Martin Paljak wrote:
> > I'm happy to help set up git hosting on opensc-project.org.
>
> The nature of git does not need a central git repository.
But releases do, so there's usually a single repo someplace that is
a little bit more official than everything else.
> If git would be to used, I'd
On Apr 22, 2010, at 08:46 , Peter Stuge wrote:
> Andreas Jellinghaus wrote:
>> b) use git/hg/bazar with svn bridge to import current opensc repository
>> and all future changes to it, and develop in git/hg/bazaar. you can
>> publish your codebase on one of the popular hosts (github, launchpad,
Anders Rundgren wrote:
> Rolling your own USB device classes isn't completely
> without issues as this bright young man describes it:
>
> http://fourwalledcubicle.com/blog/archives/561
Right, when a USB interface becomes widely adopted it certainly
does make sense to have it standardized.
On the
Hello,
On Apr 21, 2010, at 20:25 , Viktor TARASOV wrote:
> I would like to start a new OpenSC sub-project, forked from the current
> trunk,
> that should be an experimental branch for the implementation of
> SecureMessaging, MultiApplication,
> combined ACLs, etc.
>
> At the beginning this sub-
On Apr 21, 2010, at 22:01 , Jim Rees wrote:
> I'm in need of a command line utility that can do https fetches given a url,
> like wget, but use pkcs11 for the crypto ops, so I can store the client
> cert/key on a smart card. Firefox will do this but it's overkill and I need
> something scriptable.
Andreas Jellinghaus wrote:
> b) use git/hg/bazar with svn bridge to import current opensc repository
>and all future changes to it, and develop in git/hg/bazaar. you can
>publish your codebase on one of the popular hosts (github, launchpad,
>the mercurial hub whose name I don't remember
On Apr 22, 2010, at 00:25 , Jan Just Keijser wrote:
> Hi Andreas,
>
> Andreas Jellinghaus wrote:
>> hmm. if we had only one engine doing both rsa and gost, the
>> problem would be gone, without this "hack" required in opensc?
>>
>> my point of view:
>> if so: I think that is the solution! please
Jean-Michel Pouré - GOOZE wrote:
> http://www.gooze.eu/smartcard-cutting-instructions
>
> Can you confirm that the mesures are correct? I guess yes, but just
> in case, I would like to be sure.
>
> I am ordering a machine and need a mold. Therefore I would
> appreciate your feedback.
>
> If you
Robert Relyea wrote:
> On 04/21/2010 02:25 PM, Jan Just Keijser wrote:
>
>> Hi Andreas,
>>
>>
>>
>>> or send patches for libp11/engine_pkcs11 to handle gost.
>>> (no idea how much work that would be - I'm quite clueless
>>> over there. also gost engine might be much better than the
>>> s
On 04/21/2010 02:25 PM, Jan Just Keijser wrote:
> Hi Andreas,
>
>
>> or send patches for libp11/engine_pkcs11 to handle gost.
>> (no idea how much work that would be - I'm quite clueless
>> over there. also gost engine might be much better than the
>> simple and hacky engine_pkcs11).
>>
>> but m
Hi Andreas,
Andreas Jellinghaus wrote:
> hmm. if we had only one engine doing both rsa and gost, the
> problem would be gone, without this "hack" required in opensc?
>
> my point of view:
> if so: I think that is the solution! please drop the stuff
> from opensc, and work in that direction.
>
> en
hmm. if we had only one engine doing both rsa and gost, the
problem would be gone, without this "hack" required in opensc?
my point of view:
if so: I think that is the solution! please drop the stuff
from opensc, and work in that direction.
engine_pkcs11.c is bsd3 / openssl license, and libp11
is
Am Mittwoch 21 April 2010 08:34:29 schrieb Peter Stuge:
> Again, what part of the PC system would be authenticated by the token?
> Basically; what purpose does the authentication serve for the token?
for example I would like to put my openssh known_hosts on a smart phone,
so it is current with all
I think it is a great idea to implement these things!
forking a project is easy (every "cp -r ..." is a fork from my point of view),
but merging can be hard, depending on the tools you use.
thus my advice:
a) stay in opensc svn, but simply do
svn cp https:///svn/opensc/trunk \
Am Mittwoch 21 April 2010 21:01:51 schrieb Jim Rees:
> I'm in need of a command line utility that can do https fetches given a
> url, like wget, but use pkcs11 for the crypto ops, so I can store the
> client cert/key on a smart card. Firefox will do this but it's overkill
> and I need something
Am Mittwoch 21 April 2010 16:38:24 schrieb webmas...@opensc-project.org:
> Revision: 4264
> Author: jps
> Date: 2010-04-21 14:38:23 + (Wed, 21 Apr 2010)
wow, great! chears for jps!
does anyone know a source where I can buy a cardos 4.4 card? :)
also: once the startkey is changed from 0
On 04/21/2010 10:01 PM, Jim Rees wrote:
> I'm in need of a command line utility that can do https fetches given a url,
> like wget, but use pkcs11 for the crypto ops, so I can store the client
> cert/key on a smart card. Firefox will do this but it's overkill and I need
> something scriptable. An
I'm in need of a command line utility that can do https fetches given a url,
like wget, but use pkcs11 for the crypto ops, so I can store the client
cert/key on a smart card. Firefox will do this but it's overkill and I need
something scriptable. Any suggestions?
