Re: [opensc-devel] sign error with CardOS on Mac OS X
Hello, Am Dienstag 13 Dezember 2011 schrieb Ludovic Rousseau: Johannes can you attach a pkcs15-crypt --sign log with the same card and same reader on Linux? http://www.uni-giessen.de/~g013/opensc/pkcs15-sign-linux.log The log on Mac was http://www.uni-giessen.de/~g013/opensc/pkcs15-crypt.log @Martin: The effect is the same with Kobil readers. I have a new Xiring reader that supports extended APDU. Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] sign error with CardOS on Mac OS X
2011/12/14 Johannes Becker johannes.bec...@hrz.uni-giessen.de: Hello, Am Dienstag 13 Dezember 2011 schrieb Ludovic Rousseau: Johannes can you attach a pkcs15-crypt --sign log with the same card and same reader on Linux? http://www.uni-giessen.de/~g013/opensc/pkcs15-sign-linux.log The log on Mac was http://www.uni-giessen.de/~g013/opensc/pkcs15-crypt.log I found the source of the difference between Mac and Linux. Mac OS X uses the ccid driver version 1.3.8 (March 2009) Linux uses the latest version. The difference is the patch 4510 [1] from October 2009. The buffer for commands has been increased from 262 bytes to 64 KB. @Martin: The effect is the same with Kobil readers. I have a new Xiring reader that supports extended APDU. The reader does not declare it supports extended APDU. But it supports APDU of up to 512 bytes. It does work on Linux because of a side effect in the CCID driver I just discovered. The mystery is now solved. Thanks for your time. The solution is to upgrade the CCID driver on Mac OS X. Or use a reader with a real support of extended APDU. Bye [1] http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2009-October/004028.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] sign error with CardOS on Mac OS X
Hello, using Firefox on Mac OS X with CardOS cards I get a connection error. Ludovic Rousseau kindly showed me how to track it down to the sign function of opensc 0.12.2: The command pkcs15-crypt --sign --pkcs1 --sha-1 --in sig.in --out sig.out --key 46 produces Compute signature failed: Transmit failed There is no problem on Linux and Windows. There is no problem on Mac OS X with TCOS cards. The verbose output of the pkcs15-crypt command above can be found on http://www.uni-giessen.de/~g013/opensc/pkcs15-crypt.log Regards Johannes ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] sign error with CardOS on Mac OS X
Hello, On Tue, Dec 13, 2011 at 12:51, Johannes Becker johannes.bec...@hrz.uni-giessen.de wrote: using Firefox on Mac OS X with CardOS cards I get a connection error. Ludovic Rousseau kindly showed me how to track it down to the sign function of opensc 0.12.2: I believe this has already been on the list but I don't have the reference at hand. Outgoing APDU data [ 266 bytes] = ... 0x7fff70f32cc0 11:19:18.788 [pkcs15-crypt] reader-pcsc.c:202:pcsc_internal_transmit: 0x0037 00 00:SCardTransmit/Control failed: 0x80100016 You are trying to use extended APDU support (266 bytes) with a reader that does not support it (see the link below). You can try setting max_send_size in opensc.conf to a value that suits you (uncommentig it should work), get a reader that supports extended APDU or help to fix OpenSC so that it would work intelligently in such situations. http://pcsclite.alioth.debian.org/ccid_extended_apdu.html There is no problem on Linux and Windows. Do you use the CCID driver on Linux as well? It should behave the same way. Proprietary Windows driver might do some tricks to implement the extended APDU support. There is no problem on Mac OS X with TCOS cards. They have a different driver and probably don't use extended APDU-s, so this can't be compared directly. Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] sign error with CardOS on Mac OS X
2011/12/13 Martin Paljak mar...@martinpaljak.net: Hello, On Tue, Dec 13, 2011 at 12:51, Johannes Becker johannes.bec...@hrz.uni-giessen.de wrote: using Firefox on Mac OS X with CardOS cards I get a connection error. Ludovic Rousseau kindly showed me how to track it down to the sign function of opensc 0.12.2: I believe this has already been on the list but I don't have the reference at hand. Outgoing APDU data [ 266 bytes] = ... 0x7fff70f32cc0 11:19:18.788 [pkcs15-crypt] reader-pcsc.c:202:pcsc_internal_transmit: 0x0037 00 00:SCardTransmit/Control failed: 0x80100016 You are trying to use extended APDU support (266 bytes) with a reader that does not support it (see the link below). You can try setting max_send_size in opensc.conf to a value that suits you (uncommentig it should work), get a reader that supports extended APDU or help to fix OpenSC so that it would work intelligently in such situations. http://pcsclite.alioth.debian.org/ccid_extended_apdu.html There is no problem on Linux and Windows. Do you use the CCID driver on Linux as well? It should behave the same way. Proprietary Windows driver might do some tricks to implement the extended APDU support. Johannes said it was working fine on Linux. So I did not expect an extended APDU issue. Johannes can you attach a pkcs15-crypt --sign log with the same card and same reader on Linux? I am surprised I works. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
