm.reg in DATA.

7. As it is built only for Windows, you don't need to add LIBADD+=,
SOURCES+= etc...

For cross building I think that is needed.

8. I am not sure we want to actually install testcsp. And if we want
we should use a different distinct name for executable.

Yes this can be keep uninstalled, just build for testing.

François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Opensc minidriver for base csp.

2009-10-08 Thread François Leblanc


Hi,


I've joined a patch to build a windows minidriver useable with basecsp.


This patch produce a dll named opensccm.dll (only for window of course) and a 
binary testcsp.exe

You have to change atr value and put yours on opensccm.reg before to 
register.



I've successfully have certificates in user store of windows and reach secure 
web site with vista

And under XP I've only made signature (testcsp.exe) since certificates are 
not put on windows

store... (don't know why). On Windows XP you have to had basecsp support 
KB909520



This code is not finished, is just for whose are interesting to play with it... 
and help


There are some functionalities to add before to have a basic module:

* Read file log name in register
* Read log level in register too, add log level to all fprintf
* Build opensccm.reg instead of fixed one
*  ...


 There are some functionalities to improve or change:

* Extra parameters in call of sc_context_create
* links between private keys and certificates
* ...


There are many functions waiting to be complete, but for the basic use this 
functions aren't necessary.


Thank for comments (please until maybe an official first release forget 
comment about coding style... this will be correct later)


François.



opensccm_trunk.patch.tar.gz
Description: opensccm_trunk.patch.tar.gz
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] new opensc 0.11.* release?

2009-10-05 Thread François Leblanc


Hi,

shall we create a new opensc 0.11.* release? things to wait for
before we create such a release?

Hi Andreas,

Maybe you should add my patch to permit building opensc without openssl and 
patch from Aktiv Co. Aleksey Samsonov before to make a new release.

This two patch concern the westcos card.

Thanks,

François.



opensc-westcos-without-openssl2.patch
Description: opensc-westcos-without-openssl2.patch


opensc-trunk-r3742_new.diff
Description: opensc-trunk-r3742_new.diff
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] PKCS15 link between certificate and private key...

2009-10-02 Thread François Leblanc


Hi,

   Can someone help, since we can have several certificate for a private 
key, how to retreive associate private key

of a certificate? The ID isn't enougth, I can have a 0145 private key and two 
certificate 0345 and 0346 for example each one

corresponding to my 0145 private key. So if I select 0346 certificate and I 
want to know witch private key is to use corresponding

with this certificate, how can I do?

Thanks for any help.

François.
 
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Implicit PIN change with pinpad reader.

2009-09-24 Thread François Leblanc


Hi,

Don't anything about Portuguese eID but:

 ...

This works perfectly when using a regular reader. When using a pinpad  
reader it works also, but a minor annoyance occurs: the reader asks  
for 4 PINs (instead of the regular 3) and I think this can cause  
confusion to the users.

If I'm not mistaken, 1 PIN is asked  for the SC_PIN_CMD_VERIFY apdu  
and the 3 other PINs are asked for the SC_PIN_CMD_CHANGE apdu.

With your description it seems true.

I've been trying to understand part10_modify_pin_block() in reader- 
pcsc.c, but I still don't know exactly what is needed to change its  
behavior to support correctly this card.


I don't think that the matter is in reader-pcsc.c, I think you should

have a look on Portuguese eID in command  pin_cmd  the SC_PIN_CMD_CHANGE

is probably slip in two parts  SC_PIN_CMD_VERIFY + the SC_PIN_CMD_CHANGE

just disable the SC_PIN_CMD_VERIFY when reader is pinpad capability...



Can anyone help?

Thank you.

João

Hope this can help you,

Regards.
François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Implicit PIN change with pinpad reader.

2009-09-24 Thread François Leblanc



On the document, there are other options explained. One looks promising:

bConfirmPin: 0x01
bNumberMessage: 0x02
Messages seen on Pinpad display: New Pin*, Confirm Pin*

*In these two cases, old PIN is not asked by the Pinpad but do not forget to 
put the old
PIN value in the APDU command.

How do you do this, since you have pinpad reader the pin code should be never 
see by opensc

so it can be put on apdu? The old pin isn't needed in change pin command? 



François.



___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] SCA and snow leopard

2009-09-23 Thread François Leblanc



Is it any way to view the opensc debug logs to see where can be the error?

