Hi,
I am using a feitian epass 3000 usb smartcard and I have a problem with
the length of the key id of the RSA private key on the smartcard. This
is what pkcs15-tool reports:
$ pkcs15-tool -k
Using reader with a card: CCID Compatible
Private RSA Key [Private Key]
Com. Flags : 3
Andreas Jellinghaus wrote:
> great. good to see it works for you, so I think the problem in the
> other bug reports was a mistake by the users (often called layer 8 :) ).
>
In order to get it to work I had to do the following:
1) built opensc from svn, I used revision 4216 (the latest stable
re
Anders Rundgren wrote:
> > your third question I did not understand.
>
> ATRs identify the card's type, right?
Sort of, it has characteristics of the card. Google for:
parsing an ATR.
So if you don't want
> to write a card profile but have full freedom on the token side
> the token would n
Hi Aleksey,
Aleksey Samsonov wrote:
> Hello,
>
> Andreas Jellinghaus wrote:
>
>> Am Freitag 16 April 2010 08:51:31 schrieb Aleksey Samsonov:
>>
>>> Hello,
>>>
>>> Jan Just Keijser wrote:
>>>
in opensc-0.11.13/src/pkcs11/openssl.c there's section
106 void
107 sc_p
Hello,
Andreas Jellinghaus wrote:
> Am Freitag 16 April 2010 08:51:31 schrieb Aleksey Samsonov:
>> Hello,
>>
>> Jan Just Keijser wrote:
>>> in opensc-0.11.13/src/pkcs11/openssl.c there's section
>>>
>>> 106 void
>>> 107 sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
>>> 108 {
>
Hi *,
Jean-Michel Pouré - GOOZE wrote:
> On Fri, 2010-04-16 at 18:31 +0200, Andreas Jellinghaus wrote:
>
>> if not we need
>> to debug this in detail and/or talk to the openssl developers
>> to track down and fix this issue.
>>
>
> Do not hesitate to propose them Free PKI developer card a
Am Freitag 16 April 2010 08:51:31 schrieb Aleksey Samsonov:
> Hello,
>
> Jan Just Keijser wrote:
> > in opensc-0.11.13/src/pkcs11/openssl.c there's section
> >
> > 106 void
> > 107 sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
> > 108 {
> > 109 #if OPENSSL_VERSION_NUMBER >= 0x
Am Freitag 16 April 2010 01:16:47 schrieb Jan Just Keijser:
> hi list,
>
> I hate to answer my own question but I think I found it:
>
> in opensc-0.11.13/src/pkcs11/openssl.c there's section
>
> 106 void
> 107 sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
> 108 {
> 109 #if O
On Fri, 2010-04-16 at 18:31 +0200, Andreas Jellinghaus wrote:
> if not we need
> to debug this in detail and/or talk to the openssl developers
> to track down and fix this issue.
Do not hesitate to propose them Free PKI developer card at this address:
http://www.gooze.eu/feitian-pki-free-software
maybe an strace (strace -o strace.log -f -s -tt openssl ... )
will show what is wrong.
if possible put the file on a web page, as it could be huge,
too big for this list. if that isn't possible, compress
it and send it to me only (but no idea when I will be able
to look at it).
what you trie
Am Freitag 16 April 2010 17:07:49 schrieb Dimitrios Siganos:
> Hi,
>
> I have use openssl-1.0.0 and engine_pkcs11 for storing an rsa private
> key in a smartcard (feitian epass 3000). I got openssl to access the rsa
> private key and used it to create a self-signed certificate like this:
ah, fine
Dimitrios Siganos wrote:
> Hi,
>
> I have use openssl-1.0.0 and engine_pkcs11 for storing an rsa private
> key in a smartcard (feitian epass 3000). I got openssl to access the rsa
> private key and used it to create a self-signed certificate like this:
>
> openssl
>
> OpenSSL> engine dynamic \
>
On Fri, 2010-04-16 at 16:07 +0100, Dimitrios Siganos wrote:
> Can someone shed some light into this?
Good question, I would like to know the answer as well.
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu
___
opensc-devel mailing l
Hi,
I have use openssl-1.0.0 and engine_pkcs11 for storing an rsa private
key in a smartcard (feitian epass 3000). I got openssl to access the rsa
private key and used it to create a self-signed certificate like this:
openssl
OpenSSL> engine dynamic \
> -pre SO_PATH:/home/ds/local/lib/engines
Martin Paljak wrote:
> On Apr 16, 2010, at 09:51 , Aleksey Samsonov wrote:
>
>> I commented out the OPENSSL_config(NULL) and now it works ...
>>
>>> should this added as a patch? the FIXME seems to be to *remove* the
>>> explicit call to OPENSSL_config; I can confirm that this works for bo
2010/4/16 Anders Rundgren :
> If you wanted to provide a USB PKI token that would give the user maximum
> flexibility it seems that the device should support CCID.
>
> 1. As I understand,CCID only provides the basic communication and does not
> address higher level issues such as PKI, right?
Yes,
> your third question I did not understand.
ATRs identify the card's type, right? So if you don't want
to write a card profile but have full freedom on the token side
the token would need to use an ATR that belongs to some other
vendor or community.
Does all FIPS201 cards share an ATR or need m
On Apr 16, 2010, at 09:51 , Aleksey Samsonov wrote:
> I commented out the OPENSSL_config(NULL) and now it works ...
>>
>> should this added as a patch? the FIXME seems to be to *remove* the
>> explicit call to OPENSSL_config; I can confirm that this works for both
>> openssl-1.0.0-beta4 and the
On Fri, 2010-04-16 at 09:38 +0200, Anders Rundgren wrote:
> If you wanted to provide a USB PKI token that would give the user
> maximum
> flexibility it seems that the device should support CCID.
Exactly. Most token are supported by OpenCT, which means no security PIN
code. Thus it is recommended
Hi Aleksey,
Aleksey Samsonov wrote:
> Hello,
>
> Jan Just Keijser wrote:
>> in opensc-0.11.13/src/pkcs11/openssl.c there's section
>>
>> 106 void
>> 107 sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
>> 108 {
>> 109 #if OPENSSL_VERSION_NUMBER >= 0x1000L
>> 110 /* FIXME:
Hi Anders,
Anders Rundgren wrote:
> If you wanted to provide a USB PKI token that would give the user maximum
> flexibility it seems that the device should support CCID.
>
> 1. As I understand,CCID only provides the basic communication and does not
>address higher level issues such as PKI, rig
If you wanted to provide a USB PKI token that would give the user maximum
flexibility it seems that the device should support CCID.
1. As I understand,CCID only provides the basic communication and does not
address higher level issues such as PKI, right?
2. Would a token that emulates FIPS201
22 matches
Mail list logo
