Re: [opensc-devel] Entersafe driver has no write support?
Le mardi 27 septembre 2011 à 20:28 +0200, Stef Walter a écrit : If it can't be fixed, then does anyone have any other recommendations for cards that are well rounded OpenSC cards that I can develop against? Dear Stef, We are just releasing the ePass2003 and we want to make it the ultimate token for Free Software developers and users: http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit So we will find a solution. Stay tuned I will get back to you shortly. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Entersafe driver has no write support?
On 09/28/2011 08:11 AM, Jean-Michel Pouré - GOOZE wrote: However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED when calling the PKCS#11 C_CreateObject method. It looks like the Entersafe driver doesn't support write operations. Am I misreading something? In card-entersafe.c in the sc_get_driver() function it sets both ops.write_binary and ops.delete_file to NULL. Dear Stef, No support of delete operations is normal, it is a security measure to ensure that an object cannot be overwritten by an attacker. But PKCS#11 C interface should support writing objects. For example, Firefox manager allows importing of entersafe objects using PKCS#11. I found the source of the problem. We first have to perform C_CreateObject for the CKO_PRIVATE_KEY and then running C_CreateObject for a matching certificate will work. Is this fragility necessary, or is it something that we should try to fix in opensc? Cheers, Stef ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Entersafe driver has no write support?
On 9/28/2011 3:07 AM, Stef Walter wrote: On 09/28/2011 08:11 AM, Jean-Michel Pouré - GOOZE wrote: However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED when calling the PKCS#11 C_CreateObject method. It looks like the Entersafe driver doesn't support write operations. Am I misreading something? In card-entersafe.c in the sc_get_driver() function it sets both ops.write_binary and ops.delete_file to NULL. Dear Stef, No support of delete operations is normal, it is a security measure to ensure that an object cannot be overwritten by an attacker. But PKCS#11 C interface should support writing objects. For example, Firefox manager allows importing of entersafe objects using PKCS#11. I found the source of the problem. We first have to perform C_CreateObject for the CKO_PRIVATE_KEY and then running C_CreateObject for a matching certificate will work. Is this fragility necessary, or is it something that we should try to fix in opensc? Its not an OpenSC issue. You can have PKCS#11 private key objects independent of any cert objects. So the PKCS#11 caller needs to do two operations. Cheers, Stef ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Entersafe driver has no write support?
On 09/28/2011 04:14 PM, Douglas E. Engert wrote: Its not an OpenSC issue. You can have PKCS#11 private key objects independent of any cert objects. So the PKCS#11 caller needs to do two operations. Right, obviously. What I meant was that currently you can't store a certificate via PKCS#11 until a key (from what I can tell: a matching key) has been stored. Cheers, Stef ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Entersafe driver has no write support?
Hi all, I'm working on support for viewing and basic management of smart cards in Seahorse. For the initial round had planned to use the Gooze Feitan smart cards to develop against and test. However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED when calling the PKCS#11 C_CreateObject method. It looks like the Entersafe driver doesn't support write operations. Am I misreading something? In card-entersafe.c in the sc_get_driver() function it sets both ops.write_binary and ops.delete_file to NULL. Is it really the case that these cards can't be written to by the PKCS#11 driver? Is this something that can be fixed, or are the cards designed this way? If it can't be fixed, then does anyone have any other recommendations for cards that are well rounded OpenSC cards that I can develop against? Cheers, Stef ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel