Anders Rundgren wrote:
> I'm asking because Peter's idea
I think Jim deserves most of the credit. :) I just continued on the
chain of thought from you seeking a token to my questioning APDUs to
Jim's research and his comment about "something closer to pkcs11" to
land on USB/PKCS11.
> to emulate
Andreas Jellinghaus wrote:
> > > but I have no clue how to write a new usb protocol.
> >
> > Implementing a new USB device and driver is actually pretty easy.
>
> device? driver? is that necessary? host, device or both?
Both. Neccessary if it means an easier-to-use token and software
stack. (Whe
Is my assumption that the amount of PKCS #11 needed for doing
TLS-client-cert auth or S/MIME is close to nothing?
I also guess that the CryptAPI support needed for AD login
with a certificate is very small, right?
I'm asking because Peter's idea to emulate PKCS #11 directly
is horrendous if the e
Aleksey Samsonov wrote:
> Hello,
>
> Jan Just Keijser wrote:
>> Martin Paljak wrote:
>>> On Apr 16, 2010, at 09:51 , Aleksey Samsonov wrote:
>>>
I commented out the OPENSSL_config(NULL) and now it works ...
> should this added as a patch? the FIXME seems to be to *remove*
>
Hi Christian,
You take care to push my patch or an improved one into opensc?
>
I fixed the incorrect PIN-IDs in trunk on last saturday.
We actually also own some TCOS3 2048 bit cards which are pretty useless
> for us until opensc supports secure messaging.
>
> Are there any plans to implement it
on der Verpflichtung, erkannte Fehler zu bekampfen,
Schwachen zu uberwinden und dem Ideal zuzustreben. Die herbe Wirklichkeit wird von sich aus nur zu
viele Einschrankungen herbeifuhren. Gerade deshalb aber mu. der Mensch erst recht versuchen, dem
letzten Ziel zu dienen, und Fehlschlage durfe
Andreas Jellinghaus wrote:
> Am Dienstag 20 April 2010 20:48:07 schrieb Douglas E. Engert:
>> Andreas Jellinghaus wrote:
>>> Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren:
> The idea is to make it. It should be really straightforward, and
> useful if the token you want to des
Le 20 avril 2010 18:31, Jean-Michel Pouré - GOOZE a écrit :
> Dear Friends,
>
> I am trying to understand why my card gets locked.
>
> I am testing a legacy crypto card with:
> * Evolution configured to load X.509 certificates.
> * ssh-add -s /usr/lib/opensc-pkcs11.so (gnome-keyring).
> * pam_p11
Andreas Jellinghaus wrote:
> Am Dienstag 20 April 2010 20:48:07 schrieb Douglas E. Engert:
>> Andreas Jellinghaus wrote:
>>> Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren:
> The idea is to make it. It should be really straightforward, and
> useful if the token you want to desig
Am Dienstag 20 April 2010 20:48:07 schrieb Douglas E. Engert:
> Andreas Jellinghaus wrote:
> > Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren:
> >>> The idea is to make it. It should be really straightforward, and
> >>> useful if the token you want to design is centered around PKCS#11
>
Andreas Jellinghaus wrote:
> Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren:
>>> The idea is to make it. It should be really straightforward, and
>>> useful if the token you want to design is centered around PKCS#11
>>> operations.
>> Then we are *exactly* on the same page, we need NE
Am Dienstag 20 April 2010 07:45:41 schrieb Peter Stuge:
> Andreas Jellinghaus wrote:
> > but I have no clue how to write a new usb protocol.
>
> Implementing a new USB device and driver is actually pretty easy.
device? driver? is that necessary? host, device or both?
it would be nice to create a
Andreas Jellinghaus wrote:
> > Basically .. talk PKCS#11 nearly directly with hardware.
> you still need to
> * select the reader to use (if there are several)
> * select the slot to use (if there are several)
> * select the card to use (e.g.on contactless readers)
Well, this could be implemented
Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren:
> > The idea is to make it. It should be really straightforward, and
> > useful if the token you want to design is centered around PKCS#11
> > operations.
>
> Then we are *exactly* on the same page, we need NEW tokens!
why does it have t
Am Dienstag 20 April 2010 07:03:51 schrieb Peter Stuge:
> Basically remove the whole lot of APDUs, T=0/T=1, CCID and PC/SC,
> and talk PKCS#11 nearly directly with hardware.
you still need to
* select the reader to use (if there are several)
* select the slot to use (if there are several)
* select
Dear Friends,
I am trying to understand why my card gets locked.
I am testing a legacy crypto card with:
* Evolution configured to load X.509 certificates.
* ssh-add -s /usr/lib/opensc-pkcs11.so (gnome-keyring).
* pam_p11 or pam_pkcs11
At some point, the card gets locked.
# By default, the Open
Hi Peter,
On Sun, Apr 18, 2010 at 10:21:50AM +0200, Peter Koch wrote:
> Hi Christian
>
> Somewhere between 0.11.4 and 0.11.8 the SigG application of
> > "TeleSec GmbH" Netkey cards got broken.
> >
>
> Yes and this was due to an incorrecr renumbering of the PINs. The
> SigG-key of both TCOS2 and
Martin Paljak wrote:
> Last but not least, there needs to be a balance between (security)features
> and price, and nifty features like trusted PDA-s (such as [1]) with a
> kickass display, verified firmware (not needed if you don't care) don't come
> cheap.
No, but unlike smart cards which hav
Andreas Jellinghaus wrote:
> Am Montag 19 April 2010 15:18:08 schrieb Viktor TARASOV:
>
>> Instead of change proposed in this mail, I would propose the following:
>> if (verbose > 1) {
>> ctx->debug = verbose;
>> ctx->debug_file = stderr;
>> }
>>
>
> what about:
> if (verbose > 1)
19 matches
Mail list logo