Re: [opensc-devel] Testing
Hello Andreas, On Tue, Oct 2, 2012 at 7:53 PM, Andreas Schwier (ML) andreas.schwier...@cardcontact.de wrote: we've tested the nightly build (OpenSC-git20121002092635-win32.msi) that includes write support for the SmartCard-HSM and found no issues. We've tested with our own PKCS#11 test suite, integration with Firefox 15.0.1 and Thunderbird 15.0.1 on Windows XP SP3. Will there be a new release candidate ? Ok, I will create the tag for release candidate. Andreas -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing
Le mercredi 03 octobre 2012 à 09:17 +0200, Viktor Tarasov a écrit : Ok, I will create the tag for release candidate. Please have a look at this Mac OS X package issue. I don't understand why the package build fails at final stage. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing
I do not have MAC and cannot do the tests myself. If it's a regression, and if you have an access to MAC platform, you could try to determine the commit that introduced this problem. I do not see other way to resolve it . I propose to tag the 'rc1' and wait during certain time for more details or for somebody who is capable to resolve it . Kind regards, Viktor. On Wed, Oct 3, 2012 at 10:14 AM, Jean-Michel Pouré - GOOZE jmpo...@gooze.eu wrote: Le mercredi 03 octobre 2012 à 09:17 +0200, Viktor Tarasov a écrit : Ok, I will create the tag for release candidate. Please have a look at this Mac OS X package issue. I don't understand why the package build fails at final stage. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Testing
Hi Viktor, we've tested the nightly build (OpenSC-git20121002092635-win32.msi) that includes write support for the SmartCard-HSM and found no issues. We've tested with our own PKCS#11 test suite, integration with Firefox 15.0.1 and Thunderbird 15.0.1 on Windows XP SP3. Will there be a new release candidate ? Andreas -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 571 56149 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Testing OpenSC Win32 latest developments
Hello, Is there a way to test OpenSC latest developments for Windows? When I cd to win32, there is an installer_from_build.sh script. Is it functional? Does it require to use Wine under Windows? Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] testing the next ubuntu release
Hi everyone, Ubuntu 10.04 LTS Beta 1 (lucid) is now available on www.ubuntu.org. I did some testing already, and it seems to work fine for the apps I tested. More testing would be very welcome! Also for those of you that want to test firefox with https client certificate authentication, I found out you can do that easily with openssl. See below for details. Regards, Andreas My testing so far: 1.) Version test Package OpenSC Ubuntu Lucid Enginge PKCS#11 0.1.8 0.1.8-2 Lib P11 0.2.7 0.2.7-1 OpenCT 0.6.20 0.6.19-1ubuntu3 OpenSC 0.11.13 0.11.12-1ubuntu2 Pam P11 0.1.5 0.1.5-1build1 Result: Versions ok, latest OpenCT/OpenSC changes with Rutoken S patch missing (but those were released quite late, so ok) 2.) Content check Pam P11 Looks OK Lib P11 HTML Documentation missing api.out missing in source tar.gz Engine PKCS#11 Looks OK OpenCT Looks OK OpenSC HTML Documentation (wiki) missing 3.) Function test Had to use VirtualBox Personal/Evaluation edition: * Virtmanager with KVM and USB devices didn't work out. * VirtualBox OSE doesn't include USB device support. Installed Ubuntu Lucid amd64 beta 1 Desktop (default installation). Installed dselect with apt-get install dselect In dselect installed all openct, opensc, libp11, pam-p11, engine-pkcs11 packages Added my user (ubuntu) to group scard, logout, login again. Plugged in an token (Rainbow iKey 3000), assigned it to the guest VM Run openct-tool list - found! Run /etc/init.d/openct stop; /etc/init.d/openct start Run openct-tool list again - found! Testing with other tokens: * Rainbow iKey 3000OK * Aladdin eToken PRO (4.2B)OK * GemPC KEY with CryptoflexOK, but very slow * SCM SCR 335 OK - Hotplugging seems to work fine. Wow, first Ubuntu release with that? 4.) Test by QuickStart (all tests only once, with an Aladdin eToken PRO 4.2B) Lets test the commands from each projects QuickStart documentation. OpenCT openct-tool list openct-tool atr OpenSC opensc-tool --list-readers opensc-tool --reader 0 --atr opensc-tool --reader 0 --name pkcs15-init --create-pkcs15 --so-pin 12345678 --so-puk 78907890 pkcs15-init --store-pin --auth-id 01 \ --label Andreas Jellinghaus \ --pin 123456 --puk 567890 --so-pin 12345678 pkcs15-init --generate-key rsa/2048 --auth-id 01 \ --pin 123456 --so-pin 12345678 openssl engine dynamic \ -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \ -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD \ -pre MODULE_PATH:opensc-pkcs11.so \ -pre PIN:123456 req -engine pkcs11 -new -key id_45 -keyform engine \ -x509 -out cert.pem -text \ -subj /CN=Andreas Jellinghaus openssl verify -CAfile cert.pem cert.pem pkcs15-init --store-certificate cert.pem --auth-id 01 --id 45 \ --format pem --pin 123456 --so-pin 12345678 pkcs15-tool --dump pkcs11-tool --test --login --pin 123456 Libp11 - no special commands Engine PKCS#11 - already covered Pam P11 : pam_p11_opensc As root: modify pam config for su: auth required pam_p11_opensc.so /usr/lib/opensc-pkcs11.so And create a file with login information (still as root): mkdir ~/.eid chmod 0755 ~/.eid pkcs15-tool -r 45 ~/.eid/authorized_certificates chmod 0644 ~/.eid/authorized_certificates Keep xterm as root open, so you can fix / undo things. Open a new xterm with Alt-F2 and try su from user to root. Pam P11 : pam_p11_openssh Pam config for su: auth required pam_p11_openssh.so /usr/lib/opensc-pkcs11.so mkdir ~/.ssh chmod 0755 ~/.ssh ssh-keygen -D 0 ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys OpenSSH not compiled with ssh support. Firefox Edit / Preferences / ... (load opensc-pkcs11.so as module)
[opensc-devel] Testing a new driver - File not found
Hi everybody Several days ago I wrote a message about testing a new driver. I wrote my new driver over piv driver. Now, I am testing it... My driver uses a pkcs15-emulator. When I use pkcs15-init -C , I get the following message: [pkcs15-init] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 14 bytes] = 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 .. == [pkcs15-init] reader-pcsc.c:173:pcsc_internal_transmit: called [pkcs15-init] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 6A 82 j. ( File not found ) [...] Card does not support the requested operation If I have an emulation layer, this call will not fail... I want to know if I am in right way or I must to change anything. Thank you everybody. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Am Dienstag 12 Mai 2009 09:32:57 schrieb Egon: Hi everybody Several days ago I wrote a message about testing a new driver. I wrote my new driver over piv driver. Now, I am testing it... My driver uses a pkcs15-emulator. When I use pkcs15-init -C , I get the following message: I'm no expert on PIV, but I thought all emulated cards are read-only, i.e. they have no code to change the card (other than maybe change or unblock a PIN). lets say: most emulated cards are national id cards, so you can't change them. not sure if PIV is different, but it would be the first emulated card that can be initialized, to my knowledge at least. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Hi Egon, I think, if you use pkcs15 emulation you can't or didn't need to use pkcs15-init tool, using pkcs15 emulation it's required when cards are uncompatible with real pkcs15 structure so pkcs15-init tool can't use them. Use an another tool to init them or create yours... François. Egon a écrit : Hi everybody Several days ago I wrote a message about testing a new driver. I wrote my new driver over piv driver. Now, I am testing it... My driver uses a pkcs15-emulator. When I use pkcs15-init -C , I get the following message: [pkcs15-init] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 14 bytes] = 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 .. == [pkcs15-init] reader-pcsc.c:173:pcsc_internal_transmit: called [pkcs15-init] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 6A 82 j. ( File not found ) [...] Card does not support the requested operation If I have an emulation layer, this call will not fail... I want to know if I am in right way or I must to change anything. Thank you everybody. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Thank you for your quick response. If I want to test my new driver, I must to write card-CARD.c and pkcs15-CARD.c . With pkcs15-tool can be useful? pkcs11-tool -I can be useful? My card have no pkcs15 structure, but it has an emulation layer. I think that I must to modify my pkcs15-CARD.c in order to select the correct EF in my card that contains pkcs15 data. If I test pkcs11-tool -I I get the following message: [opensc-pkcs11] pkcs15.c:532:sc_pkcs15_bind_internal: unable to enumerate apps: Incorrect parameters in APDU [opensc-pkcs11] pkcs15.c:761:sc_pkcs15_bind: returning with: Unsupported card Cryptoki version 2.11 Manufacturer OpenSC (www.opensc-project.org) Library smart card PKCS#11 API (ver 1.0) Thank you very much. I want to say thank you specially to Andreas Jellinghaus. --- El mar, 12/5/09, Andreas Jellinghaus a...@dungeon.inka.de escribió: De: Andreas Jellinghaus a...@dungeon.inka.de Asunto: Re: [opensc-devel] Testing a new driver - File not found Para: opensc-devel@lists.opensc-project.org CC: Egon lista...@yahoo.es Fecha: martes, 12 mayo, 2009 9:43 Am Dienstag 12 Mai 2009 09:32:57 schrieb Egon: Hi everybody Several days ago I wrote a message about testing a new driver. I wrote my new driver over piv driver. Now, I am testing it... My driver uses a pkcs15-emulator. When I use pkcs15-init -C , I get the following message: I'm no expert on PIV, but I thought all emulated cards are read-only, i.e. they have no code to change the card (other than maybe change or unblock a PIN). lets say: most emulated cards are national id cards, so you can't change them. not sure if PIV is different, but it would be the first emulated card that can be initialized, to my knowledge at least. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Hi Egon, so I get this right: you have a blank card, and you want to write a driver for it, so you can initialize that card, create PINs, create or store keys, store certificates and so on? but you don't want to implement PKCS#15, but some other format instead? I think you need to write a huge amout of code. the basic infrastructure should be already there: pkcs11 has a framework interface, and currently there is only a pkcs15init implementation. you can add an implementation of your own, and link it to your card driver. but note: noone has implemented something like this before, all the emulation drivers we have are read-only so far. good luck! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Sorry, I've done. I've integreated westcos cards. You need to implement a card-xxx.c a pkcs15-xxx.c and to create a tool xxx-tool.c With westcos-tool I use opensc api to write file I need on the card, I use pkcs15-westcos.c to emulate pkcs15 structure for this card and of course card-westcos for interface betwin opensc and westcos card. It is not so hard, but be careful I've started integrating this in librairies (under windows) and this not work with vista due to memory management (all malloc, calloc must be free in same process and opensc don't care of this). I put my work like internal card module and build completly opensc (cross compiling under linux) and it seem to work. For now I try to get avaibility to build on windows with virtual linux... (I use qemu and a debian distribution) The more difficult is to build completly opensc under linux with your code but if you are under linux it's quite easy. So go and if you need some help... Good luck. François. Andreas Jellinghaus a écrit : Hi Egon, so I get this right: you have a blank card, and you want to write a driver for it, so you can initialize that card, create PINs, create or store keys, store certificates and so on? but you don't want to implement PKCS#15, but some other format instead? I think you need to write a huge amout of code. the basic infrastructure should be already there: pkcs11 has a framework interface, and currently there is only a pkcs15init implementation. you can add an implementation of your own, and link it to your card driver. but note: noone has implemented something like this before, all the emulation drivers we have are read-only so far. good luck! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Hi Andreas and François and everybody! Thank you for your quick response. I have already initialized the card, this one have no pkcs15 structure, but I can create a few EFs into a DF. I think that I can implement a file system into a large EF and I will use it to store all pkcs15 structure. This option can be dangerous in security ways, because I must to set read only access to this EF that contains the filesystem and a person can do an image from my filesystem and compromise it. I made several changes to pkcs15-syn in order to register the new driver. I added to opensc in builtin mode in a linux system. I have a filesystem coded in C++, can I use it with opensc? Could be any problem with this change ? I have seen that opensc is coded in C, can I change Makefile from gcc to g++? Thank you very much, regards. --- El mar, 12/5/09, Andreas Jellinghaus a...@dungeon.inka.de escribió: De: Andreas Jellinghaus a...@dungeon.inka.de Asunto: Re: [opensc-devel] Testing a new driver - File not found Para: Egon lista...