[opensc-devel] pkcs15-tool --read-public-key on Windows 7 64 bit
Hello, the command pkcs15-tool --read-public-key 45 gives the expected output on Windows 7 but triggers a crash message finally: "pcks15-tool.exe funktioniert nicht mehr" which translates to "pcks15-tool.exe doesn't work any more". Other parameters of pkcs15-tool don't produce this annoying nonsense message. I tested with 0.12 and with OpenSC-git20121120225837-win32.msi on Windows 7 (64 bit). Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] sign error with CardOS on Mac OS X
Hello, Am Dienstag 13 Dezember 2011 schrieb Ludovic Rousseau: > Johannes can you attach a "pkcs15-crypt --sign" log with the same card > and same reader on Linux? http://www.uni-giessen.de/~g013/opensc/pkcs15-sign-linux.log The log on Mac was http://www.uni-giessen.de/~g013/opensc/pkcs15-crypt.log @Martin: The effect is the same with Kobil readers. I have a new Xiring reader that supports extended APDU. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] sign error with CardOS on Mac OS X
Hello, using Firefox on Mac OS X with CardOS cards I get a connection error. Ludovic Rousseau kindly showed me how to track it down to the sign function of opensc 0.12.2: The command pkcs15-crypt --sign --pkcs1 --sha-1 --in sig.in --out sig.out --key 46 produces Compute signature failed: Transmit failed There is no problem on Linux and Windows. There is no problem on Mac OS X with TCOS cards. The verbose output of the pkcs15-crypt command above can be found on http://www.uni-giessen.de/~g013/opensc/pkcs15-crypt.log Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, Am Donnerstag 03 November 2011 schrieb Ludovic Rousseau: > So the problem occurs on Mac but not on Linux (or Windows). Exact? Yes. > > If so the bug may not be in OpenSC, but in the libccid provided by > Apple (in 10.6.8 Snow Leopard it is version 1.3.8) or in pcsc-lite > modified by Apple. That's what I guessed too. I have no idea how to change the Apple Software. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, Am Mittwoch 02 November 2011 schrieb Ludovic Rousseau: > Martin is right. OpenSC is sending an extended APDU with a data length > of 00 01 01 = 257 bytes. Changing "max_send_size" didn't make any difference. > Can you run the procedure at [2] so I can check your reader? The logs are http://www.uni-giessen.de/~g013/opensc/KobilKAANAdvanced.txt http://www.uni-giessen.de/~g013/opensc/KobilKAANTribank.txt http://www.uni-giessen.de/~g013/opensc/XiringMyLeo.txt I hope, that my Dell Keyboard Reader doesn't disturb the results. I have a very new Xiring firmware, which works with my cards on Linux and Windows. All 3 readers work with Linux and Windows. They even work with Linux in VirtualBox on Mac OS X. Just Mac OS X itself has a problem with CardOS cards and all the readers. TCOS cards are no problem. Switching off pinpad support doesn't help. Thanks Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Opensc 0.12.2, CardOS, Mac OS X
Hello, while OpenSC 0.12.2 works with our card CardOS V4.3B using Linux or Windows, there is a problem with Mac OS X: The PIN asked. After entering the PIN on the pinpad Firefox asks you to select the certificate, but finally the connection to the web site is not established. A log file produced on Mac OS X 10.6.8 can be found on http://www.uni-giessen.de/~g013/opensc/opensc-OSX-CardOS-debug.log Our TCOS-card works fine with OpenSC 0.12.2. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] opensc-devel archives
Hello, Am Montag 08 August 2011 schrieb Martin Paljak: ... > Reading the e-mail I don't see what is so illegal or confidential in > it that it should be removed either? I thought that too, that's why I made the mistake. But I feel obliged to comply, whatever the reasons might be. By the way, Xiring is the only producer of card readers, that were able to change quickly their firmware, so that the reader works with our cards. I have been in contact with some other companies, that promise to do something about my wishes, but nothing happens. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] opensc-devel archives
Hello, could someone please remove http://www.opensc-project.org/pipermail/opensc-devel/2011-July/016985.html from the opensc-devel archives? I'm sorry, in this e-mail I quoted another e-mail. I shouldn't have done so. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] pkcs15-tool Windows 7 error message
Hello, with Windows 7 (64 bit) and opensc 0.12.2 the command pkcs15-tool --reader 0 --read-public-key 45 gives the right result but afterwards a message from the Windows system pops up: "pkcs15-tool funktioniert nicht mehr" (That translates to "pkcs15-tool doesn't work any more") This is no real problem but annoying to the users. I switched back to good old Smart Card Bundle for the moment. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Pinpad, TCOS card
Hi Peter,
sorry for the delay, I have been out of office.
When I delete the lines 1309-1314, nothing is better with
the TCOS card via Xiring. And the PIN of the CardOS card is not
accepted by firefox despite the fact, that you still can verify it
via opensc-tool.
Below I insert the analysis of my log file by Patrice Martin (Xiring).
I do not know how to test his suggestion, but I think it might also be
the solution for some other card readers that have problems
with the TCOS card.
Grüße
Johannes
---
From: Patrice MARTIN
Indeed, this SPE requests a PIN input from 6 to 16 digits and the screen of the
Myleo
reader supports 12 characters "*" displayed in the bottom line when the user
types his
PIN/PUK on the reader keypad.
Therefore, the SPE is rejected and the PIN is never prompted on the reader.
We noted that using CardOS cards, the behavior of SPE command is different: it
requests
a range of PIN/PUK length below 12 digits.
On your website, it is mentioned that the PIN of the smart card consists of 6
digits
and the PUK consists of 8 digits maximum.
An update of the application, communicating with the smart card, used through
the web
browser could solve this issue: just change the range regarding the length
value of
digits required for the PIN/PUK during SPE command (Verify PIN and Modify PIN)
from 6
to 12. Then, the Myleo reader will enable you to be perfectly used by all the
students
with old and new cards.
Please let me know your comments and feedbacks.
Kind regards,
Patrice
Am Samstag 16 Juli 2011 schrieb Peter Koch:
> Hi Johannes!
>
> 2011/7/15 Johannes Becker
>
> > Hello,
> >
> > I'm testing a new Firmware for the Xiring MyLeo card reader. It
> > will support extended APDU. It works with a CardOS chip, but
> > with a TCOS chip firefox displays quickly the small window asking
> > you to enter the pin on the pinpad several times. You have no chance
> > to do so and there is subsequently no connection to the web site.
> >
> > To help the Xiring developers, does anybody know how to find the crucial
> > point in the log
>
> Here it is:
>
> Control TxBuffer: 1E 1E 02 00 00 10 06 02 FF 00 00 00 00 00 00 05 00 00 00
> 00 20 00 00 00
> -> 00 69 14 00 00 00 00 39 00 00 00 00 1E 02 00 00 10 06 02 FF 00 00 00
> 00 00 00 00 20 00 00 00
> <- 00 80 02 00 00 00 00 39 00 00 00 6B 80
> Control RxBuffer: 6B 80
>
> Your CardOS card has a fixed length PIN format while your TCOS card has a
> variable length PIN format. The PC/SC standard is not precise when it comes
> to secure PIN entry with avariable length PIN format.
>
> Some reader expect just 4 bytes (CLA INS P1 P2) without Le. Some other
> readers insist on getting a 0-Le byte. And very few readers handle both
> cases.
>
> OpenSC uses 5 bytes in the control buffer: 05:00:00:00 is the length
> followed
> by 00:20:00:00:00 with is CLA:INS:P1:P2:Le.
>
> The OpenSC developers could change this to 04:00:00:00 - 00:20:00:00
> and maybe your Xiring-reader will work then. But several other readers
> will stop working with this modification, so I would not suggest to do
> this.
>
> But you can try yourself. In function part10_build_verify_pin_block()
> in file reader-pcsc.c (line 1309-1314) you will find
>
> /* Copy data if not Case 1 */
> if (data->pin1.length_offset != 4) {
> pin_verify->abData[offset++] = apdu->lc;
> memcpy(&pin_verify->abData[offset], apdu->data, apdu->datalen);
> offset += apdu->datalen;
> }
>
> Just remove them and give it a try.
>
> So please tell the Xiring developers to change their firmware such that
> both versions are supported.
>
> And they should use better return codes than 6B:80 (no idea what this
> SW-value is supposed to mean)
>
> Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Pinpad, TCOS card
Hello, I'm testing a new Firmware for the Xiring MyLeo card reader. It will support extended APDU. It works with a CardOS chip, but with a TCOS chip firefox displays quickly the small window asking you to enter the pin on the pinpad several times. You have no chance to do so and there is subsequently no connection to the web site. To help the Xiring developers, does anybody know how to find the crucial point in the log http://www.uni-giessen.de/~g013/opensc/xiring-tcos.log ? Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Windows Installer
Hello, I had a hard time to get the Windows Installer 0.12 working with my Windows 7, 64 bit. I learned that you have to use the x86 installer, probably because Firefox is 32 bit. Then I noticed, that opensc.dll is not replaced properly, if an opensc.dll is left over from an old installation. You have to remove all opensc.dll files by hand. They might be in different system directories. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] opensc-tool, verify, Pinpad
Hello, Am Samstag 18 Juni 2011 schrieb Hans Witvliet: ... > But with some cards it works ... > If i use a pinpad-reader (Xiring in my case) i get an prompt on the > reader, and have to type the ping on the reader-keyboard. With all my readers, even with the Xiring I get OpenSC [3F00]> verify CHV0 Please enter PIN on the reader's pin pad. Unable to verify PIN code: Invalid arguments I tried with TCOS and with CardOS cards. A log is http://www.uni-giessen.de/~g013/opensc/opensc-explorer.txt With firefox the (and the Kobil reader) the PIN entry is fine. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] opensc-tool, verify, Pinpad
Hello, the "verify" command of opensc-tool promises "If key is omitted, card reader's keypad will be used to collect PIN." I doesn't work for me. Is there a way to do it or is this feature not implemented yet? Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Kobil KAAN Advanced Reader, "waiting for card" timeout
Am Sonntag 12 Juni 2011 schrieb MAK: > Hello, > > i have the problem that running "opensc-tool -w -a" gives immediately a > timeout if no card is present in the reader. ... > I am running opensc-0.12.0, pcsc-lite-1.7.2 and ccid-1.4.4 on a FreeBSD > 8.2-RELEASE system. It's the same fault with other readers as well with Debian stable amd64, opensc-0.12.2-svn libpcsclite1 1.5.5-4 libccid 1.4.3-1 On the other hand waiting works on Windows. Also waiting with the perl modules Chipcard::PCSC Chipcard::PCSC::Card works on Linux. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Pinpad, TCOS 2, GemPC, SPR532