Thanks


You should have somewhere a file named opensc.conf

Change debug file to something convenient for you:

debug_file = C:\Documents and Settings\All 
Users\Documents\opensc-debug.log;

and 

debug = 9;

Regards,
François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] (no subject)

2009-09-22 Thread François Leblanc

Am Donnerstag 17 September 2009 14:22:26 schrieb François Leblanc:
 This patch to permit to build without openssl and minor coding style change
 for westcos card.

without openssl, is the card usable?

It depends, the westcos 2ko isn't useable without openssl, but the javacard 
with westcos applet and virtual tokens should support hardware cryptographics 
(like westcos XX ko, not still in production) 


I saw the code returns not supported if compiled without openssl, but I don't 
know if those are essential functions, or not.

if the code is not useful without openssl, we could put the
whole into one big #ifdef and also register the driver only
if openssl is available (like some drivers already do).

what do you think?

Like I plan to support westcos applet and virtual westcos token I prefer not to 
change ... 

other changes in the code:
* french to english changes: good
* why was max() macro removed?
  (and why was it #ifndef min ?)

max() was removed because max is unused since Aleksey Samsonov good patch
rewrite some part of code. The cross compiler that I use define the min macro, 
I'll probably need to add a test in configure script...

* removing comments with code / #if 0 code:
  good (I didn't know if these would be needed
  with later addidions or not, but if they are
  not needed in future use, it is good to
  remove them).

I will rewrite it if needed in future, for now like I don't use it I remove 
this part of code.

 I've not found yet how to pakage opensc to be build via build script...
 If someone know

do you want to create windows binaries with the cross compiler?
then the build/ project is the right thing. but I have no experience
with it either. doesn't the readme help?
http://www.opensc-project.org/svn/build/trunk/

Yes I use build tool, the only thing that I haven't understand is that you need 
to build first under linux and use make dist to have opensc-X.X.X.tar.gz file 
necessary to use build script, Alon Bar-Lev explain me and it's work very well 
now. Perhaps this should be write in readme help (like url to get build script) 
if I have some time I will do it...


Regards, Andreas

Regards,
François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] westcos_select_file and iso7816_select_file

2009-09-22 Thread François Leblanc


Thank you, I'll try this.

François.

-Message d'origine-
De : opensc-devel-boun...@lists.opensc-project.org 
[mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Aktiv Co. 
Aleksey Samsonov
Envoyé : lundi 21 septembre 2009 09:38
À : opensc-devel@lists.opensc-project.org
Objet : [opensc-devel] westcos_select_file and iso7816_select_file

Hello!
I propose a patch for src/libopensc/card-westcos.c if it's working.

src/libopensc/card-westcos.c:westcos_select_file:

309:case SC_PATH_TYPE_PATH:
 apdu.p1 = 9;// Why is it needed?  (9 ?)

336:if (file_out != NULL) {
 apdu.resp = buf;
 apdu.resplen = sizeof(buf);
 apdu.le = 255;
 } else {
 apdu.resplen = 0;
 apdu.le = 0;
 apdu.cse = SC_APDU_CASE_3_SHORT;
 }
Is this correct? (See 
http://www.opensc-project.org/opensc/changeset/3700/trunk/src/libopensc 
and 
http://www.opensc-project.org/pipermail/opensc-devel/2009-June/012280.html)
Patch for trunk revision 3741 attached.
Thanks
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] westcos_select_file and iso7816_select_file

2009-09-22 Thread François Leblanc



À : 'Aktiv Co. Aleksey Samsonov'; opensc-devel@lists.opensc-project.org
Objet : Re: [opensc-devel] westcos_select_file and iso7816_select_file


Thank you, I'll try this.

François.

It seems working fine, 

Patch for trunk revision 3741 can be apply.


Thank you Aleksey Samsonov.


François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for Aventra MyEID card

2009-09-17 Thread François Leblanc



also shall we create a new 0.11 release for the two new drivers
or go straight for a new 0.12 release?

Regards, Andreas

Hi Andreas,

I hope to release patch today to make build avalaible without openssl

and change minor coding style... Please wait for this patch before 

to make a new release.


+1 for 0.12 release.

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] (no subject)

2009-09-17 Thread François Leblanc

This patch to permit to build without openssl and minor coding style change for 
westcos card.

I've not found yet how to pakage opensc to be build via build script... If 
someone know

how to do...

François.



opensc-westcos-without-openssl2.patch
Description: opensc-westcos-without-openssl2.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Step to make OpenSC Build

2009-09-17 Thread François Leblanc




Le 17 septembre 2009 12:29, François Leblanc
francois.lebl...@cev-sa.com a écrit :
 Can someone help me, I need to make the current trunk avalaible
 for OpenSC Build , it seems that directory doc/html.out
 should be created but don't know how.. The bootstrap
 and configure scripts don't build it.

You should send a full copy of the commands you used and the results you have.


I use the cross-compilation tool so I think that this question is for

Alon Bar-Lev too.



 What are the step to create opensc package to be used by openscbuild ?

This is a question for Alon Bar-Lev. He is the author of this
cross-compilation tool.




Please, do not send mails in HTML to this list. They look awful. Maybe
you can teach Outlook to use text only.

Sorry (I will prefer to get out of Outlook)) I don't have find yet how

To configure the use of text only in messages for a specific address...


François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Step to make OpenSC Build

2009-09-17 Thread François Leblanc



How did you package the sources?

I guess you:

svn checkout http://www.opensc-project.org/svn/opensc/trunk opensc
cd opensc
autoreconf -ivf
./configure
make
make dist

No,

svn checkout http://www.opensc-project.org/svn/opensc/trunk opensc

cd opensc

./bootstrap

Then make a tar opensc-tar.gz and use build script...

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Step to make OpenSC Build

2009-09-17 Thread François Leblanc




I don't understand, I must build opensc under linux to have

The package that will be used with build script ? That is?

François

So do it properly.

2009/9/17 François Leblanc francois.lebl...@cev-sa.com:


How did you package the sources?

I guess you:

svn checkout http://www.opensc-project.org/svn/opensc/trunk opensc
cd opensc
autoreconf -ivf
./configure
make
make dist


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for westcos card.

2009-09-11 Thread François Leblanc



As a general note, committing new dead code (#if 0 style) should not  
be done. There are some historic instances still present in the code  
which should also be reaped out.

I Agree, I just forward a bad patch without #if removed ...

+1 for the patch.


Yes, this patch seem working fine and it's good work. Thank you for

the provider. It should be apply to trunk.


Some places still need more English.

I will correct this as much quickly as can...

François




___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for westcos card.

2009-09-09 Thread François Leblanc


I've started to write doc/tools/westcos-tool.xml and add a ref to tools.xml:

xi:include href=westcos-tool.xml/


But I don't see westcos-tool in tree menu of html page.

I have missed something?

Thanks,

François.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] Future of opensc.

2009-09-09 Thread François Leblanc



Hello,



It appears that opensc lacks of i18n support (perhaps can I help later 
integrating this).



This support is interesting if and only if the use of opensc is large enougth,



I think that isn't the case actually. Does someone know the number of opensc



users in the world?







It seems for me that priority is to increase user number, two way for



This, make opensc more easy to use and increase application number using it.



In order to increase the use of this soft I plan to make a basecsp using



opensc so every windows applications using cryptographic (by CSP) become



opensc compatible! I think about OpenOffice, Outlook, IE etc... But I can



have time from my company to do this only if westcos card is integrated



since they don't let me working on something that don't use company's



cards it's why I try to add westcos support in opensc.







What do you think about this? Do you think that opensc can become a



standard in cryptographics use?



Does someone have some information about the use of opensc in world?





François.



___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Future of opensc.

2009-09-09 Thread François Leblanc





 In order to increase the use of this soft I plan to make a basecsp  
 using

 opensc so every windows applications using cryptographic (by CSP)  
 become

 opensc compatible! I think about OpenOffice, Outlook, IE etc...
BaseCSP plugin is a great piece of news! If I can help, let me know.

Yes you can help of course, and your help will be welcome.

François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] list moderator

2009-09-08 Thread François Leblanc


Hi there,

Does someone manage this list? I've a message waiting moderator approval since

The patch file joined is more than 40kb...

Regards.

François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for westcos card.

2009-09-08 Thread François Leblanc



Ok for points 1 and 2, I will resend new patchs soon...

For point 3: Sorry it's quite difficult to explain because english is not my 

first language, so windows basecsp (it's the base component to get a CSP 

with it's the windows cryptographic standard working with smartcard) provide 

SCARDCONTEXT and SCARDHANDLE values that you must use. To support opensc in 

a basecsp I need to fix given value of SCARDCONTEXT and SCARDHANDLE in 

libopensc and after this I can call opensc functions (reading certificates, 

sign data etc...). It's more clear? 

Regards,

François.




-Message d'origine-
De : Alon Bar-Lev [mailto:alon.bar...@gmail.com] 
Envoyé : mardi 8 septembre 2009 10:13
À : François Leblanc
Cc : opensc-devel (opensc-devel)
Objet : Re: [opensc-devel] Patch adding support for westcos card.

Few general notes:

1. Please separate the patch, and send every feature as separate one.

2. Please use UNIX line ends.

3. I do not understand (from your description) why the pcsc change is needed.

Regards,
Alon.

2009/9/7 François Leblanc francois.lebl...@cev-sa.com:


 Hi there,



 I submit this patch to be integrated in opensc, this patch provide support
 for 'westcos' card



 (westcos 2k by emulating pkcs15 structure and westcos javacard applet with
 real pkcs15 structure)



 And give the avaibility to fix pcsc card context and handle at the context
 creation (see sc_context_create



 In ctx.c file). This way an application can use already connected card (I
 use this to provide a card minidriver



  Dll in windows environnement, so I can develop a minidriver used by Base
 CSP and use opensc card under



 Windows). This second point may certainly be improve.



 If someone can have a look and apply this patch or tell me correction to be
 made,



 Thank you.



 Regards.







 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for westcos card.

2009-09-08 Thread François Leblanc


As far as I know, basecsp use its own file system structure, hiding
the objects from the mini csp provider.
How do you solve this?


It's my card minidriver witch make the link between base csp file structure

and pkcs15 file structure. Base csp don't work alone, you have to provide a 

dll for your card, in this dll I make memories files answering basecsp calls

like expected (so you haven't to develop all csp functions, just small part 

using card)

François.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for westcos card.

2009-09-08 Thread François Leblanc


Hi,

the license needs to be in english, so I can understand what it says.

Ok, I will put it in English.


currently opensc is under LGPL 2.1+ and we accept code under that license
(and BSD3).

Starting to mix different licenses within one library is not a good idea
I think. so if you want to submit the code as LGPL 3.0+, then we should
discuss if we want to switch opensc to LGPL 3.0+ for the next major
release or not. if we agree to do that we can accept the code, but we
should discuss this first openly, not change the de facto license situation
without dicussion.


It's a mistake from me, I put translated licence that I use elsewhere.

 


other than that the code looks ok, except minor formatting issues
(we use unix line ends with utf-8 or ascii encoding, not iso8859-1
or windows line ends). but that could be fixed with recode.

Some lines are quite long, while it is nice to have max. 80 chars
or even use Lindent (aka indent -npro -kr -i8 -ts8 -sob -l80 -ss -ncs)
that is not required and some code is made quite ugly with it,
so we haven't found the perfect way to make the code look nice and
keep it readable).

Yes I will correct this.


except for these the code looks good.

Regards, Andreas


François.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Patch adding support for westcos card.

2009-09-08 Thread François Leblanc


I will try to add some comments but for now I'm not sure to have 

A lot of time for this but I will try... I would prefer had this 

later. 

Ok for the wiki page I will have a lock.

I don't use  the command line parsing shared tool because I've started

integrating in a stand alone librairie not in opensc source, but later if 

I've some time I will rewrite this part...

westcos-tool is necessary because of westcos card with only

2ko can't have the complete pkcs15 structure and so have only one 

private key and a certificate. We have javacard applet and virtual

software westcos card whitch use opensc tools with complete pkcs15 

structure.

Regards,

François.






-Message d'origine-
De : Andreas Jellinghaus [mailto:a...@dungeon.inka.de] 
Envoyé : mardi 8 septembre 2009 16:51
À : opensc-devel@lists.opensc-project.org
Cc : François Leblanc
Objet : Re: [opensc-devel] Patch adding support for westcos card.

much better. I found a few more small issues:
* can you edit doc/tools/ and document the new tool too?
* can you translate the texts in westcos-tool into english?
  (we don't have i18n and l10n so far in opensc code, but
  you could keep the french texts to and use a -DENGLISH or
  -DFRENCH define to switch)
* check the documentation once more? e.g. in the code you have
  empty comments /* */ where you could write e.g. which define
  ends there. or make sure each new file has a proper summary
  line in the copyright header.

if you want, we have some shared code used by all tools to
do the command line parsing and options etc. that could
be used by westcos-tool too. (but if you want to keep your
stile that is fine for me as well).

later we will need a wiki page to document the card, how
it is supported, where people can buy it, and what they need
to know to use it. for example when should people use the
westcos-tool and when can they use the standard opensc
tools? or what happends if people use opensc-pkcs11.so api
to do the key generation etc/ is there any downside to that?

also I'm not sure what westcos-tool does with the configuration
code and why it is needed. shouldn't a proper new config file
for opensc has everything needed?

