Re: [opensc-devel] FOSDEM 2011: february 5th and 6th

://wiki.mozilla.org/NSS_Shared_DB [3] http://fedoraproject.org/wiki/FedoraCryptoConsolidation [4] http://www.opensc-project.org/opensc/wiki/FOSDEM2011 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc

Re: [opensc-devel] FOSDEM 2011: february 5th and 6th

software or something else. [1] http://live.gnome.org/GnomeKeyring/Architecture [2] http://www.opensc-project.org/opensc/wiki/OverView#Technicaloverview -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel

Re: [opensc-devel] FOSDEM 2011: february 5th and 6th

is a very bad choice usually :) -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

be not just ignoring PINs with unblocking capabilities but checking if the slot would contain other objects. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org

Re: [opensc-devel] [RFC] Proposal For Restructuring 'struct sc_pkcs15_card'

similar might help, but as the API is internal, something as simple as *something* for undocumented functions would be nice to have. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http

Re: [opensc-devel] OpenSSL 1.0 on windows

OpenSSL [2] as the API for smart card personalization or hardware key generation. [1] http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/sc.c#L696 [2] http://www.peereboom.us/assl/assl/html/openssl.html -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] OpenSC and Debug with Visual Studio

of copying the code. [1] http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/reader-pcsc.c#L807 [2] http://msdn.microsoft.com/en-us/library/3f8w183e(VS.71).aspx [3] http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/reader-pcsc.c#L1696 -- Martin Paljak @martinpaljak.net

Re: [opensc-devel] card-max_recv_size problem

in function parameters) -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Peter, r4722 does not affect the TCOS issue. You probably missed the e-mail, but I created a ticket for this: http://www.opensc-project.org/opensc/ticket/256 On Thu, Sep 16, 2010 at 01:12, Peter Koch p...@opensc-project.org wrote: Hi Johannes: 2010/9/9 Johannes Becker

Re: [opensc-devel] card-max_recv_size problem

On Sep 14, 2010, at 12:01 AM, Peter Koch wrote: Hi Martin! 2010/9/13 Martin Paljak mar...@paljak.pri.ee Should I set card-max_recv_size and card-max_send_size in tcos_init()? No. Sorry, this place was erroneously left untouched and is fixed in SVN trunk. Please verify that it works

Re: [opensc-devel] How to notify an invalidated card?

disconnect --verbose and ctx-debug as the functioning is misleading, especially the toying with stderr and debug_file. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc

Re: [opensc-devel] card-max_recv_size problem

-- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

card that has a pkcs15-emulation (except WestCOS and OpenPGP). No, it should not be touched, the root cause should be identified instead. Mapping of objects is probably the culprit. [1] http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L798 -- Martin Paljak

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L919 [3] http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15-tcos.c?rev=4250#L305 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hello, On Sep 13, 2010, at 12:04 PM, Martin Paljak wrote: I just did a quick grep LOGIN_REQUIRED *.c and it seems that only the WestCOS and OpenPGP emulations set LOGIN_REQUIRED while all other emulation-routines don't. CKF_LOGIN_REQUIRED from PKCS#11 (which is the flag missing in the 0.12

Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?

On Sep 13, 2010, at 6:02 PM, Alon Bar-Lev wrote: Is opensc-0.12 released? Or should I use trunk? You should use trunk. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http

Re: [opensc-devel] OpenSC 0.12.0 windows installer = 64bit?

need to use the PKCS#11 module in a 64bit application, you don't need a 64 bit OpenSC. For example, OpenVPN windows installer is 32bit, so is Firefox. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc

Re: [opensc-devel] Pin unlock.

by C_GetSlotInfo. Furthermore, the set of slots accessible through a Cryptoki library is checked at the time that C_GetSlotList, for list length prediction (NULL pSlotList argument) is called. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel

Re: [opensc-devel] OpenSC-0.12 and Spanish DNIe

/OpenSC/tree/dnie -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Problem with 2K keys and MyEID

Hello, On Sep 7, 2010, at 1:01 PM, Aventra development wrote: Thanks for the patch! The initial value for the FIXME could be the following (the FIXME): Fixed in 4699 [1] [1] http://www.opensc-project.org/opensc/changeset/4699 -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] 'max_recv_size' and 'Le'

available bytes (0x00) from the card will not be between 0..256 bytes but between 0..max_recv_size bytes. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org

