gt; The reason is that the 3rd party app is often faster to do an
> SCardBeginTransaction() and messes up the card again.
>
> Any bright ideas? Or something obvious that we missed?
>
Of course the 3rd party app might not be built to survive the SIGSTOP and
SIGCONT.
And you should documen
Douglas E. Engert wrote, On 03/16/2010 02:33 PM:
>
>
> Todd Denniston wrote:
>> Douglas E. Engert wrote, On 03/12/2010 10:48 AM:
>>>
>>> Anderson Goulart wrote:
>>>> Hello,
>>>> I am trying to authenticate a user with a smartcard. I am us
in these distros that I have not looked for.
perhaps the patches for smart cards on one of those could be bent to work with
the GDM in OpenSuse.
Hope this helps.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the
ted
into..." followed by something other than "Error powering up card".
Yep... all out of mildly useful suggestions. :)
On Wed, 2009-04-15 at 19:12 -0400, Todd Denniston wrote:
Todd Denniston wrote, On 04/15/2009 06:59 PM:
Ted T. Logan wrote, On 04/15/2009 06:37 PM:
Sor
Todd Denniston wrote, On 04/15/2009 06:59 PM:
Ted T. Logan wrote, On 04/15/2009 06:37 PM:
Sorry for the redundant messages, but pcscd definitely seems to be
working with it:
00049133 eventhandler.c:451:EHStatusHandlerThread() Card inserted into
SCM SCR 3340 ExpressCard54 00 00
0023
ect, issuer, and algorithm shown.
After showing that it will then try to match your CN against the user
databases and verify against the CA databases.
If the X.509s are shown, then CoolKey is working.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power
http://libusb.svn.sourceforge.net/viewvc/libusb/trunk/libusb/linux.c?view=log
|6] http://libusb.wiki.sourceforge.net/Libusb1.0
[7] http://openusb.sourceforge.net/
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfig
, 2008-01-31 at 16:29 -0500, Todd Denniston wrote:
John H. wrote, On 01/31/2008 02:23 PM:
I use libcoolkey to check NMCI mail at https://webmail.nmci.navy.mil
but often, EVERY SINGLE TIME I click on a new link inside the OWA,
despite saving the password, it prompts for user/pass and both are
blank
login to ISA. [As I understand it.]
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
Ludovic Rousseau wrote, On 12/21/2007 08:15 AM:
On Dec 19, 2007 11:57 PM, Todd Denniston
<[EMAIL PROTECTED]> wrote:
When you figure out how to get either a "universal" or a bundle working with
10.5, would you be willing to post a how to here that lets us know:
A) how to
ccid, will there be
conflicts or this one will be replaced?
I hope you are successful, because for something that worked in their last
major OS rev this has taken a fairly long time for apple to fix.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Har
.com/pipermail/muscle/2006-August/005659.html
http://lists.drizzle.com/pipermail/muscle/2006-July/005614.html
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle
sclite/trunk/Drivers/ccid/readers/?rev=0&sc=0
[2]
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2007-March/002663.html
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for t
http://pcsclite.alioth.debian.org/ccid.html#CCID_compliant
and some of them are only around $20.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
M
fies how we will control the computer we are using the CAC from/on.
Making the same assumption that those who create that agreement, which is that
those who signed it have read and will follow the agreement, the computer
should be _reasonably_ secured.
--
Todd Denniston
Crane Division,
uch appreciated.
Thank you,
Keith
Good luck, I don't envy working with your reader.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
these well crafted emails of yours directly to
NSA and the pentagon, that would help all of us more. :)
There I feel better now.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
the ccid driver or lack of.
you might look into trying an updated ccid driver instead of the openct if the
device is supposed to be CCID compliant, and you might want to try the system
in 32 bit mode to see if it is a 32-64 bit problem.
Good luck.
--
Todd Denniston
Crane Division, Naval Surfac
f your VPN client
will load PKCS#11 modules, you can replace the ActivIdentity PKCS#11
module with that library and all should work correctly.
-- Tim
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
Ludovic Rousseau wrote:
2006/12/7, Todd Denniston <[EMAIL PROTECTED]>:
have you looked at the inotify[1] infrastructure?
Not really. I was thinking about using inotify to avoid polling in the
pcscd/libpcsclite communication.
I don't know if inotify can be configured to check only
r
UDEV creates sda I get a notification that sda was created (watching for
create events in /dev).
granted that may mean one more dependency that pcscd has, but at least it
seems small now.
[1] http://en.wikipedia.org/wiki/Inotify
[2] http://inotify-tools.sourceforge.net/
--
Todd Dennist
houldn't be used.
~Iain
Ok,
Did not notice that, so hopefully as the changes they were talking about come
to pass on my distro of the time, it will just work because libusb just works.
Thanks for the correction.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Ha
ge.php?msg_id=12695893
As others surrounding this issue noted, it would be nice if Greg had a list
laying around that explicitly indicated what he was killing and roughly when.
The thread where he said /proc/bus/usb/???/ is now dead, was a little over a
year ago.
--
Todd Denniston
Crane Divis
my case, but one of E or F should show you the one we are
after. The two you are after looking at are the ones with your name in the
subject= field.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
ment,C=US)
DEBUG:cert_vfy.c:41: Couldn't verify Cert: Peer's Certificate issuer is not
recognized.
^
As I expected.
You need to get pam_pkcs11 to recognize your (The DoD) CAs, i.e., `certutil`
or `make_hash_link.sh` (
` and making note of:
A) did it ask for a PIN/Password.
B) if it did (A), did it then spit out 'X.509 certificate found' and a little
later 'certificate is valid'?
would be information needed to debug the situation.
--
Todd Denniston
Crane Division, Naval Surface Warfare Cen
John H. wrote:
they don't seem to know, but did you see that reference on the wiki
w/r to coolkey?
No.
got a URL?
On 11/27/06, Todd Denniston <[EMAIL PROTECTED]> wrote:
John H. wrote:
> http://directory.fedora.redhat.com/wiki/CoolKey
>
> I am currently using libcoo
when I look
a the "Evolution User Manual for 2.6" found at:
http://www.gnome.org/projects/evolution/documentation.shtml
In the S/MIME Encryption section it only talks about using soft certificates.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing th
oblem.
OWA ... well acording to current directives it should require PKI and no
username/password.
firefox ... why can't it remember that for this whole site you want to use
username X and password Y. :)
Yep we ALL have this problem.
--
Todd Denniston
Crane Division, Naval Surface Warf
sed the OWA yet, but IIRC others who have also see the trouble you
are talking about even with IE.
can i somehow get around this or at least have it remember the
user/pass for every click? fc6, but it was doing this on fc5, and now
i have firefox2, and still have the problem.
--
Todd Denniston
-41e3-823f-406986cb80bd/cryptoapi.exe
http://en.wikipedia.org/wiki/Cryptographic_Application_Programming_Interface
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptography_reference.asp
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
what might be more
appropriate than going to debug or logit.
Thanks for the work... with the right script doing the ssh-add's it works
quite well for CAC.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighte
331 "Just Works" with Ludovic's
CCID driver.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
Muscle@lists.musclecard.com
http:
o play with file permissions, of a lot of things.
I think what you are looking for is a combination of:
pam_console
fstab-sync
and HAL
http://freedesktop.org/wiki/Software/hal
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warf
Byron Johnson wrote:
On Tue, 2006-08-29 at 17:34 -0500, Todd Denniston wrote:
export INSTALL_PREFIX=/usr/local
jtdi-byron:/home/magpie/CardReader/ccid-1.1.0 # export PKG_CONFIG_PATH=
$INSTALL_PREFIX/lib/pkgconfig
jtdi-byron:/home/magpie/CardReader/ccid-1.1.0 # pkg-config libpcslite
ation, but I only had to do the above exports to get CCID to configure
and build.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
M
. for some reason I still had to force it when compiling
CFlexPlugin libmusclepkcs11 MCardPlugin by doing:
CFLAGS=`pkg-config libpcsclite --cflags` ./configure ...
On Fri, 2006-08-25 at 11:03 -0500, Todd Denniston wrote:
Allshouse, Brian M CTR NSWCDL, XDT10 wrote:
Look like your compiling
ust include from ld.so.conf.d/*.conf
so you could/should instead.
echo "/usr/local/lib" >> /etc/ld.so.conf.d/usrlocal-i386.conf
[EMAIL PROTECTED] > ldconfig
[EMAIL PROTECTED] > ln -s /usr/lib/pkgconfig /usr/local/lib/pkgconfig
--
Todd Denniston
Crane Division, Naval
Todd Denniston wrote:
Rodrigo Canellas wrote:
Thanks Todd!
I am embaressed to ask this, but where can I get the code with these
corrections?
Grab the code listed in:
http://lists.drizzle.com/pipermail/muscle/2006-August/005659.html
Sorry about that... I forgot that by the time that
patching fun :)
I tried https://alioth.debian.org/projects/muscleplugins/, but I could
not find it there...
some of the debian patches may already be in the svn versions of what is at
alioth, but I am uncertain.
Thanks again!
Todd Denniston escreveu:
Rodrigo Canellas wrote:
Hi,
When I
uild-tree/i386-libc/csu/crti.S:11:
first defined here
collect2: ld returned 1 exit status
How to I get '_fini()' to be executed?
Thanks!
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
there have been a couple of cac updates to coolkey since I got my copy,
but I know this one works.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
M
Timothy J. Miller wrote:
Todd Denniston wrote:
Cool, it would be nice to be able to read a log that is not
disappearing while trying to figure out what is going wrong.
FWIW, RedHat has a bunch of patches against 0.5.3 checked into FC5. Most
interesting is they converted it over from
nk is related to the card logout stuff. I am trying to use pam_pkcs11-0.5.3
so you might have a better version from svn.
changing the crl_online and crl_offline setting algorithms, and I'm
going to make a stab at adding OCSP support. In my copious spare time,
of course. :)
-- Tim
--
gt; /lib/libdl.so.2 (0x0032b000)
libz.so.1 => /usr/lib/libz.so.1 (0x00862000)
Right now I'm just using CoolKey and it seems to work adequately.
I'll be trying that later today, first I have to remove all my current muscle
installed stuff so I know my state.
--
Todd Den
primarily (since it has fewer dependencies, and
requires fewer locally maintained patches).
My partner found that with newer compilers (gcc >3.3) the attached patch was
also needed so that musclecard_fini would be exported by libmusclecard.so.
Without this patch newer gcc's put muscl
y source? and do you have it doing some kind of GDM/console login yet?
This is using PCSC-lite directly, without the Musclecard framework. And
it's worked with the CACs I've thrown at it.
Just FYI.
-- Tim
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC
may also not be needed. musclecard_fini() releases the
"localHContext" which is invalidated.
There will probably be no more follow-ups to these patches since I've
started using CoolKey primarily (since it has fewer dependencies, and
requires fewer locally maintained patches).
SCRx31 USB Smart Card Reader
bcdDevice: 5.18 (firmware release?)
I have had some problems with mine (which happens to be a flashed to 5.18)
where I had to physically unplug and replug the card reader between runs of
pcscd. Hard Reset required????
--
Todd Denniston
Crane Division, Nav
e you Indicating that after October, we will start having yet another applet
to build support for, i.e., the CAC bundle we are grabbing from Apple will not
work with the PIV?
Thanks.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology fo
s
when MSCLogoutAll() is called and return a success et viola! Done.
Perchance, is this related to firefox losing access to the CAC if it is
removed and reinserted while firefox is running? Do you see that
behavior before and/or after your patch?
I believe it has a high probability of bei
data that
is causing the problems.
[1] http://archives.neohapsis.com/archives/dev/muscle/2006-q2/0319.html
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle ma
ter being
called from
main:115
[rv = (*pFunctionList->C_CloseSession) (hSession);]
It looks like the cause is that before calling the while, there is no
verification that (prev !=NULL) and it is.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing
r() Attempting startup of ActivCard
USB Reader 2.0 (50302A3B) 00 00.
readerfactory.c:967:RFBindFunctions() Loading IFD Handler 3.0
pcscd: symbol lookup error:
/usr/local/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so.1.2.4:
undefined symbol: LTPBundleFindValueWithKey
--
Todd Dennisto
Peter Williams wrote:
yes. The hooks into muscle are hardly hidden. Whether those hooks are
modern and viable, is a different question.
Get it from the same source as your CAC. Folks here might be able to be
provide info where your source should him/herself seek out files, etc.
CAC is rela
John Minson wrote:
CENTOS 4.1 fully updated
trying to get a ActivCard, Inc. SmartCard Reader working with a D.O.D
'CAC' card with Firefox
configure/make/install ccid-0.4.1 _/*OK*/_
configure/make/install pcsc-lite-1.2.9-beta9 _/*OK*/_
testpcsc _/*OK*/_
Card ATR: 3B 75 12 00 00 29 05 01
Sara Fonseca wrote:
Hi everyone,
I am new on the smart card subject, and I want to develop my
application in linux. I just want to confirm some stuff.
1) To communicate with a usb smart card reader, all I need is a
PC/SC compliant vendor and to understand and use the PC/SC-lite API ?
Do I need
D.L.Kumar wrote:
hi,
can U please give a specific package for the complete installation of
- smartcard reader SCR331 from SCM microsystems
(I have already tried integrating several core binaries .but in vain)
thanks.