@yahoo.es CC: opensc-devel@lists.opensc-project.org Fecha: martes, 12 mayo, 2009 11:39 Hi Egon, so I get this right: you have a blank card, and you want to write a driver for it, so you can initialize that card, create PINs, create or store keys, store certificates and so on? but you don't want to implement PKCS#15, but some other format instead? I think you need to write a huge amout of code. the basic infrastructure should be already there: pkcs11 has a framework interface, and currently there is only a pkcs15init implementation. you can add an implementation of your own, and link it to your card driver. but note: noone has implemented something like this before, all the emulation drivers we have are read-only so far. good luck! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Egon wrote: Hi everybody Several days ago I wrote a message about testing a new driver. I wrote my new driver over piv driver. Now, I am testing it... My driver uses a pkcs15-emulator. The piv driver was never designed to work with pkcs15-init. as the card is not file based, and in normal use, OpenSC would only use the card, not initialize one. So you may have to add a lot of code if you need pkcs15-init. But for testing with beta PIV cards, the piv-tool.c was written to generate a key on the card (and retrieve the public key at the same time). OpenSSL with engine can be used to get a request signed, and the piv-tool can then load the cert on to the card. When I use pkcs15-init -C , I get the following message: [pkcs15-init] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 14 bytes] = 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 .. == [pkcs15-init] reader-pcsc.c:173:pcsc_internal_transmit: called [pkcs15-init] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 6A 82 j. ( File not found ) [...] Card does not support the requested operation If I have an emulation layer, this call will not fail... I want to know if I am in right way or I must to change anything. Thank you everybody. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Testing a new driver
Hi everybody Several days ago, I wrote a message in order to know how can I write a new driver for opensc. Now I have a alpha version of this driver and I want to test it in my machine. I have Ubuntu with opensc package installed. I have opensc-11.0.6 release too, I made changes into this version of opensc and I want to test it. How can I test my new driver? I recompiled all library and I added opensc-pkcs11.so to firefox in order to test with it. Must I restart pcsc service? What actions could I do? Thank you very much ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver
Hi Egon, I suggest you install your modified version of opensc into some directory other than /usr (e.g. /home/egon/my-opensc-build or /opt/my-opensc-build) and then a) change PATH and LD_LIBRARY_PATH to include those bin and lib directories at the beginning, so your modified opensc binaries and libraries are found first. and b) change firefox, remove the old opensc-pkcs11.so module from /usr/lib/ and instead use the one from /my-opensc-build/lib you do not need to restart pcscd, but you need to completely close and restart all applications using opensc-pkcs11 such as firefox. start firefox not via some button or mouse click, but in the text terminal on command line, where you changed the PATH and LD_LIBRARY_PATH first. good luck! Regards, Andreas p.s. you could also create your own modified *.deb file and install that, but this requires knowledge about the debian/ubuntu packaging process, so I guess you don't want to start with that. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
Nils Larsch wrote: Douglas E. Engert wrote: Lars Silvén wrote: Douglas, You got to have a reader capable of extended APDU. Then no chaining is needed since the commands may exceed 256 bytes. Well what if I don't have a reader that is capable of extended APDU, buy another one ? Ubuntu 7.04 with the distributed libpcsclite-1.3.3-1 and ccid-1.2.1ubuntu1 and Solaris 10 with compiled pcsc-lite-1.4.4 and ccid-1.3.0 both now do the extended ADPU with the PrimeCard and opensc-0.11.4-rc1 The issue appears to have been with the older versions of the ccid driver distributed with the previous version of Ubuntu. can the card do chaining in some other way? afaik no Looking at card.c:sc_detect_apdu_cse there is no check if the reader is capable of extended APDU should there be? is there a reliable way to detect this ? I think with the CCID there is some, but I don't know if PCSC or OpenCT can pass that back to to OpenSC. Nils -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