Re: [opensc-devel] 'max_recv_size' and 'Le'

On Sep 7, 2010, at 4:56 PM, Viktor TARASOV wrote: Martin Paljak wrote: Hello, On Sep 7, 2010, at 12:45 PM, Viktor TARASOV wrote: in r4668 the APDU validity condition 'apdu-le 256' was replaced by 'apdu-le card-max_recv_size'. It's comprehensible but revealed the ambiguity

Re: [opensc-devel] [opensc-commits] svn opensc changed[4692] pkcs11: #250: refresh PIN counters and associated token flags on every call to C_GetTokenInfo

* and sc_pkcs15init_* calls. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Problem with 2K keys and MyEID

it even better in less (almost no) code, at least pin change and unblock seem to work without problems. The card_state handling should also be fixed, but I don't know what the initial value for it should be, thus the FIXME. myeid.patch Description: Binary data -- Martin Paljak

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hello, On Sep 6, 2010, at 2:05 PM, Johannes Becker wrote: Am Donnerstag 02 September 2010 schrieb Martin Paljak: Please provide opensc-debug.log for TCOS2 for the failing transaction with 0.12.0. If possible, also the successful log with 0.11.X might help. The logs are http://www.uni

Re: [opensc-devel] [opensc-commits] svn opensc changed[4692] pkcs11: #250: refresh PIN counters and associated token flags on every call to C_GetTokenInfo

. The file where it eventually ends up inside src/pkcs11 does not really matter. Once the cleanup is done, it will be clear. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc

Re: [opensc-devel] pcscd access rights limitation and scard group

Hello, On Sat, Sep 4, 2010 at 22:36, Ludovic Rousseau ludovic.rouss...@gmail.com wrote: 2010/9/4 Martin Paljak mar...@paljak.pri.ee: Why not make the udev rule start pcscd, running as a system user (nobody?), when a reader is connected? I could. But why do this? That would start a process

Re: [opensc-devel] pcscd access rights limitation and scard group

On Sat, Sep 4, 2010 at 22:43, Ludovic Rousseau ludovic.rouss...@gmail.com wrote: 2010/9/4 Peter Stuge pe...@stuge.se: Martin Paljak wrote: Nothing bad will happen if pcscd is not gracefully shut down when the computer is rebooting, Not the problem. But if pcscd crashes it should be restarted

Re: [opensc-devel] pcscd access rights limitation and scard group

://msdn.microsoft.com/en-us/library/aa379479(VS.85).aspx -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4693] MyEID: make working change/unblock PIN

. As a general rule, the amount of copypaste-ish code in drivers needs to be cut down for maintainability. myeid-pin.patch Description: Binary data -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc

Re: [opensc-devel] pcscd access rights limitation and scard group

Hello, I decided to use a new group called pcscd. I wrote an blog article [3] about this feature. pcsc-lite 1.6.5 is not yet released to allow anybody to comment on the idea and provide feedback before the release. You can get a snapshot of pcsc-lite and libccid from [4]. You have to

Re: [opensc-devel] pcscd access rights limitation and scard group

On Sep 4, 2010, at 8:33 PM, Peter Stuge wrote: Martin Paljak wrote: Why not make the udev rule start pcscd, running as a system user (nobody?), when a reader is connected? One reason is that it needs highly distribution dependent udev rules, while setting owner/permissions on a device

Re: [opensc-devel] pcscd access rights limitation and scard group

Hello, On Sat, Sep 4, 2010 at 21:29, Peter Stuge pe...@stuge.se wrote: Martin Paljak wrote: Why not make the udev rule start pcscd, One reason is that it needs highly distribution dependent udev rules, Existence of pcscd group is also distribution dependent, to some extent (meaning

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

, good point. We need it to ensure backward compatibility with old applications, which will disappear when moving to version 0.12. Apparently 0.11.14 needs to be a fixup release with several fat warnings. -- Martin Paljak @martinpaljak.net +3725156495

[opensc-devel] OpenSC Trac new ticket change.

of information that would help to identify a possible bug or conflict, so that already initial bug reports would be very useful. [1] http://www.opensc-project.org/opensc/wiki/ReportingBugs -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel

Re: [opensc-devel] Opensc and SetCOS.

module, if it works with NSS. It might get ready soon (this week) -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] How to use just one card of two in Firefox?

PKCS#11 option in opensc.conf [2]. [1] http://www.opensc-project.org/files/opensc/snapshots/ [2] http://www.opensc-project.org/opensc/browser/trunk/etc/opensc.conf.in#L407 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc

Re: [opensc-devel] Problem with 2K keys and MyEID

-project.org/opensc/wiki/ReportingBugs -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

with that release. There were no problems with opensc 0.11 and TCOS 2. Please provide opensc-debug.log for TCOS2 for the failing transaction with 0.12.0. If possible, also the successful log with 0.11.X might help. [1] http://www.opensc-project.org/opensc/wiki/ReportingBugs -- Martin Paljak

Re: [opensc-devel] MyEID microSD

with crypto capabilities on larger scale because of the greedy ignorant bastard named mobile operator. [1] http://code.google.com/p/seek-for-android/ -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc

Re: [opensc-devel] MyEID microSD

Helo, On Sep 2, 2010, at 6:01 PM, Andre Zepezauer wrote: On Thu, 2010-09-02 at 17:05 +0300, Martin Paljak wrote: I believe the reason why smart cards exist is their common, agreed upon form factor and the existence of related infrastructure pieces. Like pinpad smart card readers. Pinpad

[opensc-devel] OT: desktop crypto implementation

, companies usually have procedures and plans for key management, something that home users usually ignore) Business continuity, including proper key management and PKI, is hard :) -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list

Re: [opensc-devel] Logical Channels

-4_5_basic_organizations.aspx#chap5_5 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] use algorithm_ref in set_security_env

too excited about them, as this far often real (personalized) cards have been the reference implementations you need to follow, not standards. Then again, this does not forbid OpenSC from being a top-notch PKCS#15 implementation. Just start rolling in those nice patches. -- Martin Paljak

Re: [opensc-devel] Initialisation of CardOS

of [1] [1] http://www.opensc-project.org/opensc/changeset/4516 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

cards like small secure flash drives (like TrueCrypt wants to use PKCS#11) but key material should never be automagically extracted into host memory and the user of OpenSC (PKCS#11) left the impression that key operations are taking place inside the token, when in fact they are not. -- Martin

Re: [opensc-devel] Opensc and SetCOS.

to do with it. The culprit, failing C_WaitForSlotEvent amd pcsc_wait_for_event has been identified a few e-mails back. reader-pcsc.c needs fixing for a) card re-insertion detecion b) event waiting. -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Opensc and SetCOS.

): 0x7ffd4bc067c0 16:23:28.457 [opensc-pkcs11] misc.c:325:load_pkcs11_parameters: PKCS#11 options: plug_and_play=1 max_virtual_slots=16 slots_per_card=4 hide_empty_tokens=1 lock_login=0 pin_unblock_style=0 zero_ckaid_for_ca_certs=0 -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Opensc and SetCOS.

day, but what are not realistic or are not actionable enough to create a ticket at this current moment. Feel free to update it. [1] http://www.opensc-project.org/opensc/wiki/WishList -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel

Re: [opensc-devel] Opensc and SetCOS.

implemented) ?? There is EAP-TLS purely on a smart card prototype [1]. Smart card authentication usually means using the keys on the card, not storing plaintext keys to the card. [1] http://perso.telecom-paristech.fr/~urien/openeapsmartcard/ -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Opensc and SetCOS.

*. [1] http://www.opensc-project.org/opensc/ticket/250 [2] http://lists.drizzle.com/pipermail/muscle/2009-December/008009.html [3] http://lists.drizzle.com/pipermail/muscle/2009-December/008013.html -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Problem with 2K keys and MyEID

problem or knows why the pkcs15-tool does not work, feel free to edit the code or send some information to me so we will get also these working. Please provide a debug log. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list

Re: [opensc-devel] Problem with 2K keys and MyEID

also some fixes on whitespace: While at it, also myeid_set_security_env seems to be a 1:1 copy of iso7816_set_security_env? -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http

Re: [opensc-devel] Initialisation of CardOS

. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

renegotiation issue behaved differently with libneon (with OpenSSL) and libneon (with GnuTLS). -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman

Re: [opensc-devel] pcscd access rights limitation and scard group

On Aug 30, 2010, at 4:20 PM, Ludovic Rousseau wrote: 2010/8/30 Martin Paljak mar...@paljak.pri.ee: Hello, On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: As listed on the pcsc-lite TODO file [1] I would like to run pcscd as a normal user instead of root. To do this I need to: Good

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

/NSS_Shared_DB [3] http://www.opensc-project.org/opensc/ticket/205 [4] http://www.opensc-project.org/opensc/ticket/220#comment:3 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http

Re: [opensc-devel] pcscd access rights limitation and scard group

, -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] New Italian CNS/eID patch

On Aug 27, 2010, at 12:55 PM, Andre Zepezauer wrote: On Fri, 2010-08-27 at 11:12 +0300, Martin Paljak wrote: Hello, On Aug 26, 2010, at 6:34 PM, Andre Zepezauer wrote: One application for the give_random() function is contained in the attached patch. In short: C_SeedRandom() works fine

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

support) For all these reasons, I am against a 0.11.x bugfix release. Sorry, I don't see how this could conflict with 0.12.0 release/adoption. [1] http://amailbox.org/Linux/Who_Uses_The_2.4_Stable_Kernel -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] [Muscle] Re: pcscd access rights limitation and scard group

Helo, On Aug 30, 2010, at 1:36 PM, Johannes Findeisen wrote: On Mon, 2010-08-30 at 13:11 +0300, Martin Paljak wrote: On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: As listed on the pcsc-lite TODO file [1] I would like to run pcscd as a normal user instead of root. To do this I need

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

attention in the future to avoid such code. Will write it to the wiki as well. Apparently we need to clarify the capabilities of Rutoken (and different versions of it) regarding their RSA support *and* GOST support. [1] http://www.opensc-project.org/opensc/changeset/4645 -- Martin Paljak

Re: [opensc-devel] Question about patches

the latest version of OpenSC all the time. Best, -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] New Italian CNS/eID patch

-- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc and SetCOS.

nevertheless. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] How to Initialize a token using C_InitToken() from PKCS#11 interface?

with this option enabled as well. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc and SetCOS.

, however. Cheers, -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Opensc and SetCOS.

Helo, On Aug 25, 2010, at 2:55 PM, Ludovic Rousseau wrote: 2010/8/25 Martin Paljak mar...@paljak.pri.ee: If everything is working fine, there's nothing to worry about. If not, then it can be fixed by implementing a proper GET CHALLENGE method in card-setcos.c. If you can sniff the correct

Re: [opensc-devel] Serbian national eID smart card

page with such theme could be useful. With some high level overview of libopensc internals, that is of no interest to integrators or users. Best, -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc

[opensc-devel] Call for testing of the upcoming 0.12.0 release

] http://www.opensc-project.org/opensc/wiki/SubversionRepository [3] http://www.opensc-project.org/opensc/newticket -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc

Re: [opensc-devel] SC_SEC_ENV_KEY_REF_ASYMMETRIC

/pkcs11 as well. Now what do you think? Are this the kind of improvements you would like to see in opensc? Sure! Best, -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc

Re: [opensc-devel] Developer Statement On Insecure Default Settings

(reader-ctx, SC_LOG_DEBUG_NORMAL); -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Oops, wrong commit (my fault)

. Any opinions? Thanks! -- Emanuele ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] [opensc-commits] svn opensc changed[4633] Prevent card-incrypto34. c from catching the Italian CNS card's ATR

-project.org/opensc/changeset/2661 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] New Italian CNS/eID patch

Hello, On Aug 17, 2010, at 7:20 PM, Andre Zepezauer wrote: On Tue, 2010-08-17 at 10:08 +0300, Martin Paljak wrote: For example, try to explain why the ISO GET CHALLENGE code from year 2001 reads the random from the card in 8 byte chunks? Because it's the most generic solution