_
Hi,
I would like to start a new OpenSC sub-project, forked from the current
trunk,
that should be an experimental branch for the implementation of
SecureMessaging, MultiApplication,
combined ACLs, etc.
At the beginning this sub-project should support the cards natively
compatibles with PKCS#15
Dear friends,
Some of you may be interested by this HOWTO:
http://www.gooze.eu/smartcard-cutting-instructions
Can you confirm that the mesures are correct? I guess yes, but just in
case, I would like to be sure.
I am ordering a machine and need a mold. Therefore I would appreciate
your feedback.
Douglas E. Engert wrote:
>>
>> I'm asking because Peter's idea to emulate PKCS #11 directly
>> is horrendous if the entire spec is to be followed but could
>> turn out to be a no-brainer if you only need to enumerate keys,
>> open, sign and close.
>
> That sounds too optimistic. You don't want yo
Anders Rundgren wrote:
> Is my assumption that the amount of PKCS #11 needed for doing
> TLS-client-cert auth or S/MIME is close to nothing?
>
> I also guess that the CryptAPI support needed for AD login
> with a certificate is very small, right?
It could be zero if you have the right card. Win
On Wed, 2010-04-21 at 09:22 -0400, Jim Rees wrote:
> Sorry I misunderstood. I guess I don't know what's going on without
> more
> information.
This is the third time this happens. Next time, I will open a bug and
provide full log. My applications are locked trying to access the card
and my card g
Jean-Michel Pouré - GOOZE wrote:
I had to unlock the card using PUK code. But you are right, some of my
applications cannot access the card.
Sorry I misunderstood. I guess I don't know what's going on without more
information.
___
opensc-devel mail
Rolling your own USB device classes isn't completely
without issues as this bright young man describes it:
http://fourwalledcubicle.com/blog/archives/561
Anders
Peter Stuge wrote:
> Anders Rundgren wrote:
There is no such thing as talking directly to USB if you want
your stuff to run i
On Wed, 2010-04-21 at 07:48 -0400, Jim Rees wrote:
>
> I don't think that's what you mean. "PIN is blocked" is a precise
> term used
> by smart card people, it means the card is no longer usable because it
> has
> detected an attempted intrusion and shut itself down. I think what
> you mean
> is
Jean-Michel Pouré - GOOZE wrote:
When several applications share access to the card, somehow the PIN is
blocked.
I don't think that's what you mean. "PIN is blocked" is a precise term used
by smart card people, it means the card is no longer usable because it has
detected an attempted intrus
Anders Rundgren wrote:
> >> There is no such thing as talking directly to USB if you want
> >> your stuff to run in an ordinary computer
> >
> > Hm - what do you mean?
>
> I took it for granted (maybe incorrect) that the operating
> system, libusb, or whatever is running the show assumes that
> a
Peter Stuge wrote:
> Anders Rundgren wrote:
>> There is no such thing as talking directly to USB if you want your
>> stuff to run in an ordinary computer
>
> Hm - what do you mean?
I took it for granted (maybe incorrect) that the operating
system, libusb, or whatever is running the show assumes t
Anders Rundgren wrote:
> There is no such thing as talking directly to USB if you want your
> stuff to run in an ordinary computer
Hm - what do you mean?
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-proj
Martin Paljak wrote:
> I would still use an actual crypto IC for key operations,
If you need multiple MCUs the scheme will be costly. I think
there is plenty of "lebensraum" between passwords written down on
Post-It notes and EAL5++ certified eID cards.
Here is a candidate for the "wündercard"
On Apr 21, 2010, at 09:54 , Peter Stuge wrote:
>> to emulate PKCS #11 directly is horrendous if the entire spec is to
>> be followed but could turn out to be a no-brainer if you only need
>> to enumerate keys, open, sign and close.
>
> I think more is needed, but the legwork is finished in SoftHSM
Hello,
Now this is a really neat idea.
For actual implementation there are people even on this list that have done it
before and probably could help:
https://www.privacyfoundation.de/wiki/GPFCryptoStick
For what it's worth, I'd suggest to call it USB-HSM (as "normal" HSM-s would
usually be P
Hi,
I've discovered that there is no support for certificate loading based
on label in engine_pkcs11.
Here's the patch against current trunk (r128) fixing it. Hope that
would be helpful.
--
With Respect,
Yuriy.
engine_pkcs11-cert-label.diff
Description: Binary data
On Tue, 2010-04-20 at 21:44 +0200, Ludovic Rousseau wrote:
> The PIN is blocked?
When several applications share access to the card, somehow the PIN is
blocked. I am not asked to enter PIN. It simply gets locked as if a loop
was blocking the card. Will give you more information soon.
--
35 matches
Mail list logo