Hello, Am Mittwoch 08 Juni 2011 schrieb Martin Paljak: > > Using the GemPlus Pinpad reader, Firefox shows quickly serveral times > > the window telling you to enter the PIN on the Pinpad, but the connection > > to the web servers fails before you have a chance to to anything. ... > How does this reader work in Windows? What you see in Windows is the same. The opensc-debug-log is http://www.uni-giessen.de/~g013/opensc/opensc-tcos-gemalto.log The CardOS chip is fine under Linux and Windows. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Pinpad, TCOS 2, GemPC, SPR532
Hello, the card readers SPR532 (SCM) and GemPC Pinpad USB (Gemalto) work fine with CardOS cards. SPR532 is ok under Linux. With Windows the SPR532 doesn't accept the PIN, when you use opensc. On the other hand, with Peter Koch's middleware it is ok. Using the GemPlus Pinpad reader, Firefox shows quickly serveral times the window telling you to enter the PIN on the Pinpad, but the connection to the web servers fails before you have a chance to to anything. Peter Koch fixed the TCOS 2 driver for opensc 0.12.2, so that it works perfectly with the Kobil readers. It works also with the other readers, if you don't use the Pinpad. I have to logs: 1. opensc debug log, Windows, SPR532 : http://www.uni-giessen.de/~g013/opensc/opensc-SPR532-TCOS.log 2. pcscd log, Linux, GemPlus Pinpad http://www.uni-giessen.de/~g013/opensc/tcos-gemalto-pinpad.txt Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Pinpad Dell Smartcard Keyboard TCOS 2
Hello, Am Mittwoch 01 Juni 2011 schrieb Martin Paljak: > > I have no idea why your SCM reader behaves different under Windows and > > Linux. Does it have old firmware? The installer tells me that the firmware is up to date. I even tried the beta firmware, that I got from SCM. > Probably. SPR532 with latest firmware should work quite OK on Linux, at > least in T=0 mode. Yes, it works on Linux. Windows is the problem. Maybe the fault is with the SCM Windows driver. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Pinpad Dell Smartcard Keyboard TCOS 2
Hello, opensc-0.12.2-svn r5526 works with TCOS2 and CardOS cards using e.g. the Kobil KAAN advanced reader. If i use the reader on the Dell USB Smartcard Keyboard, the pinpad works only with CardOS cards. When I use a TCOS 2 card and ask Firefox to show a site requiring chip card authentication, the pin is asked the usual way on the pinpad, but it is always rejected and the pin is asked again. If I enter a wrong pin, it doesn't set the counter on the chip card for wrong pins. There is a log as required by Ludovic Rousseau: http://www.uni-giessen.de/~g013/opensc/pcscd-tcos-dell-usb.txt May be unrelated, but in effect the same happens with TCOS 2 and the reader SPR532 Chipdrive pinpad pro, if I use Windows XP. Astonishingly this reader has no problems when used via Linux. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.1 RC1 / TCOS2
Hello, Am Montag 30 Mai 2011 schrieb Martin Paljak: > The latest version > should require the use of --module, wiki should be updated. But it > should also fail in an obvious way, showing the help text. Yes, a help text is shown with the first line --module Specify the module to load (mandatory) Sorry, I didn't notice the change. Fortunately pkcs15-tool and opensc-tool don't need the module name. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.1 RC1 / TCOS2
Am Samstag 28 Mai 2011 schrieb Peter Koch: > Johannes, could you please test with version 5508. TCOS2 should > work again. Yes! Thank you, a great relief. I had successful tests with r5526 on Debian 64 squeeze and on Windows XP On Windows 7 (64) the module opensc-pkcs11.dll of r5526 doesn't load in Firefox. > > $ pkcs11-tool -L > > error: Failed to load pkcs11 module > > Aborting. ... > Maybe specifying the module path will helo, i.e. > > pkcs11-tool --module /path/to/opensc-pkcs11.so -L Yes again. With the module path it works, otherwise not. Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.12.1 RC1
Am Freitag 29 April 2011 schrieb Martin Paljak: > > I froze r5409 [1] as OpenSC 0.12.1 RC1. It works with iceweasel (firefox) and CardOS V4.3B It doesn't work with TCOS 2 . This the same with OpenSC 0.12.0, we discussed the problem without a solution last september and probably tracked it down to the missing token flag: login required shown then by pkcs11-tool -L Now the command pkcs11-tool in OpenSC 0.12.1 RC1 doesn't work at all. You get $ pkcs11-tool -L error: Failed to load pkcs11 module Aborting. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Fwd: OpenSC 0.12.0 released / "login required"
Hello, thank you for the release. Just a reminder, that the "login required" bug concerning TCOS2 cards is not fixed yet. The patch http://www.opensc-project.org/opensc/ticket/256 does not add the "login required" flag. Can I be of any help tracing down the problem? Happy New Year! Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] 0.12.0 release date and windows installer
Am Donnerstag 02 Dezember 2010 schrieb Martin Paljak: > > Have you decided on a release date yet for 0.12.0? > > Either today or tomorrow. I tested opensc-0.12.0-rc1 on Debian Squeeze and on Windows XP. There is still the bug with our TCOS 2 Card, described in my e-mail from 2010-09-02 12:21 and in the following discussion. I didn't find any newer versions in the wiki. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / ignored_readers
Hello, it took me some time to reproduce the already described bug: "After some idle time the browser seems to forget completely about the chip card. If you request an encrypted web page, a ssl handshake error is displayed." This happens, if you use "ignored_readers" in opensc.conf. In my example, firefox uses the reader KOBIL EMV CAP - SecOVID Reader III via opensc-pkcs11.dll . The other readers are mentioned as ignored_readers. I analyse a card in the reader KOBIL KAAN Advanced (E_043208292) 02 00 with opensc command line tools. This works intitially without problems. But after a while firefox seems to loose contact with its chip card. sec_error_pkcs11_general_error is displayed by firefox. The debug log is http://www.uni-giessen.de/~g013/opensc/opensc-debug.opensc-0.12.0-svnr-4700.log Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release
Hi, now I detected another flaw in 0.12.0: After some idle time the browser seems to forget completely about the chip card. If you request an encrypted web page, a ssl handshake error is displayed. For production purposes I'm now returning to opensc2 0.11.4-5+lenny1, the last opensc working with both TCOS and CardOS. @Andre: At the moment I'm not testing your patch because of Peter's argument. @Peter & @Andre: If you want me to test, please give instructions. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked
Hello, now I have the opensc-debug logs for pkcs11-tool -L with TCOS opensc version 0.11.13-1 gives token flags: login required, PIN initialized, token initialized http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.11.13-1.log opensc version 0.12.0-svn-r4700 gives token flags: readonly, PIN pad present, token initialized http://www.uni-giessen.de/~g013/opensc/opensc-debug.opensc-0.12.0-svnr-4700.log Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked
Am Montag 06 September 2010 schrieb Martin Paljak: > Hello, > > On Sep 6, 2010, at 2:05 PM, Johannes Becker wrote: > > Am Donnerstag 02 September 2010 schrieb Martin Paljak: > >> Please provide opensc-debug.log for TCOS2 for the failing transaction > >> with 0.12.0. If possible, also the successful log with 0.11.X might > >> help. > > > > The logs are > > http://www.uni-giessen.de/~g013/opensc/report-bug.txt > > http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.11.13-1.log > > http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.12.0-svn-r4647.log > > > > Version 0.12 does not ask for the PIN, 0.11.13 does. > > With which application are you using opensc-pkcs11.so? The application is > never calling C_Login. iceweasel 3.5.11 (aka firefox) > What is the output of pkcs11-tool -L ? > Does it include for your slot: > token flags: rng, readonly, ***login required***, PIN initialized, > token initialized ? Yes, there is the point. "login required" is not shown in version 0.12. opensc version 0.11.13-1 gives $ pkcs11-tool -L Available slots: Slot 0 Dell smart card reader keyboard 00 00 token label: JLU Giessen Card (PIN) token manuf: JLU Giessen token model: PKCS#15 emulated token flags: login required, PIN initialized, token initialized serial num : 901721555454 ... opensc version 0.12.0-svn-r4647 gives $ pkcs11-tool -L Available slots: Slot 4294967295 Virtual hotplug slot (empty) Slot 1 Dell smart card reader keyboard 00 00 token label: JLU Giessen Card token manuf: JLU Giessen token model: PKCS#15 emulated token flags: readonly, PIN pad present, token initialized serial num : 901721555454 Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked
Am Donnerstag 02 September 2010 schrieb Martin Paljak: > > Please provide opensc-debug.log for TCOS2 for the failing transaction with > 0.12.0. If possible, also the successful log with 0.11.X might help. The logs are http://www.uni-giessen.de/~g013/opensc/report-bug.txt http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.11.13-1.log http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.12.0-svn-r4647.log Version 0.12 does not ask for the PIN, 0.11.13 does. Sorry for the late answer. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release
Hello, unfortunately I have to repeat my message about the TCOS2 card: When using opensc-0.12.0-svn-r4647 with our Uni Giessen Card (TCOS 2), firefox presents the certificate to use without asking the PIN. Subsequently the web page called can't be displayed. On the other hand CardOS 4.3 works with that release. There were no problems with opensc 0.11 and TCOS 2. I tested on Debian squeeze. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] How to use just one card of two in Firefox?
Hello, I'm setting up a process for printing the personal information for a chipcard to be handed out. The service person's card is used by firefox for authentication. The card to be handed out is analysed by opensc command line tools. Everything works, but I think, the process that analyses the second card is a bit slow, because firefox with opensc-pkcs11.so also wants to grab the second card. How can I tell opensc-pkcs11.so to ignore the second card completely? Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Kobil Readers and CardOS 4.3 / ccid 1.4.0.