You will need to use the CCID driver w
Philippe C. Martin wrote:
A U3 device (www.u3.com) is a flash drive which allows for applications
installation: you plug the U3 device in the USB port and your
application is available. If the application does its job correctly,
application data is stored on the U3 device, not on the PC.
Th
To summarize the private responses I got, so that others newbs don't have to
wonder:
Todd Denniston wrote:
>
> Dear MUSCLE folks,
> Please help me understand something about the architecture of using smart
> cards.
>
> My understanding was that pcscd used a reader driver
Manufacturer=SCM Microsystems Inc.
S: Product=SCRx31 USB Smart Card Reader
I am using ccid-0.4.1 libusb-0.1.8 pcsc-lite-1.2.0
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
p;release_id=183
from: https://alioth.debian.org/projects/muscleplugins/
[2] https://alioth.debian.org/projects/muscleapps/
[3] http://lists.drizzle.com/pipermail/muscle/2005-May/003833.html
Thank you for the enlightenment.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing
libcrypto back to the distribution version?
Thanks for trying.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
Andrew Pimlott wrote:
>
> On Wed, May 04, 2005 at 08:55:25AM -0500, Todd Denniston wrote:
> > I agree the documentation is a bit confusing, and mostly geared to using
> > just the muscle applet. I do not see you mention getting a token
> > driver/interpreter/bundle/plugin
happen to get it working, please report back to the list on what you
had to do.
[1]
http://darwinsource.opendarwin.org/10.3.2/SmartCardServices-15/src/CACPlugin
I think the current version is:
http://darwinsource.opendarwin.org/10.4/SmartCardServices-31/src/CACPlugin/
--
T
uot; by JOHN BRUNNER lately,
like me?
This IS basically HOW that book suggested tracking everyone, track where
their money is spent, and you know where they are with a margin of error.
Fiction=Reality?
Sorry, I just had to lay that one out in the full open.
Any one know where there is a good Paid
to:[EMAIL PROTECTED]>
Oh, and please don't shout, it gives me a headache.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
n you move to the next higher layer, which could be PAM or
> CSP, etc .
Not needed (at this time :)
>
> Thanks,
> Dave
>
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
___
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
ing with the old pcscd
so I am trying to the new versions of software to work with the card and any
applets on it.
Small grump against the docs I have seen: All the docs available assume that
you have the programming pin for the card and are only loading the muscle
applet, or at least thats the
27; as root? This got me for a while.
Are you using the mscMuscleCard.bundle or commonAccessCard.bundle?
BTW if you can then see your certs in Mozilla or Firefox please let me know.
I can login to the card but it will not show me my certs. I'll drop a better
report to the list shortly, when I have so
2002), should all
versions of muscleframework/libmusclepkcs11 work with it? i.e. is
muscleframework-1.1.5 backwards compatible with older muscle applet, and what
would the limits be? For now I will assume it is.
[1] because I don't have the source from Schlumberger
Thanks for the help guys
Vinnie Moscaritolo wrote:
>
> At 1:33 PM -0500 7/26/04, Todd Denniston wrote:
> >Vinnie,
> >Would you mind telling me what program(s) did you use to get the information
> >out of a CAC card below?
> >Was the CAC card one of the US DOD CAC cards (by active card or
prop x.509 certs
>
> 2) you will have to get the CKA_MODULUS from the certs,
> since the k3,k5 and k7 objects will read zero...
>
> 3) CKA_CLASS is byte wrong endian on CAC cards it seems, something to
> do with Mozilla bug..
>
hlumberger or who ever modified the
pcscd for DOD at that time changed the version string to read
"pcsc-lite version: 2.01 <[EMAIL PROTECTED]>"
and I know the current one I have is only "pcsc-lite version 1.2.0" and is
not extremely old.
--
Todd Denniston
Crane Division
e any better estimates on when (and what
version of) a firmware will be released to fix this? Looking at SMC's
website[1] I am only seeing version 4.13, which is already loaded on my
reader.
[1] http://www.scmmicro.com/security/driverdownloads.html
--
Todd Denniston
Crane Division, Naval S
t I dont
> >want to use ActivCards software. Can I use muscle or some other software
> >to access my CAC card? Is there any list postings dealing with this or any
> >links to how-to's or more info any one knows of?
> >
> >Thanks alot,
> >
> >Jon
--
T
berflex Access 32" on this list?
Note that I am talking about the new NAVY CAC card so it might be a bit
different.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
__
77 matches
Mail list logo