On Wed, 2010-09-15 at 11:43 -0500, Douglas E. Engert wrote:
>
> On 9/15/2010 6:30 AM, Martin Paljak wrote:
> > Hello,
> > On Sep 15, 2010, at 12:12 PM, Viktor TARASOV wrote:
> >>> Not yet! I had to replace line 122 of iso7816.c
> assert(count<= card->max_recv_size);
> >>> by
> assert(cou
On Tue, 2010-09-14 at 16:04 +0200, jons...@terra.es wrote:
> [...].
>
> > Supposed that the attached log file is complete, then the card fails
> on
> > receiving the first APDU. In this case the card provides only it's
> ATR
> > and nothing more. This makes it less useful and thus I would prefer
>
On Tue, 2010-09-14 at 14:38 +0200, jons...@terra.es wrote:
> [...]
>
> > > Not sure on other cards, but DNIe mark this situation by mean of
> > > change on ATR status code from 03 90 00 to
> > > 0F 65 81 (Memory error). Not sure what to do if detected this
> > > situation:
>
> > 1. When data stru
On Tue, 2010-09-14 at 11:28 +0200, jons...@terra.es wrote:
> Perhaps anyone can help me:
>
> Now that my DNIe has died [1] I'm trying to get dni code to be aware
> of this situation.
>
> ¿What's the standard way to tell libopensc that a card has been
> invalidated?, that is: the card is recognize
> > What is the output of pkcs11-tool -L ?
> > Does it include for your slot:
> > token flags: rng, readonly, ***login required***, PIN initialized,
> > token initialized ?
>
> Yes, there is the point. "login required" is not shown in version 0.12.
@Johannes:
Apply this patch locally, and eve
On Thu, 2010-09-02 at 21:31 +0300, Martin Paljak wrote:
> Hello,
>
> On Sep 2, 2010, at 9:16 PM, Andre Zepezauer wrote:
> > But as an inspiration for the future, this problem can be solved throughout
> > exploiting logical channels.
> Which problem? How?
1. If only one a
Hello,
first of all, I'm not interested in starting the discussion on insecure
default setting over again. The decision seems to be clear. But as an
inspiration for the future, this problem can be solved throughout
exploiting logical channels.
Regards
Andre
_
On Wed, 2010-09-01 at 04:55 +0400, Aleksey Samsonov wrote:
> Hello,
>
> Martin Paljak wrote:
> >> 2. The announcement of the GOST public key algorithm seems to me very
> >> optimistic. Because the current implementation isn't functional at all
> >> [1][2].
> > Good catch.
>
> The GOST public key
On Wed, 2010-09-01 at 10:41 +0400, Aleksey Samsonov wrote:
> Hello,
>
> Martin Paljak wrote:
> > On Aug 30, 2010, at 2:52 PM, Emanuele Pucciarelli wrote:
> >>> The handful of drivers with insecure operations I was talking about, I
> >>> got with the following command: grep -n OPENSSL libopensc/car
On Thu, 2010-09-02 at 19:00 +0300, Martin Paljak wrote:
> On Sep 2, 2010, at 6:37 PM, Andre Zepezauer wrote:
> > And when this portable brakes, can I use the TPM (with keys on it) in a
> > replacement part?
>
> The situation is no different if your SD card breaks.
>
On Thu, 2010-09-02 at 18:20 +0300, Martin Paljak wrote:
> Helo,
> On Sep 2, 2010, at 6:01 PM, Andre Zepezauer wrote:
> > On Thu, 2010-09-02 at 17:05 +0300, Martin Paljak wrote:
> >> I believe the reason why smart cards exist is their common, agreed upon
> >> fo
On Thu, 2010-09-02 at 17:05 +0300, Martin Paljak wrote:
> Hello,
>
> On Sep 2, 2010, at 4:44 PM, Andre Zepezauer wrote:
> > it's hard to imagine that the demand of these devices is still so
> > limited, because they fit nicely into every laptop/netbook with SD card
&
;
> Best Regards,
> Toni
>
>
> > -Original Message-
> > From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de]
> > Sent: 1. syyskuuta 2010 21:51
> > To: Aventra development
> > Cc: opensc-devel
> > Subject: MyEID microSD
> >
On Thu, 2010-09-02 at 12:21 +0200, Johannes Becker wrote:
> Hello,
>
> unfortunately I have to repeat my message about the TCOS2 card:
>
>
> When using opensc-0.12.0-svn-r4647 with our Uni Giessen Card (TCOS 2),
> firefox presents the certificate to use without asking the PIN.
I'm not absolutel
Hello Toni,
by visiting the webshop of Aventra I have noticed, that there is a smart
card in microSD format in there portfolio. I have been looking for such
a device for a while, but haven't found a supplier so far. Are you able
to provide some more information on it. Most important to me is the
e
On Wed, 2010-09-01 at 00:52 +0200, Peter Stuge wrote:
> Andre, please try to trim your replies. Keep in mind that you only
> spend 1 * time trimming, while everyone who has to read spends n * time
> seraching for your actual reply.
>
>
> Andre Zepezauer wrote:
> > whe
On Tue, 2010-08-31 at 10:35 +0300, Martin Paljak wrote:
> Hello?
> On Aug 30, 2010, at 11:13 PM, Andre Zepezauer wrote:
>
> > Hello all,
> >
> > what do you think of dropping the possibility to initialise CardOS smart
> > cards in 0.11.14? The reason of doing
On Tue, 2010-08-31 at 21:07 +0200, Ludovic Rousseau wrote:
> 2010/8/31 Peter Stuge :
> > Johannes Findeisen wrote:
> >> > I think it is important to pay attention to the original goal: to
> >> > run pcscd as a normal user instead of root.
> >>
> >> Yep, that's what I want too. But, when running pcs
On Tue, 2010-08-31 at 10:14 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > On Mon, 2010-08-30 at 17:50 +0200, Viktor TARASOV wrote:
> >
> >> Hello,
> >>
> >>
> >> Andre Zepezauer wrote:
> >>
> >>> Hell
On Tue, 2010-08-31 at 18:40 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote:
> >
> >> Aventra development wrote:
> >>
> >>> The 1K key generation works nicely, but we are havi
On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote:
> Aventra development wrote:
> >
> > The 1K key generation works nicely, but we are having a problem
> > generating a 2K key using OpenSC 0.11.13 and our own MyEID card.
> >
> > OpenSC correctly finds a new file id and creates the file, and
Hello all,
what do you think of dropping the possibility to initialise CardOS smart
cards in 0.11.14? The reason of doing so, is to stop the production of
more of these questionable split-key cards.
People who want to initialise CardOS are then forced to do this with
either 0.11.13 or 0.12.X. Hop
On Mon, 2010-08-30 at 17:50 +0200, Viktor TARASOV wrote:
> Hello,
>
>
> Andre Zepezauer wrote:
> > Hello,
> >
> > attached is a patch which makes it possible to explicitly request
> > specific algorithms for the cryptographic operations. The advantag
On Mon, 2010-08-30 at 16:36 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 30, 2010, at 2:52 PM, Emanuele Pucciarelli wrote:
> >> The handful of drivers with insecure operations I was talking about, I
> >> got with the following command: grep -n OPENSSL libopensc/card-*.c
> >>
> >> But looking c
On Mon, 2010-08-30 at 12:40 +0300, Martin Paljak wrote:
> Hello,
>
> First, thank you for a constructive review.
>
> On Aug 30, 2010, at 1:54 AM, Andre Zepezauer wrote:
> > I had a look at the NEWS file to see which improvements it will bring to
> > us. After readi
cards as it's goal [5]. Changing this,
could be a good point to start to make opensc more interoperable with
well initialised pkcs15 cards.
Kind Regards
Andre Zepezauer
[1]http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15-sec.c#L86
[2]http://www.opensc-project.org/op
On Fri, 2010-08-27 at 11:12 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 26, 2010, at 6:34 PM, Andre Zepezauer wrote:
> > One application for the give_random() function is contained in the
> > attached patch. In short: C_SeedRandom() works fine with CardOS. Would
> >
On Tue, 2010-08-17 at 10:08 +0300, Martin Paljak wrote:
> Helo,
>
> On Aug 17, 2010, at 1:59 AM, Andre Zepezauer wrote:
> > On Mon, 2010-08-16 at 21:10 +0200, Emanuele Pucciarelli wrote:
> >>> @martin: When you are interested in improving iso7816.c, then rewrite
> &g
On Thu, 2010-08-26 at 14:32 +0200, Andre Zepezauer wrote:
> On Wed, 2010-08-25 at 10:55 +0300, Martin Paljak wrote:
> > Hello,
> >
> > On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> > > Question #1,
> > >
> > > Try pkcs11_inspect.
> &
On Wed, 2010-08-25 at 10:55 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> > Question #1,
> >
> > Try pkcs11_inspect.
> > $ pkcs11_inspect
> > [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Instruction code not
> > supported or invalid
> > [open
Hello Emanuele,
On Sat, 2010-08-21 at 01:27 +0200, Emanuele Pucciarelli wrote:
> On Tue, Aug 17, 2010 at 17:52, Andre Zepezauer
> wrote:
>
> [about improving SELECT FILE in iso7816.c]
>
> > It would be nice, if the driver could be configured in a way to support
> >
Hello,
attached is a patch which makes it possible to explicitly request
specific algorithms for the cryptographic operations. The advantage is,
that if the token provides sufficient information about itself, then the
driver is not required to do any guess work. Which in turn could result
in a mor
Hello Martin,
On Fri, 2010-08-20 at 11:02 +0300, Martin Paljak wrote:
> Hello,
> On Aug 20, 2010, at 2:02 AM, Andre Zepezauer wrote:
> > 1. Fix the SC_SEC_ENV_KEY_REF_ASYMMETRIC magic
> > See how this flag is used and where it is set!
> I don't see it being set anywh
Hello Martin,
according to your last post, here are my first suggestions for an
improvement:
1. Fix the SC_SEC_ENV_KEY_REF_ASYMMETRIC magic
See how this flag is used and where it is set!
2. Assign the value sc_security_env_t.algorithm_ref before calling
set_security_env. A lot of drivers co
On Tue, 2010-08-17 at 10:08 +0300, Martin Paljak wrote:
> Helo,
>
> On Aug 17, 2010, at 1:59 AM, Andre Zepezauer wrote:
> > On Mon, 2010-08-16 at 21:10 +0200, Emanuele Pucciarelli wrote:
> >>> @martin: When you are interested in improving iso7816.c, then rewrite
> &g
On Tue, 2010-08-17 at 16:02 +0200, Emanuele Pucciarelli wrote:
> On Tue, Aug 17, 2010 at 03:07, Andre Zepezauer
> wrote:
>
> > Cards which comply with chapter "9 Application-independent card
> > services" of 7816-4 must implement 1,2,4. The preferred values used
On Tue, 2010-08-17 at 02:08 +0200, Emanuele Pucciarelli wrote:
> On Tue, Aug 17, 2010 at 00:59, Andre Zepezauer > This particular card isn't important at all. But it shows, that the
> > select_file function doesn't work for an iso card. I had to write code,
> > to r
On Mon, 2010-08-16 at 21:10 +0200, Emanuele Pucciarelli wrote:
> Hi Andre!
>
> Thanks for the remarks!
>
> > It works very well, right now. I have a modified cardos driver, which
> > uses both functions (signing and decipherment from iso7816.c) with keys
> > of 2048 bit. Seems to me, that there i
On Sun, 2010-08-15 at 17:11 +0300, Martin Paljak wrote:
> On Aug 15, 2010, at 4:21 PM, Emanuele Pucciarelli wrote:
> > On Sun, Aug 15, 2010 at 13:45, Martin Paljak wrote:
> >> iso7816.c should not be taken as a final, static code, if there are checks
> >> missing from there, it is OK to improve i
Dear OpenSC developers,
in the interests of the users of OpenSC, it would be fair to apply the
following patch.
Kind Regards
Andre Zepezauer
Index: etc/opensc.conf.in
===
--- etc/opensc.conf.in (revision 4620)
+++ etc
Dear Emanuele,
attached is the patch I had written about. It works if the following
three conditions a met:
1. If on the pkcs15 level a key is known as usable for signing and
decryption, it must be generated in a way that:
* the card can use it to perform PSO_DEC
* the card doesn'
Dear Emanuele,
it would be nice, if you could provide some more information about the
card you are working on. What I'm interested in is: If there are keys on
the card which are usable for signing but not for decrypting or vice
versa (in context of pkcs11/15)? And if so, is the pkcs1 padding for
t
On Thu, 2010-06-24 at 14:47 +0300, Martin Paljak wrote:
> Hello,
>
> On Jun 24, 2010, at 12:47 , Andre Zepezauer wrote:
> > Ludovic Rousseau wrote:
> >> Why not just remove the lines if they are useless now?
> >>
> > Because it makes the process of rev
Ludovic Rousseau wrote:
2010/6/24 Andre Zepezauer :
Dear all,
Hello,
in the attached patch I have collected some pieces of code, which I
consider for obsolete sine r4113 (removal of split-key concept). This
patch is maintains only and as this may have a lower priority.
Why
Dear all,
in the attached patch I have collected some pieces of code, which I
consider for obsolete sine r4113 (removal of split-key concept). This
patch is maintains only and as this may have a lower priority.
Kind Regards
Andre Zepezauer
Index: pkcs11/framework-pkcs15.c
to pcscd. This could
also be the source for the differences between linux and windows.
Attached is a log file generated while executing some commands. For
unknown reason i can't reproduce the shown error. pcscd is 1.4.99 on
ubuntu 8.04.
Regards
Andre Zepezauer
# two pins for my token, thus tw
On Mon, 2010-06-14 at 13:09 -0500, Douglas E. Engert wrote:
>
> On 6/14/2010 12:46 PM, Andre Zepezauer wrote:
> > Hello Douglas,
> >
> > attached is a patch that is almost the same like yours. The only
> > difference is, that it still honours the max_virtual_slot
Hello Douglas,
attached is a patch that is almost the same like yours. The only
difference is, that it still honours the max_virtual_slots property.
Consider it as untested too.
Regards,
Andre Zepezauer
On Mon, 2010-06-14 at 09:44 -0500, Douglas E. Engert wrote:
>
> On 6/12/2010 6
Key Object; RSA 2048 bits
Usage: encrypt, verify, wrap
Best Regards,
Andre Zepezauer
On Thu, 2010-06-10 at 13:58 +0200, kerstin.ho...@uv.ruhr-uni-bochum.de
wrote:
> Hi,
>
> I am working on the SSO- and Signature-Framework at the Ruhr Universität. We
> recently tried to upgrad
CertificateSerialNumber there:
http://www.ietf.org/rfc/rfc5280.txt
Regards,
Andre Zepezauer
Index: libopensc/pkcs15-cert.c
===
--- libopensc/pkcs15-cert.c (revision 4403)
+++ libopensc/pkcs15-cert.c (working copy)
@@ -79,7 +79,7
= 6.
Best regards,
Andre Zepezauer
Index: libopensc/asn1.c
===
--- libopensc/asn1.c (revision 4390)
+++ libopensc/asn1.c (working copy)
@@ -1000,9 +1000,11 @@
case SC_ASN1_INTEGER:
case SC_ASN1_ENUMERATED:
if (parm != NULL)
+ {
201 - 251 of 251 matches
Mail list logo
