Re: [opensc-devel] Help compiling Mac OS 10.7, 10.8 and 10.9 on ONE machine
> I tried that already and could not use VirtualBox because it only allows > Max OS X Server running as guest. I also invested in a VMware licence > and it never worked for the same reasons. I needed to run OSX on a windows host vmware computer to test our smartcard software. AFAIK, You cant install OSX on a VM from the official ISO, but need a fixed/modified image to bypass the...EFI? Currently have 10.5 and 10.6 on vmware o, but considering OSX costs (not hardware!), maybe its easier to have that cheap ones. The reason why i used vmware(player) its cause the USB support was much better than on virtualbox. If you want some help, i cand send you some tips how i did it. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Help compiling Mac OS 10.7, 10.8 and 10.9 on ONE machine
Le jeudi 20 septembre 2012 à 08:58 +0200, helpcrypto helpcrypto a écrit : > AFAIK, You cant install OSX on a VM from the official ISO, but need a > fixed/modified image to bypass the...EFI? > Currently have 10.5 and 10.6 on vmware o, but considering OSX costs > (not hardware!), maybe its easier to have that cheap ones. Thanks for the proposal. I also considered this solution, but using modified images for compiling is not a solution IMHO. I am always afraid it might contain spyware / hoaxes and I only use pristine OSes. I placed a bid for 2 Mac Mini for 300 EUR on eBay and the seller accepted. So it seems that we finally have a solution. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Domain Parameter for ECC Keys
Hi! I cannot answer the question *why* encoding/decoding is done in particular. But some time ago OpenSC's ASN.1 implementation had the limitation to tags on one byte (ec public key is 7f49, I think). So, in a more general note, ASN.1 support in OpenSC could be extended. Or stop reimplementig everything and use something like asn1c, OpenSSL or whatever. For the nPA, I used the latter for encoding ASN.1/TLV. Greets, Frank. On Thursday, September 20 at 01:11AM, Andreas Schwier (ML) wrote: > > Dear all, > > we've come across a strange behaviour of the pkcs15-lib in OpenSC when > we generate an EC key pair: > > After generating an fresh EC key pair, our code returns a > sc_pkcs15_pubkey containing the EC public key and DER encoded domain > parameter. The public key is then encoded in sc_pkcs15init_generate_key > and added to the DF in the framework when it's immediately decoded again. > > During this encode / decode step the domain parameter are lost. > > I'm wondering why this encode / decode step is done ? > > If it is required for some reason, then I would rather encode the public > key in SubjectPublicKey structure that would also preserve the domain > parameter in AlgorithmIdentifier. > > Andreas > > -- > > -CardContact Software & System Consulting >|.##> <##.| Andreas Schwier >|# #| Schülerweg 38 >|# #| 32429 Minden, Germany >|'##> <##'| Phone +49 171 8334920 > -http://www.cardcontact.de > http://www.tscons.de > http://www.openscdp.org > > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > -- Frank Morgner Virtual Smart Card Architecture http://vsmartcard.sourceforge.net OpenPACEhttp://openpace.sourceforge.net IFD Handler for libnfc Devices http://sourceforge.net/projects/ifdnfc pgpEfJU5vdrlL.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Help recognizing a smartcard reader device
Hi, I want to connect a device(an array of smart card reader) with OpenCT remotely, for that I suppose I need to write a reader driver for OpenCT. After writing this It didn't actually recognize my device, besides it I have some constraints: - The device communicates via APDU commands, using strings of hex syntax inside a telnet connection(For example I send A0A4023F00 and the device send me a response 9000). - This device is locate inside a computer with limited resources, doesn't let me install additional packets. Someone can help me integrating this device? Thanks, Bruno Silva ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Domain Parameter for ECC Keys
On 9/19/2012 6:11 PM, Andreas Schwier (ML) wrote: > Dear all, > > we've come across a strange behaviour of the pkcs15-lib in OpenSC when > we generate an EC key pair: > > After generating an fresh EC key pair, our code returns a > sc_pkcs15_pubkey containing the EC public key and DER encoded domain > parameter. The public key is then encoded in sc_pkcs15init_generate_key > and added to the DF in the framework when it's immediately decoded again. > > During this encode / decode step the domain parameter are lost. Looked at PKCS#15 v1.1 section 6.4.3 The value is a EC_PubKeyChoice, that can be a raw ECPoint or a spki SubjectPublicKeyInfo. It looks like the sc_pkcs15_encode_pubkey_ec is just returning the ECPoint. sc_pkcs15_decode_pubkey_ec is also assuming the ECPoint. It looks like that code has never been fully tested, and the above code should be modified to use the spki SubjectPublicKeyInfo if there are domain parameters. With the EC work I have done in OpenSC including writing the above two routines, I have not looked at the pkcs15init code at all, as the PIV card is not a PKCS#15 card but rather the PKCS#15 is emulated, and the emulation layer is base on the decoded entries. The PIV does not use the pkcs15init code at all, but rather a special pivtool can be used for test cards to generate a key. It also turns out that the PIV card does not store a pubkey object at all, but derives the pubkey from the certificate. > > I'm wondering why this encode / decode step is done ? No one has a PKCS#15 cards that support EC to test this part of the code. > > If it is required for some reason, then I would rather encode the public > key in SubjectPublicKey structure that would also preserve the domain > parameter in AlgorithmIdentifier. Can you come up with a patch? > > Andreas > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Request for comment: bringing warnings down to a dull roar
I'm debating whether to submit a pull request on github with patches to reduce gcc's warnings to a minimum (actually, completely eliminated.) However, the patches violate the coding rules by marking unused parameters in static functions -- the "marking" is very explicit and very visible. I also took care of other issues, such as replacing "int" with "size_t" where needed. I should have made the unused param patch separate from the integer conversion and other warnings. Question (and request for comments): Should I submit the pull request, even though the patch would potentially violate the coding conventions? -scooter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Technical Description - Android Embedded SE
http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html Very interesting IMHO. According to the author SD-slots are becoming exceptions also for Android so this is probably what most people will be dealing with. Anders ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