Am Donnerstag 12 August 2010 schrieb Ludovic Rousseau: > Try again with ccid 1.3.13 or 1.4.0. While the Debian experimental package libccid 1.4.0. works on real machines, it doesn't do the job inside Virtualbox. There firefox complains about an unresponsive card. On the other hand, the older libccid works. At the moment this is no problem for me. I thought, It might be interesting. Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] opensc-0.12.0-svn-r4621 and TCOS 2: no PIN
Hello, when using opensc-0.12.0-svn-r4621 with our Uni Giessen Card (TCOS 2), firefox presents the certificate to use without asking the PIN. Subsequently the web page can't be displayed. On the other hand CardOS 4.3 works. Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Kobil Readers and CardOS 4.3
Am Donnerstag 12 August 2010 schrieb Ludovic Rousseau: > Try again with ccid 1.3.13 or 1.4.0. Yes, libccid 1.4.0-1 from Debian experimental does the job. Thank you. Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Kobil Readers and CardOS 4.3
Hello, I could track down the problems with CardOS 4.3 a little bit. The (Uni-Bochum) card doesn't work using the Kobil card readers (KAAN advanced and KAAN t...@ank). On the other hand, using the reader in the Dell Sk-3205 Keyboard the test was successfull on Ubuntu 8.04.4 (opensc 0.11.4) or on Debian squeeze with opensc-0.12.0-svn-r4413 ( a confirmation of Kerstin Horst's e-mail.) My guess is, that libccid has something to do with the affair. Grüße Johannes P.S. 'working' above means getting a web page with firefox. With the Kobil Readers you are asked for the PIN, the PIN is handled correctly, but the web page doesn't show up. Client error message: [opensc-pkcs11] card-cardos.c:259:cardos_check_sw: function/mode not supported [opensc-pkcs11] card-cardos.c:784:do_compute_signature: returning with: Not supported [opensc-pkcs11] sec.c:53:sc_compute_signature: returning with: Not supported [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: sc_compute_signature() failed: Not supported pcscd message: commands.c:1355:CCID_Receive() Nul block expected but got 2 bytes 0013 ifdwrapper.c:722:IFDTransmit() Card not transacted: 612 0005 winscard.c:1675:SCardTransmit() Card not transacted: 0x80100016 /var/log/apache2/ssl_error.log: [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1746): OpenSSL: Loop: SSLv3 read client hello A [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1746): OpenSSL: Loop: SSLv3 write server hello A [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1746): OpenSSL: Loop: SSLv3 write certificate A [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1149): [client 134.176.150.66] handing out temporary 1024 bit DH key [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1746): OpenSSL: Loop: SSLv3 write key exchange A [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1746): OpenSSL: Loop: SSLv3 write certificate request A [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1746): OpenSSL: Loop: SSLv3 flush data [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_io.c(1843): OpenSSL: I/O error, 5 bytes expected to read on BIO#815e30 [mem: 84d840] [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1775): OpenSSL: Exit: error in SSLv3 read client certificate A [Thu Aug 12 13:43:03 2010] [debug] ssl_engine_kernel.c(1775): OpenSSL: Exit: error in SSLv3 read client certificate A [Thu Aug 12 13:43:03 2010] [info] [client 134.176.150.66] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] CardOS 4.3
Am Mittwoch 07 Juli 2010 schrieb kerstin.ho...@uv.ruhr-uni-bochum.de: > > I checked out 0.12.0-svn-r4413. With this version, our cards work again. I checked this on Debian Lenny and got the following error: pkcs11-tool --slot 1 --test --login C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (RUBSIGNCERT) error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) Do I make mistakes while compiling? Is there a dependency not available on Debian? Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] CardOS 4.3
Am Freitag 18 Juni 2010 schrieb Andreas Jellinghaus: > in any case without an opensc debug log file, there is little we can > say about the problem Here comes the log. Opensc under Windows works. The test is attached below. Under Linux (Debian etch) I now have the same opensc version (0.11.4) and pcscd version 1.3.2-5 The command pkcs11-tool --test --pin 123456 > rub-card-opensc-0.11.4-linux.txt gives error: PKCS11 function C_Initialize failed: rv = CKR_DEVICE_ERROR (0x30) Aborting. You'll find the debug log here http://www.uni-giessen.de/~g013/opensc/rub-card-opensc-0.11.4-linux.txt The Uni-Giessen-Card gives no errors. Grüße Johannes -- C:\Programme\Smart card bundle>pkcs11-tool.exe --test --pin 123456 C_SeedRandom() and C_GenerateRandom(): not implemented Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (RUBSIGNCERT) all 4 signature functions seem to work testing signature mechanisms: RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK testing key 1 (2048 bits, label=RUBAUTHCERT) with 1 signature mechanism MD5-RSA-PKCS: OK Verify (currently only for RSA): testing key 0 (RUBSIGNCERT) RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK testing key 1 (RUBAUTHCERT) with 1 mechanism RSA-X-509: OK Key unwrap (RSA) testing key 0 (RUBSIGNCERT) DES-CBC: OK DES-EDE3-CBC: OK BF-CBC: OK CAST5-CFB: OK testing key 1 (RUBAUTHCERT) DES-CBC: OK DES-EDE3-CBC: OK BF-CBC: OK CAST5-CFB: OK Decryption (RSA) testing key 0 (RUBSIGNCERT) RSA-X-509: OK RSA-PKCS: OK testing key 1 (RUBAUTHCERT) RSA-X-509: OK RSA-PKCS: OK Testing card detection Please press return to continue, x to exit: x Testing card detection using C_WaitForSlotEvent Please press return to continue, x to exit: x No errors ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] CardOS 4.3
Am Montag 14 Juni 2010 schrieb Andreas Jellinghaus: > 1.) define a test. > for example "pkcs11-tool --test --login --pin ... --slot ...". I didn't succeed yet in testing all you've proposed. Here an intermediary result. The RUB-Card from Bochum works on windows with http://www.opensc-project.org/files/build/opensc-i686-pc-mingw32-006- base.tar.bz2 , which is opensc 0.11.9 The RUB-Card doesn't work with opensc 0.11.9 on Debian Lenny, while the Uni-Gießen Card (TCOS) is ok with that. I attach the output of the test below. As I've posted earlier, all the opensc builds higher than opensc-i686-pc-mingw32-006 don't work with the Uni-Gießen Card. To be precise, the command line tools work, but opensc-pkcs11.dll doesn't. I didn't find a working configuration for RUB-Card on Linux yet. I wonder if we have major difference between opensc on Linux and Windows. Grüße Johannes -- $ /usr/local/bin/pkcs11-tool --test --pin 123456 C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (RUBSIGNCERT) [opensc-pkcs11] reader-pcsc.c:239:pcsc_transmit: unable to transmit [opensc-pkcs11] apdu.c:394:do_single_transmit: unable to transmit APDU [opensc-pkcs11] iso7816.c:832:iso7816_decipher: APDU transmit failed: Transmit failed [opensc-pkcs11] sec.c:39:sc_decipher: returning with: Transmit failed [opensc-pkcs11] pkcs15-sec.c:125:sc_pkcs15_decipher: sc_decipher() failed: Transmit failed error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] CardOS 4.3
Hello,
I got a card for testing purposes from the Ruhr-Universität Bochum.
It works with Windows, the newest Firefox and opensc-pkcs11.dll from good old
smart card bundle. (opensc 0.11.4).
It doesn't work on Debian Linux Testing (opensc 0.11.13-1).
My impression is, that the problem is not the operating system but the
opensc version. (I will test that later).
How to get it working with a newer opensc?
Regards
Johannes
Here the output of cardos-info :
C:\Programme\Smart card bundle>cardos-info
3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74
Info : CardOS V4.3B (C) Siemens AG 1994-2004
Chip type: 123
Serial number: 29 85 4d 0a 0d 30
Full prom dump:
33 66 00 40 EB EB EB EB 7B FF 29 85 4D 0A 0D 30 3...@{.).M..0
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
OS Version: 200.8 (that's CardOS M4.3b)
Current life cycle: 32 (administration)
Security Status of current DF:
01 .
Free memory : 954
ATR Status: 0x0 ROM-ATR
Packages installed:
Ram size: 4, Eeprom size: 32, cpu type: 66, chip config: 63
Free eeprom memory: 20478
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Netkey 3.0
Hello, when using the NetKey 3.0 card with opensc, Firefox asks for the pin of every installed certificate and after that Firefox doesn't offer any certificate to use for communication with the web server. Is there a way to restrict the choice of certificates to just one? Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] opensc-pkcs11.dll broken
Hello, after some time-consuming test with the files from opensc build I came to the conclusion, that opensc-pkcs11.dll works with Firefox using all versions starting with opensc-i686-pc The last one is dated 29-Jul-2009. The others ( opensc-i686-w32, opensc-i686-w64 ) don't work. On the other hand, the command line tools work in all builds. (At a first glance). I appreciate the windows installer very much. At the moment I'm still distributing the Smart Card Bundle. A lot of our users would be helpless without an installer. So, thanks for the windows installer! - and please include a working opensc-pkcs11.dll. Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.11.11 released today
Hello, when configuring OpenSC 0.11.11 under Debian lenny and squeeze I get PC/SC support: no NSPlugin support:no I have installed libpcsclite-dev (Version: 1.4.102-1) What else do I need? By the way: opensc doesn't work as it comes with Debian squeeze pcsc_scan detects reader and card, but opensc-tool doesn't find the reader. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] group scard, Firefox
Hello, the device for my USB reader has owner 'root' and group 'scard'. I can use the reader without being in group 'scard'. How can I restrict the usage of the reader to users in group 'scard' ? The dilemma arises with Linux machines where you want to restrict the card reader to the one locally at the computer and you don't want those logged in remotely to interfere with the chipcard. -- Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Debian lenny: unplugging the chipcard reader
Hello, using Debian lenny at the moment the card reader has to be plugged in to the USB port while the PC boots. If you plug it in later or if you unplug and plug again, the reader doesn't work. I noticed this only recently. It was ok before. # uname -a Linux be 2.6.26-1-686 #1 SMP Sat Jan 10 18:29:31 UTC 2009 i686 GNU/Linux pcscd Version: 1.4.102-1 libccid Version: 1.3.8-1 opensc Version: 0.11.4-5 -- Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Smart Card Bundle / opensc-i686-pc-mingw32