2007/8/22, Douglas E. Engert [EMAIL PROTECTED]: Nils Larsch wrote: Douglas E. Engert wrote: Looking at card.c:sc_detect_apdu_cse there is no check if the reader is capable of extended APDU should there be? is there a reliable way to detect this ? I think with the CCID there is some, but I don't know if PCSC or OpenCT can pass that back to to OpenSC. My CCID driver does not provide this information. After reading the list of possible attributes [1] I do not find something that could match what we need. Maybe we could use a proprietary tag like SCARD_ATTR_MAX_APDU_SIZE. That would somewhat duplicate SCARD_ATTR_MAXINPUT used by my CCID driver to report the maximum length of a command (used in T=0). I don't know if anybody already used SCARD_ATTR_MAXINPUT. bye [1] http://msdn2.microsoft.com/en-us/library/aa379559.aspx -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
While testing a pkinit with a PrimeCard, It tries to send a 266 byte APDU and PCSC failed. I suspect that the block should be chained. Is the logic at iso7816.c:812 iso7816_decipher correct for chaining? stderr: [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:215:pcsc_internal_transmit: SCardTransmit failed: Insufficient buffer. [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:255:pcsc_transmit: unable to transmit [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:394:do_single_transmit: unable to transmit APDU debug: [opensc-pkcs11] ../../../src/src/libopensc/card-cardos.c:746:cardos_set_security_env: returning with: 0 [opensc-pkcs11] ../../../src/src/libopensc/sec.c:67:sc_set_security_env: returning with: 0 [opensc-pkcs11] ../../../src/src/libopensc/sec.c:35:sc_decipher: called [opensc-pkcs11] ../../../src/src/libopensc/iso7816.c:797:iso7816_decipher: called [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:516:sc_transmit_apdu: called [opensc-pkcs11] ../../../src/src/libopensc/card.c:285:sc_lock: called [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:184:sc_apdu_log: Outgoing APDU data [ 266 bytes] = 00 2A 80 86 00 01 01 00 00 01 FF FF FF FF FF FF .*.. FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A .0!0...+ 05 00 04 14 0A 49 25 E1 6F 03 25 A9 90 BB 8E AC .I%.o.%. 66 3F 5C 2E D8 05 32 0C 01 00 f?\...2... == [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:175:pcsc_internal_transmit: called [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:282:refresh_slot_attributes: called -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
Douglas, You got to have a reader capable of extended APDU. Then no chaining is needed since the commands may exceed 256 bytes. Lars Douglas E. Engert wrote: While testing a pkinit with a PrimeCard, It tries to send a 266 byte APDU and PCSC failed. I suspect that the block should be chained. Is the logic at iso7816.c:812 iso7816_decipher correct for chaining? stderr: [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:215:pcsc_internal_transmit: SCardTransmit failed: Insufficient buffer. [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:255:pcsc_transmit: unable to transmit [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:394:do_single_transmit: unable to transmit APDU debug: [opensc-pkcs11] ../../../src/src/libopensc/card-cardos.c:746:cardos_set_security_env: returning with: 0 [opensc-pkcs11] ../../../src/src/libopensc/sec.c:67:sc_set_security_env: returning with: 0 [opensc-pkcs11] ../../../src/src/libopensc/sec.c:35:sc_decipher: called [opensc-pkcs11] ../../../src/src/libopensc/iso7816.c:797:iso7816_decipher: called [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:516:sc_transmit_apdu: called [opensc-pkcs11] ../../../src/src/libopensc/card.c:285:sc_lock: called [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:184:sc_apdu_log: Outgoing APDU data [ 266 bytes] = 00 2A 80 86 00 01 01 00 00 01 FF FF FF FF FF FF .*.. FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A .0!0...+ 05 00 04 14 0A 49 25 E1 6F 03 25 A9 90 BB 8E AC .I%.o.%. 66 3F 5C 2E D8 05 32 0C 01 00 f?\...2... == [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:175:pcsc_internal_transmit: called [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:282:refresh_slot_attributes: called ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing OpenSC-0.11.4-rc1 with cardos-PrimeCard
2007/8/21, Douglas E. Engert [EMAIL PROTECTED]: While testing a pkinit with a PrimeCard, It tries to send a 266 byte APDU and PCSC failed. I suspect that the block should be chained. Is the logic at iso7816.c:812 iso7816_decipher correct for chaining? stderr: [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:215:pcsc_internal_transmit: SCardTransmit failed: Insufficient buffer. [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:255:pcsc_transmit: unable to transmit [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:394:do_single_transmit: unable to transmit APDU Do you also have the logs from pcscd? bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel