Hi Nils!
Nils Larsch gmx.net> writes:
>this is most likely a HMAC (using DES or 3DES)
> unless secure messaging is used when the key is written to the
> token a usb sniffer might be useful to get the key
I explore eToken stick files, but whith file is DES key? I don't found 7 byte
(DES) or 21 b
Hello Peter!
> What kind of logon do you mean (ie. Windows-logon, SSH-logon, ...)
Just authenticate user for security operation.
> This only happens if you are using an Aladdin eToken that
> was formatted by the Aladdin-tools. If you format your
> eToken with OpenSC your keys will be protected
Hello All!
I try to provide user logon on eToken AKS application.
Token based on Cardos V4.2B.
Aladdin's utility eToken Property use EXTERNAL_AUTHENTICATE for this.
Utility send adpu GET_CHALLENGE "00 84 00 00 08" and
EXTERNAL_AUTHENTICATE "00 82 00 81 08 2D 42 BC F8 C1 65 A3 D5"
But I don't
Franz Brandl hotmail.com> writes:
>
>
> Hi,afaik the 4.15 firmware contains an error in the secure pin verification
over PC/SC. there should be a newer firmware and driver available from SCM.it
might well be that the device works with the seccommerce software, but maybe
they have adapted the
Hello!
I have "SCM Microsystems Inc. SPRx32 USB Smart Card Reader" on Windows XP.
I set "enable_pinpad = true;", but on GET_FEATURE_REQUEST SCardControl return
0x001f.
Is it possible provide pinpad support for SPRx32 device?
This online tool work with SPRx32 pinpad correctly:
http://www.s
Hello!
>
> we can also add a parameter to opensc.conf to enable/disable the feature in
> general.
Bad idea. I have card which has 3 certificates: SigG, Auth, Enc. Unfortunately
pins for SigG and Enc locked, so I test only Auth.
For compute digital signature: SigG use sign (Simon post), Auth use
Hello!
Acos card has 2 certificates, first X.509 certificate for key PK.CH.EKEY parsed
by OpenSc parse_x509_cert successfully, but on SIGN cert parsing fail.
Acoording to Acos documentation:
4.6. Dedicated File DF_SIG
AID: ‘A0 00 00 01 18 45 43’
FID: ‘DF 70’
...
4.6.3. EF_C_CH_DS
FID: ’C0 0
Peter Koch opensc-project.org> writes:
>
> With TCOS cards and 1024 bit keys your padding must be at least 11 bytes.
> PKCS#1-padding will add another 3 bytes, i.e.
>
> 00 00
>
> Hence your data must contain no more than 128-11-3=114 bytes. If it
> does not, then TCOS will respond with 698
Peter Koch opensc-project.org> writes:
> Could you post the relevant parts of your code or send it to me.
I use pkcscsp.2:
getPublicKeyFromX509Cert and getX509Value - it is functions from
pkcscsp.2, defined in cryptool.cpp.
TESTCRK, TESTBL - test return value, if fail throw exception.
...
Peter Koch opensc-project.org> writes:
> How did you encrypt your data? Looks like a padding problem to me.
> OpenSC assumes that you used PKCS#1-padding before you encrypted
> your data. I'm not sure whether all keys on your SignTrust card
> supports non-PKCS#1-padding. Let me know if you must
Data encrypted by RSA_public_encrypt with RSA_PKCS1_PADDING.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Hello!
I try to decrypt ciphertext with Deutsche Post card (tcos).
ATR: 3B BA 96 00 81 31 86 5D 00 64 05 7B 02 03 31 80 90 00 7D.
Data encrypted by RSA, using OpenSSL with public key of Deutsche Post
certificate.
On decryption operation I have error on ADPU:
...
transmitted: 00 22 C1 B8 03
I need to build GLP PIN adpu. I found, that it required SC_PIN_ENCODING_GLP
flag for pin encoding. How to specify it on card emulation level?
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listi
Hello all!
I'm trying to provide emulation for IOC cards. I have Sparkasse Witten card
(Seccos).
On initialization step I have 2 problems:
1. Definition of supported mechanisms.
2. Existed certificates. In IOC document written for example EF.C_X509.CH.
DS - s have FID - s 'C00x'(x = 0 -7). How to
Douglas E. Engert anl.gov> writes:
>
> I meant as a stating point to write the missing C_Encrypt code for OpenSC
pkcs11.
>
I think there will be enough using CSP modification.
>
> That looks like it is a test, in that it takes the string abcdefghi encrypts
> using OpenSSL the public key
Andreas Jellinghaus dungeon.inka.de> writes:
> Documentation etc. would be always welcome.
There is a direct link on description for German Office Identity Card:
http://www.teletrust.de/fileadmin/files/oic_1-0.pdf
___
opensc-devel mailing list
op
Andreas Jellinghaus dungeon.inka.de> writes:
.
>
> issue solved, opensc does not automatically use decrypt instead of sign,
> if the p15card->flag & SC_PKCS15_CARD_FLAG_SIG_WITH_DECRYPT is set.
>
Decrypt instead of sign for cardos is a good solution, but there is an other
problem. Problem in
Andreas Jellinghaus dungeon.inka.de> writes:
>
> Peter Koch might be interested, he wrote drivers for all other german
> signature cards, but those were TCOS/NetKey cards.
>
> Documentation etc. would be always welcome.
>
By the way, maybe anybody have additional documentation for German Off
Andreas Jellinghaus dungeon.inka.de> writes:
>
> On Thursday 19 July 2007 09:57:31 Dmitry wrote:
> what is the name of the low level crypto implementation by microsoft?
pkcscsp use default PROV_RSA_FULL CSP.
> or do you think that many appliations will fail, if such a C
Andreas Jellinghaus dungeon.inka.de> writes:
>
> Dmitry: can you try this? you would need to checkout svn trunk and compile
> it yourself. it works for me (pkcs15-crypt and pkcs11-tool on a siemens
> initialized card).
>
All right, Sign and Verify is working correctly.
O
Andreas Jellinghaus dungeon.inka.de> writes:
>
> Documentation etc. would be always welcome. Could you create a wiki page and
> link or attach every information you have? That is not a guarantee that
> anyone will write a driver, but without documentation etc. noone can do that
> for sure.
>
When OpenSc will provide suuport of Seccos? At least rough terms.
I have SECCOS Bankensignaturcart card (as told SecCardAdmin).
It has German Office Identity Card, HBCI, GelteKarte applications.
So, maybe possible create emulation for it, for example throw OIC,
OS documentaion available in Web.
Nils Larsch gmx.net> writes:
> IMHO the right way to fix this would be to tell the profile
> layer to use the decryption operation for signing and not to
> modify the card driver.
>
Thanks,
So, I need just test if card is cardos, certificate support encryption and use
C_DecryptInit/C_Decrypt i
Douglas E. Engert anl.gov> writes:
>
> Can you use C_Verify instead?
>
How to use it for encryption, may you show example?
I found in pkcs11-tool example - function "encrypt_decrypt", I think that is
what I need.
___
opensc-devel mailing list
op
Peter Stuge cdy.org> writes:
> If it doesn't however, directly calling OpenSC would be useful.
> But in that case, why not do away with CryptoApi completely?
Some theory:
As tells http://msdn2.microsoft.com/en-us/library/ms953432.aspx
If some user want to encrypt\decrypt some data, with certi
Andreas Jellinghaus dungeon.inka.de> writes:
> sorry, still confused. I know csp11 and pkcscsp, but what is pkcscsp2?
I meant pkcscsp.2.zip from http://www.opensc-project.org/files/pkcscsp/orig/
As tell http://www.opensc-project.org/files/pkcscsp/orig/README
pkcscsp.2.zip - is an update versi
> any chance you can send a unified diff ("svn diff" or "diff -u" format) with
> these changes? that would be great.
I did't send, next time will use diff.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.
Andreas Jellinghaus dungeon.inka.de> writes:
>
> you got it to work? great! I once got the binary on the web page to work,
> but everytime I compiled it myself (and got it signed by microsoft), it didn't
> work. did you compile it yourself? can you share the code?
>
Sorry, it is pkcscsp2. Firs
Andreas Jellinghaus dungeon.inka.de> writes:
>
>
> ah. what is that? is it open source? available for download somewhere?
> we have the pkcscsp and csp11 sources but noone found time so far to get them
> working and the result signed by microsoft :(
> (ok, the signing should be easy, but I'm no
Some time ago I tests Cardos SC_CARD_TYPE_CARDOS_M4_3, with atr:
3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74
Sign fails on final transmit of sign adpu. I analyzed adpu winscard.dll log of
SmartTrustPersonal, which CSP sign correctly.
And found that it use other way of sign throw adpu: 00 2A 80 86 ...
Andreas Jellinghaus dungeon.inka.de> writes:
>
> yes. hmm,, strange, you shouldn't need a profile file unless you want to
> change the card. using it should be fine without the profile file.
>
> why do you want to use opensc for encryption?
> smart cards are usualy used for signing or decrypti
Hello all!
Now I test Deutsche Telekom TeleSec card, as detected with Opensc as NetKey E4
Card with tcos OS.
Certificate on card is only for Key Encipherment and Data Encipherment, so it
seems that there is no check_key_compatibility problems.
But Opensc looks for tcos.profile, which is not e
Andreas Jellinghaus dungeon.inka.de> writes:
>
> you can either:
> a) store the key for decryption only, see the --key-usage parameter to
> pkcs15-init.
> b) store the key as split key: opensc will store the keys twice, once for
> signing and once for decryption, and magically choose the right
Hello, I have A-trust card.
Opensc support it throw build in emulation, in code card detected as "atrust-
acos", but opensc.conf from last Smart card bundle(scb-0.8.exe) have const
"atrust-acosi". Is it typing error?
___
opensc-devel mailing list
op
I try to encipherment throw cardos card. I use certificate, which support:
Digital Signature, Key Encipherment, Data Encipherment (b0).
But, key export fails in sc_pkcs15init_generate_key on check_key_compatibility
with message:
"This device requires that keys have a specific key usage.
Keys can
Nils Larsch gmx.net> writes:
>
> the problem with both cards is that opensc doesn't recognize the
> card profile of both cards. The card profile specifies where key
> etc. stored and without this information opensc can't use these
> card (here opensc tries to read files which are normally presen
I have 2 cards.
1. "Deutsche Bank - db SignaturCard" card - detected by opensc as "STARCOS SPK
2.3" and as "db SignaturCard" by SecCardAdmin from http://www.seccommerce.de.
2. "A - Trust" card - detected by opensc as "A-TRUST ACOS" and as "A - Trust
ECC" by SecCardAdmin.
After detecting
Nils Larsch gmx.net> writes:
>
> Dmitry wrote:
> > Hello! I am trying to work with starcos 2.3 card throw opensc, but get
errors.
> > In according with documentation this card type is supported.
> > Help me please to make work opensc with this card.
>
> a
Hello! I am trying to work with starcos 2.3 card throw opensc, but get errors.
In according with documentation this card type is supported.
Help me please to make work opensc with this card.
Details:
...
trying driver: starcos
ATR : 3b:b7:94:00:81:31:fe:65:53:50:4b:32:33:90:00:d1
ATR try :
39 matches
Mail list logo