Alon Bar-Lev schrieb: > These are two separate packages. You should install this on separate > directory. > Some instructions are available at [1]. > ... > [1] http://www.opensc-project.org/build The .exe files work with these instructions, but I couldn't get openpsc-pkcs11.dll installed into Firefox. My guess is, that this is a question of a library path. Perhaps openpsc-pkcs11.dll doesn't find the other .dll files. My method of copying the opensc-i686-pc-mingw32/bin files over an existing Smart card bundle installation helps. (But doesn't feel like being the state of art.) Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Smart Card Bundle / opensc-i686-pc-mingw32
Hello, I couldn't find documentation for how to get Firefox using opensc-i686-pc-mingw32-002-base. I copied the files from opensc-i686-pc-mingw32-002-base over an existing installation of Smart Card Bundle. Firefox works with that. Is there any problem in doing this? Regards, Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] opensc-explorer certificate length ACL
Hello, writing a certificates with opensc-explorer to a TCOS card works, but an additional hex FF is added at the end of the certificate. So you have to create the certificate file on the card being one bit longer than the certificate. Is the additional FF necessary for any application? Wouldn't it be better to leave the certificate as it is? After writing the certificate with opensc-explorer, you can write the next time without entering the PIN. I suppose, the changed ACL is responsible for this. If I write the certificate with the tool from FlexSecure, you have to enter the PIN before you can change the certificate. Can you set the ACL to the original value using opensc-explorer ? Regards, Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] opensc-explorer: no pinpad support (was: A graphical PIN dialog for PKCS#11? )
Am Freitag, 12. September 2008 schrieb Ludovic Rousseau: > Maybe you can add support of a pinpad in opensc-explorer. > The command "change CHVid [old-pin] new-pin" should allow an empty > new-pin if the token has the CKF_PROTECTED_AUTHENTICATION_PATH bit > set. Hello, That didn't work. At the moment opensc-explorer doesn't seem to have pinpad support at all. On the other hand you need to enter the PIN in order to update a certificate. Pinpad support is perfect with pkcs11-tool. Could anybody transport this to opensc-explorer? Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Pinpad -- engine-pkcs11 does it
Am Freitag, 27. Juni 2008 schrieb Franz Brandl: > as far as i remember, the PKCS#11 driver has to use > CKF_PROTECTED_AUTHENTICATION_PATH to indicate to the application that it > shall not prompt for the PIN itself. Seems that this is not the case for > your reader. The question is how OpenSC decides on whether to use the > flag, i am pretty sure it does with other readers. Do you know whether > your KOBIL is accessed via PC/SC or CT-API ? > I suppose PC/SC. I use Debian Lenny with pcscd Version: 1.4.101-2 libccid Version: 1.3.7-1 opensc Version: 0.11.4-3 libpam-pkcs11 Version: 0.6.0-3 libengine-pkcs11-openssl Version: 0.1.4-1 A colleague just now found that while using openssl with libengine-pkcs11-openssl the pinpad responds immediately. So my guess is, that you have to blame pam-pkcs11 and firefox for waiting for a keyboard return. My pam configuration might be wrong. Is there a working example around? Below I enclose my answer to Ludovic Rousseau. I forgot to send it to the list as well. -- Grüße Johannes - Am Freitag, 27. Juni 2008 schrieb Ludovic Rousseau: > > Which PAM are you using with OpenSC? libpam-pkcs11 Version: 0.6.0-3 on Debian Lenny > > Firefox 2 acts similar. If you use the Kobil pksc11 modules instead of > > opensc, the behaviour is as you wish (both on Linux and Windows). > > Do you use the same PAM module or does Kobil provides one? Kobil provides libkpkcs11hash.so / kpkcs11hash.dll for firefox. (Equivalent to opensc-pkcs11.so / opensc-pkcs11.dll) I have no pam modules from Kobil. > > Can you start firefox in debug mode to try to identify the source of > the crash (firefox or opensc)? > This is the protocol from the moment I clicked on the web page requiring the certificate: [New Thread 0xb01ffb90 (LWP 10019)] pure virtual method called terminate called without an active exception Program received signal SIGABRT, Aborted. [Switching to Thread 0xb01ffb90 (LWP 10019)] 0xe410 in __kernel_vsyscall () (gdb) (gdb) (gdb) (gdb) (gdb) (gdb) backtrace #0 0xe410 in __kernel_vsyscall () #1 0xb68acef5 in raise () from /lib/i686/cmov/libc.so.6 #2 0xb68ae871 in abort () from /lib/i686/cmov/libc.so.6 #3 0xb6a98838 in __gnu_cxx::__verbose_terminate_handler () from /usr/lib/libstdc++.so.6 #4 0xb6a966f5 in ?? () from /usr/lib/libstdc++.so.6 #5 0xb6a96732 in std::terminate () from /usr/lib/libstdc++.so.6 #6 0xb6a973d5 in __cxa_pure_virtual () from /usr/lib/libstdc++.so.6 #7 0xb7baebed in ?? () from firefox/libxul.so #8 0xb0289ec0 in ?? () #9 0x0003 in ?? () #10 0xb4fb2268 in ?? () #11 0xb01ff250 in ?? () #12 0x0001 in ?? () #13 0xb7ea95a8 in ?? () from firefox/libxul.so #14 0xb01ff258 in ?? () #15 0xb02b5470 in ?? () #16 0x0003 in ?? () #17 0xb01ff250 in ?? () #18 0x9103f278 in ?? () #19 0xb7edabb7 in free () from firefox/libjemalloc.so #20 0xb79d9b5d in ?? () from firefox/libxul.so #21 0xb02b5470 in ?? () #22 0x in ?? () (gdb) -- Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Pinpad
