Ludovic Rousseau wrote:
You can also try to play with a .NET card. The associated PKCS#11
library [1] is free software.
I hadn't paid any attention to this card because I assumed it was MS Windows
only. But I see they claim Mac and linux compatibility. Anyone have
anything good or bad to sa
Andreas Jellinghaus wrote:
yes, the situation is a bit disappointing. every gread card or token
that works great with opensc is no longer sold, outdated, hard to get
etc.
It's very frustrating to have budget to spend, and manufacturers who seem
determined to prevent me from giving them mone
Juergen Beisert wrote:
> > Jim Rees wrote:
> >> You might want to add pinpad support.
The external card reader device uses a local processor to run its own
firmware. But my case is a little bit different than with an external reader
device: My regular Linux system i
Andreas Jellinghaus wrote:
Thinking about it for a few more minutes, I have a much better
advice: implement a serial port.
No no no! The serial port drivers have to muck with the uart to set all the
fussy rs232 parameters, like frame size and bit rate. I don't think you
want to emulate this
Does anyone know a way to buy a Feitian PKI card in the US? Gooze won't
ship here.
Are there any other cards or usb tokens available in the US that work with
OpenSC other than the Aladdin etoken? I prefer a non-java card but will
take whatever I can get at this point.
___
The wiki says, "SafeNet offers the iKey 3000 ... The iKey 3000 is fully
supported by OpenSC and is well tested." Maybe this should be changed to
"The iKey 3000 is no longer sold."
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http:/
The Rainbow ikey seems to have been discontinued in 2007. CyProtect
recommends AET IDp 1000 Token, which is JCOP41, as a replacement. Will this
work with OpenSC? Can someone update the wiki?
___
opensc-devel mailing list
opensc-devel@lists.opensc-proje
I'm in need of a command line utility that can do https fetches given a url,
like wget, but use pkcs11 for the crypto ops, so I can store the client
cert/key on a smart card. Firefox will do this but it's overkill and I need
something scriptable. Any suggestions?
_
Jean-Michel Pouré - GOOZE wrote:
I had to unlock the card using PUK code. But you are right, some of my
applications cannot access the card.
Sorry I misunderstood. I guess I don't know what's going on without more
information.
___
opensc-devel mail
Jean-Michel Pouré - GOOZE wrote:
When several applications share access to the card, somehow the PIN is
blocked.
I don't think that's what you mean. "PIN is blocked" is a precise term used
by smart card people, it means the card is no longer usable because it has
detected an attempted intrus
Peter Stuge wrote:
Are APDUs the best communications protocol for PKI tokens?
We spent some time thinking about this many years ago. 7816 is a very
baroque interface, better suited to the days of 300 baud modems than to
modern computing.
One recent attempt was the Schlumberger etoken, which e
Harry Anuszewski wrote:
I am using openSC-java and want to pull data off a Fips 201 piv card.
Doug Engert helped me with this. Once you have the app-id for the object
you want, you can fetch it like this:
pkcs11-tool -r -y data --login --application-id
The app-id for the facial image is 2.1
Andreas Jellinghaus wrote:
man getpass:
This function is obsolete. Do not use it.
also this function reads from /dev/tty. why?
So you can do things like this:
mcrypt foo
and have it read the password from your terminal rather than from the file
foo.nc.
One of the reasons it was
Andreas Jellinghaus wrote:
hmm. is that new?
the resellers I know did sell etokens fine, even if I wanted to buy only
one or two and no software.
It could just be my vendor. We are encouraged to use CDW.
___
opensc-devel mailing list
opensc-deve
Andreas Jellinghaus wrote:
what about the cyberflex tokens from axalto? I think they are still sold.
They were discontinued some time ago, but some vendors still have a few in
stock. Too bad, they and Cryptoflex were my favorite cards.
Aladdin USB tokens are ok I guess. One problem with Alad
Andreas Jellinghaus wrote:
if we need to fix the server for this: we could drop all certificates
and issue username/password for each developer instead.
Ugh. That would be embarassing for what is at least partly an
authentication project. How about ssh key pairs?
___
This card is supposed to be "CAC-like" but OpenSC 0.11.9 doesn't recognize
it. Smartcard-atr.appspot.com says it's "UNKNOWN". Does this look familiar
to anyone? Do I have any hope of getting it to work?
manihiki# openct-tool -r 0 atr
Detected CCID Compatible
Card present, status changed
ATR: 3b
Remind me why we don't just dispense with OpenCT and incorporate the pcsc
reader drivers directly into OpenSC. Is there a license issue? Are there
people using pcsc as a separate package without OpenSC? Are there problems
for non-linux installs?
___
op
Thanks!
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Right now the web page says, "Supported smart cards are the Aladdin eToken
PRO.." It should say only the USB token is supported, the card is too old,
since it runs M4.01.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.open
I would very much like to see the list of supported cards updated. At the
least you should remove the Aladdin card from the list so someone else
doesn't make the same mistake I did.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http
I just returned to smart card work to find that Gemplus has killed my
favorite card, the Cryptoflex. So I bought some Aladdin PRO 32k cards (not
usb tokens). But I can't get them to init. Any suggestions?
Here's the failure:
manihiki# pkcs15-init -E
manihiki# pkcs15-init -CT
New Security Offic
Andreas Jellinghaus wrote:
does this help?
I'd say that helps so much that it should go on the web site in a prominent
place.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-dev
The very first implementation of ssh with smart cards was done by Naomaru
Itoi here at CITI many years ago and did load an external private key
instead of generating the key pair on the card. A descendant of that code
is shipped today with the OpenBSD version of OpenSSH. Even though I worked
on t
Gergely CZUCZY wrote:
I'm using the eutron cryptoidentity, and it's kinda nice.
I tried to buy some of those once but couldn't find a place that would sell
me a small number for reasonable price. I have a couple Aladdin etokens,
and they're nice but expensive, and they seem to keep "updating"
Peter Stuge wrote:
Is the new Cryptoflex eGate any good?
The eGate itself is great, but last time I checked it wasn't available in
dongle form. Is it now?
One thing I like about Cryptoflex is you can load up a pkcs15 file structure
and certs with just OpenSC tools. No need to run proprietary
There is also a pkcs11 soft token library (no hardware) that comes with
heimdal.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Alon Bar-Lev wrote:
> In more detail, instead of using a static, local token, I would like to
> interface the pkcs#11 to a dynamic certificate: the middleware first
> creates a keypair, sends it off to a CA that issues a certificate on
> the fly, and then presents that through the pkcs#11
Martin Paljak wrote:
> The US does not have such a card. The PIV is going to
> be for government employees and contractors.
Pity.
The US is scheduled to issue National ID cards by the end of 2009 but they
won't have chips, at least not at first. Our passports will soon have chips
but I
Our university has decided to equip faculty and staff with RSA sid800 usb
tokens. I would like to figure out some way to make these useful. RSA
claims the device complies with Open Platform and Javacard. If that's true,
I should be able to load the Muscle applet and use it with OpenSC.
They als
I'm trying to use my new Activcard usb 2.0 reader. I added an entry to
/etc/openct.conf for it, under the ccid section, "usb:09c3/0008," (I got
this from lsusb). But apparently I need something in openct.usermap, and I
can't find anything that describes the format of this file, either in the
open
31 matches
Mail list logo