Regards, Andreas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

[opensc-devel] TR: Your message to opensc-devel awaits moderator approval

2009-09-08 Thread François Leblanc



I've builded a new patch, is lock in list waiting moderator approval,

if someone can unlock it.

Thank you.

François.


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] OpenSC 0.11.9 and OpenCT 0.6.17 released

2009-07-29 Thread François Leblanc



Great,

If someone can apply joined patch to build script to update latest releases... 

Thank you.

François Leblanc.


-Message d'origine-
De : opensc-devel-boun...@lists.opensc-project.org 
[mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Andreas 
Jellinghaus
Envoyé : mercredi 29 juillet 2009 09:27
À : opensc-de...@opensc-project.org
Objet : [opensc-devel] OpenSC 0.11.9 and OpenCT 0.6.17 released

Today we released new versions of OpenSC and OpenCT:

New in OpenCT 0.6.17, 2009-07-29; Andreas Jellinghaus
* add support for Rutoken ECP (ccid driver)
* small bugfixes

New in OpenSC 0.11.9; 2009-07-29; Andreas Jellinghaus
* New rutoken_ecp driver by  Aktiv Co. / Aleksey Samsonov
* Allow more keys/certificates/files etc. with entersafe tokens
* Updates pkcs11.h from scute fixing warnings
* Small fixes in rutoken driver
* Major update for piv driver with increased compatibility

Please see the changelog for more detailed information.

You will find these new versions as usualy on our website:

http://www.opensc-project.org/files/openct/openct-0.6.17.tar.gz
http://www.opensc-project.org/files/opensc/opensc-0.11.9.tar.gz

Thanks to everyone who contributed to these new releseases with
bug reports, patches, new code, cleanups, testing and help on
the mailing list.

Regards, Andreas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


build-006.patch
Description: build-006.patch
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Software Token

2009-06-11 Thread François Leblanc


I've a soft-token  pkcs11 lib sources building on linux and windows

If you are interested, ask me

Regards

François.

-Message d'origine-
De : opensc-devel-boun...@lists.opensc-project.org 
[mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Benoit 
Badrignans
Envoyé : jeudi 26 mars 2009 16:26
À : opensc-u...@lists.opensc-project.org; opensc-devel@lists.opensc-project.org
Objet : [opensc-devel] Software Token

Hi,

I'm an openSC user and in order to perform tests without breaking
smartcards I'm looking for a pkcs#11 software token.

To my knowledge their is at least 3 suitable implementations :
- soft pkcs#11 : but it just can do anything
- gpkcs#11 : that seems to be abandoned, since last changes was in 2000.
I compile it with the last version of GCC and so I need to modify few
lines of C code. When I finally succeed to compile it, the resulting
pkcs#11 library does'nt work very well : I can list slots and mechanisms
using pkcs11-tool but that's all, when I try to generate or create key
it fails : seg fault :-( . I try to contact the developpers last week
unsuccessfully.
- NSS soft-token that is a part of mozilla project. However it doesn't
work with standard PKCS#11 applications such as pkcs11-tool since
C_initialize must be called using particular parameters : see
https://developer.mozilla.org/en/FC_Initialize

So today I think that there is no software token that can be used with
opensc.
So to solve this problem their is at least 3 solutions :
-1 add an option to pkcs11-tool to allow NSS softtoken to be loaded
-2 make gpkcs#11 working and integrate it into openSC
-3 create a new project of soft-token inside openSC project (maybe by
reusing some parts of gpkcs11 code)

I can help to modify pkcs11-tool for the first solution. But I think
that is not a good solution since mozilla project is a big project and
building only the soft-token seems pretty difficult. So it is not easy
to modify the code of the soft token.
I can help also on gpkcs#11 if you think it should be integrated into
openSC.

Best regards

Benoît Badrignans
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

80 matches

Mail list logo