Re: [opensc-devel] two trivial patches for opensc

2012-11-11 Thread Andreas Schwier
Suggested way is to open a pull request toward OpenSC/staging. Our repo is pretty much in sync with the OpenSC repo, but OpenSC has the master. Am 12.11.2012 07:15, schrieb Anthony Foiani: > Greetings. > > I cloned CardContact's repo, since I'm working with their hardware, > but it looks like th

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Andreas Schwier
Dear Anthony, you can not import an externally generated private key. For security reasons, the SmartCard-HSM only supports keys generated internally. We've tested with XCA which uses OpenSSL and the engine mechanism, so I'm quite confident it should work with the command line as well. Let me co

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Anthony Foiani
Andreas -- On Sun, Nov 11, 2012 at 6:31 AM, Andreas Schwier wrote: > The suggested way in the meantime is to generate the key pair, extract > the public key and generate a CSR externally, signing it with the > private key on the device. I haven't tried that precise sequence yet -- I tried it wi

[opensc-devel] two trivial patches for opensc

2012-11-11 Thread Anthony Foiani
Greetings. I cloned CardContact's repo, since I'm working with their hardware, but it looks like these issues are present in the upstream source as well. https://github.com/tkil/OpenSC/commit/563e264483338ea8eef01b5e5549647916308f3f https://github.com/tkil/OpenSC/commit/4d5993066b4473249682b1bcf0

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Nikos Mavrogiannopoulos
On 11/11/2012 11:50 PM, Anthony Foiani wrote: >> certtool --generate-request --outfile req.pem --load-privkey >> "pkcs11:yyy" --load-pubkey "pkcs11:xxx" >> >> should generate a request from the objects based on a smart card. The >> pkcs11: URLs are obtained using the "p11tool --list-all --login"

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Anthony Foiani
Nikos -- Thanks for the quick reply! On Sun, Nov 11, 2012 at 12:42 PM, Nikos Mavrogiannopoulos wrote: > Your question was on openssl, Apologies if it was off-topic; it got to the point where I couldn't tell which component was complaining. Also, my initial goal is to use the token to authenti

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Anthony Foiani
Andreas -- Many thanks for the very quick response! On Sun, Nov 11, 2012 at 6:31 AM, Andreas Schwier wrote: > In the current version of OpenSC, the CSR is not exposed at the > interface, as PKCS#11 does not provide a mechanism to handle device > generated certificate signing requests. In a later

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Nikos Mavrogiannopoulos
On 11/11/2012 03:24 AM, Anthony Foiani wrote: > Greetings. > > I'm working with a CardContact HSM, and would like to generate a > keypair on the token, then get a certificate based on that key. Hello, Your question was on openssl, but just in case someone is interested. If you have any recent

Re: [opensc-devel] state of the project?

2012-11-11 Thread Viktor Tarasov
Hello, Le 11/11/2012 16:28, Andreas Jellinghaus a écrit : > I wonder what we can or should do to improve the state of the project. > It seems to me: > * the last release was 0.12.2, released on 17.07.2011, not enough > progress to create a release since. > * that is a maintenance release, the last

Re: [opensc-devel] PIN login broken in 0.13.0rc1

2012-11-11 Thread Viktor Tarasov
Le 06/11/2012 15:54, Viktor Tarasov a écrit : > Hello, > > On Tue, Nov 6, 2012 at 2:45 PM, Lukas Wunner > wrote: > > when logging in to a GemSafeV1 card with 0.13.0rc1, opensc first retrieves > the number of tries_left using C_GetTokenInfo() and then calls C_Login()

[opensc-devel] state of the project?

2012-11-11 Thread Andreas Jellinghaus
Hi, I wonder what we can or should do to improve the state of the project. It seems to me: * the last release was 0.12.2, released on 17.07.2011, not enough progress to create a release since. * that is a maintenance release, the last major version was opensc 0.12.0 in 22-Dec-2010. * discussions a

Re: [opensc-devel] obtaining a CSR for a token-generated (and locked-on-token) keypair

2012-11-11 Thread Andreas Schwier
Dear Anthony, I have to admit, that I never tried this with openssl engine. I will give it a shot tomorrow. As for the internally generated CSR: This is actually a CSR using the format defined in TR-03110 Part 3, chapter C.2 [1]. This format can be used directly in PKIs for Extended Access Contro

Re: [opensc-devel] openpgp.profile missing from win32 nightlies

2012-11-11 Thread Viktor Tarasov
Le 09/11/2012 22:19, Leonardo Brondani Schenkel a écrit : > The latest nightlies from > https://www.opensc-project.org/downloads/nightly/staging/win32/ do not > come with openpgp.profile. Is it deliberate or a bug in the installer? Take last nightly from https://www.opensc-project.org/downloads/pr