Hello, I have a Kobil card reader with pinpad. In principle the pinpad works with opensc, but the behaviour generally is a bit confusing. If you use it with pam (for instance su, kdm or gdm) the user is asked to type the PIN at the keyboard, this input is ignored and as soon as you type 'enter' the pinpad beeps and is ready for entering the PIN. It would be nicer to have no keyboard interaction at all. Just the pinpad is enough, so that the users are not tempted to type the PIN on the keyboard. Firefox 2 acts similar. If you use the Kobil pksc11 modules instead of opensc, the behaviour is as you wish (both on Linux and Windows). Firefox 3 starts in a promising way: As soon as you move to a web page requiring a user certificate, the pinpad beeps and you can enter the PIN. Unfortunately Firefox 3 crashes after the PIN is entered (both on Windows and Linux). Firefox 3 works if the pinpad is disabled. Who is to blame for this? The applications like pam or firefox? Or opensc? -- Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Pinpad and Mozilla Firefox
Hello, when I use opensc (both in Linux and Windows) with enable_pinpad = true; in opensc.conf, everything works fine, exept that on visiting a site that requires card authentication at first firefox pops up a window asking for the "master password" (the PIN, as everybody else calls it.) No matter what you enter there, after typing return, the card reader beeps and asks for the PIN. How do you get rid of the firefox pop up window? How do you activate the card reader instantly? (The drivers from Kobil can do that.) Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Pinpad again
Hello, Am Donnerstag, 16. November 2006 14:59 schrieb Ludovic Rousseau: > > What do you use for the authentication in this precise case? Do you > use a PAM module? Which one? /usr/local/lib/security/pam_pkcs11.so I compiled pam_pkcs11-0.5.3 > As Martin said we should correct this. So if you can show us a PAM > module that does not prompt for PIN that would help. Well, nearly every other pam module has to get the password via the keyboard and prompts for it. The only exception I know, is pam_rootok.so which is used in /etc/pam.d/su to allow the root user to become every other user without password. Now, pam_pkcs11.so prints the line Password for token Smartkey Card TypA (globale PIN): and it doesn't use at all what you type at this prompt. After you type the return key, the pinpad awakes and everything works fine. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Pinpad again
Eddy Nigg (StartCom Ltd.) wrote: It requires modification of g/kdm, something we intend to suggest/propose/modify in the future. I guess, you wouldn't have to modify gdm/kdm. My Pinpad beeps and blinks, as soon as the system asks for the PIN. So it would be nice to have no prompt for a keyboard action at all. I get the unneccessary prompts in at least 3 different cases: 1. Authentication with pam_pkcs11.so 2. Using Mozilla Firefox 3. Sign with |pkcs15-crypt Of course I can live with that while testing, but it's impossible to explain how to use the pinpad in this way to several thousand students here... Regards Johannes | ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] pinpad with pam authentication
Hello, I got pam_pkcs11 working. If I use the card reader's pin pad, there is still the prompt to enter the PIN. No matter what you enter, after 'return' the pinpad awakes and you can enter the PIN there. This is a confusing behaviour, especially if you have a graphical login with gdm or kdm. How to get rid off this prompt? -- Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Wrong dialogue to enter PIN at Keypad
Hi, Martin Paljak schrieb: What cardreader? Kobil CT_KAAN Advanced, (CCID) But there is a wrong dialogue to enter the PIN. This is currently so by (missing) design. Firefox has no GUI related knowledge of pinpad readers. Kobil's own drivers provide a special dialogue for pinpad readers using Firefox (even Netscape) But I would prefer the opensc drivers for various reasons. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Wrong dialogue to enter PIN at Keypad
Hello, My cardreader's Keypad works with opensc-0.11.1-svn-r3042, when adding "enable_pinpad = true;" to opensc.conf. But there is a wrong dialogue to enter the PIN. Using firefox you are requested to enter the PIN via the PC's keyboard. As soon as you enter "return", the cardreader beeps and you can enter the PIN there. Using pkcs15-crypt you get the line Enter PIN [globale PIN]: Again, after you enter "return" the cardreader awakes. How do you get rid of these dialogues? Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] PINPad Kobil advanced
Hello, can I get the Pinpad on the reader "Kobil Advanced" working? I use today's pcscd, pcsc-tools, libccid, opensc, libopenct1 from Debian/unstable which seems to be up to date. Everything works with firefox except asking the PIN from the PINPad. Do you have to configure the PINPad somwhere? -- Grüße Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] pcsc_scan V 1.4.5 "Card removed"
Hello, when using pcsc_scan in a terminal, I get messages like Card state: Card removed, But when I'm using pcsc_scan in a script like pcsc_scan > test.out.txt or in perl open (PIPE,"-|", "pcsc_scan"); those messages are missing and I can only detect, if a card is inserted. How can I detect cards being removed? -- Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
