[opensc-devel] Fosdem 2012, donation of 50 ePass2003 to security devroom

Dear all, Just a quick note that GOOZE will be attending FOSDEM security devroom (day one) and we will donate 50 ePass2003 tokens to the assistance. http://www.gooze.eu/epass-2003 People interested will only need to register an online form during the security devroom and I will hand them free tok

Re: [opensc-devel] Always 3F00 is returned after reading (select has no???effect)

On Thursday, January 19 at 11:46AM, Szabó Áron wrote: > > Hi, > > I have to test a rather old Bull card with the OpenSC v0.12.2 on Windows, I > try to retrieve all the stored files by using "SELECT FILE" and "READ BINARY" > APDU commands (after performing a successful authentication by using >

[opensc-devel] Always 3F00 is returned after reading (select has no effect)

Hi, I have to test a rather old Bull card with the OpenSC v0.12.2 on Windows, I try to retrieve all the stored files by using "SELECT FILE" and "READ BINARY" APDU commands (after performing a successful authentication by using "VERIFY"). I can easily get the content of the MF (3F00) but I also

Re: [opensc-devel] proving a key is on a smart card

On 2012-01-19 10:16, Frank Cusack wrote: > On Thu, Jan 19, 2012 at 1:10 AM, Anders Rundgren > wrote: > > > This is since long solved problem. It is an intrinsic part of > GlobalPlatform > where you don't really use CSR's and PoP's but a session-key to

Re: [opensc-devel] proving a key is on a smart card

On Thu, Jan 19, 2012 at 1:10 AM, Anders Rundgren wrote: > > This is since long solved problem. It is an intrinsic part of > GlobalPlatform > where you don't really use CSR's and PoP's but a session-key to secure > that you > are really talking to the card. > > On http://webpki.org/auth-token-4-th

Re: [opensc-devel] proving a key is on a smart card

On Thu, Jan 19, 2012 at 12:38 AM, NdK wrote: > Il 19/01/2012 09:16, Peter Stuge ha scritto: > > Christian Hohnstaedt wrote: > >> Anything that can be signed by the card can be signed by a software > >> key, too. > > Yes of course. But the point is that the card can come with the > > special key p

Re: [opensc-devel] proving a key is on a smart card

On 2012-01-19 09:38, NdK wrote: > Il 19/01/2012 09:16, Peter Stuge ha scritto: >> Christian Hohnstaedt wrote: >>> Anything that can be signed by the card can be signed by a software >>> key, too. >> Yes of course. But the point is that the card can come with the >> special key pre-installed. > I se

Re: [opensc-devel] proving a key is on a smart card

Dear Frank, we have such a card. Take a look at [1]. The card internally generates a key pair and a CSR as defined in TR-03110 (that is the standard for biometric passports, in particular Extended Access Control). Such an authenticated request contains two signatures: the inner signature is the p

Re: [opensc-devel] proving a key is on a smart card

Il 19/01/2012 09:16, Peter Stuge ha scritto: > Christian Hohnstaedt wrote: >> Anything that can be signed by the card can be signed by a software >> key, too. > Yes of course. But the point is that the card can come with the > special key pre-installed. I see at least two ways here: 1) the 'technic

Re: [opensc-devel] proving a key is on a smart card

Seriously, please trim replies. Christian Hohnstaedt wrote: > Anything that can be signed by the card can be signed by a software > key, too. Yes of course. But the point is that the card can come with the special key pre-installed. //Peter ___ opensc

Re: [opensc-devel] proving a key is on a smart card

On Wed, Jan 18, 2012 at 11:30:36PM -0800, Frank Cusack wrote: > On Wed, Jan 18, 2012 at 11:04 PM, Christian Hohnstaedt < > christ...@hohnstaedt.de> wrote: > > > On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote: > > > In a CSR, how is it proven that the key resides on a smart card (and

Re: [opensc-devel] proving a key is on a smart card

Frank Cusack wrote: > For example, if I had some key/cert on the card (and I know it can only > exist on the card -- this might happen before it is shipped to me or in > bulk secure provisioning on site) that is not able to be used for anything > externally. ie, you cannot encrypt,decrypt,sign or