Re: [opensc-devel] New Italian CNS/eID patch

not be in iso7816.c with a nice warning in the source code. For example, try to explain why the ISO GET CHALLENGE code from year 2001 reads the random from the card in 8 byte chunks? Conclusion: please point out exact issues or provide a patch. -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Developer Statement On Insecure Default Settings

://www.opensc-project.org/opensc/wiki/SecurityConsiderations -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] New Italian CNS/eID patch

] http://www.opensc-project.org/opensc/ticket/237 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] New Italian CNS/eID patch

On Aug 15, 2010, at 4:21 PM, Emanuele Pucciarelli wrote: On Sun, Aug 15, 2010 at 13:45, Martin Paljak mar...@paljak.pri.ee wrote: iso7816.c should not be taken as a final, static code, if there are checks missing from there, it is OK to improve iso7816.c as well :) I think that the checks

Re: [opensc-devel] cast of malloc() calloc() return values

to the removal of these bad casts? None, as long as GCC does not complain more than it does now. Cheers, -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org

Re: [opensc-devel] Developer Statement On Insecure Default Settings

/listinfo/opensc-devel -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] card driver and locking

card. [1] http://www.opensc-project.org/opensc/browser/branches/vtarasov/opensc-sm.trunk -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo

Re: [opensc-devel] Patch to display correct EF ACLs in opensc-explorer

later, it employs a different label list for EF ACLs, which IMHO is wrong. I made this tiny patch – do you think it's all right? Yes, it seems right. It might even make sense to explicitly use ACL symbols for DF as well. -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] How to delete an X.509 certificate / RSA public key when RSA private key is missing

key or X.509 certificate is not supported: ... Do you know any reason for this? They are both stored as files and deleting files is not supported with Feitian cards. See OpenSC ticket #215 [1] [1] http://www.opensc-project.org/opensc/ticket/215 -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Help with project that demands interoperability betewen cards

defines the structure, not the commands to retrieve them. [1] http://www.opensc-project.org/opensc/wiki/DeveloperInformation#Toolsandlibraries -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc

Re: [opensc-devel] Spec for specifying PKCS#11 modules to load

is also built around PKCS#11-ish concepts. As it supports loading several PKCS#11 modules (softtoken being one of them) there could be multiple modules implementing the same algorithms. It does not make sense for hardware based keys though. -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] [opensc-commits] svn opensc changed[4613] ias/ecc: 'verify PIN' and 'set PIN' with PIN-pad

.len != 0 || use_pin_pad) { + if ((r = sc_build_pin(buf, buf_len, data-pin2, pad)) 0) + return r; + len += r; + } + break; -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Spec for specifying PKCS#11 modules to load

On Jul 20, 2010, at 7:42 PM, Jean-Michel Pouré - GOOZE wrote: On Tue, 2010-07-20 at 18:16 +0300, Martin Paljak wrote: If you plan to provide higher level GNOME API-s, my suggestion would be NOT to piggyback on PKCS#11. You may end up abusing it. If the specification tells that pReserved

Re: [opensc-devel] Italian CNS integration (without SM)

initializing the card driver, why so? Why not use the ISO function overloading as other drivers do? * MAX_LE and ITACNS_MAX_PAYLOAD, would it make sense to resort on one single value that gets fed to card max_recv_size? Thanks, Thanks! -- Martin Paljak @martinpaljak.net +3725156495

Re: [opensc-devel] Spec for specifying PKCS#11 modules to load

you improve gnome-keyring and related GNOME matters. [1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation [2] http://delta.affinix.com/qca/ [3] http://wiki.cacert.org/Pkcs11TaskForce [4] http://ludovicrousseau.blogspot.com/2010/04/free-software-tokend-above-pkcs11-for.html -- Martin

Re: [opensc-devel] Aladdin eToken Pro w/PKCS15 (was Re: OpenPGP card v2)

of GBA? http://en.wikipedia.org/wiki/Generic_Bootstrapping_Architecture -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Aladdin eToken Pro w/PKCS15 (was Re: OpenPGP card v2)

Knowledge Systems http://pcsclite.alioth.debian.org/unsupported.html#0x05290x0620 It is not supported / only works without a reset. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org

Re: [opensc-devel] Writing a tutorial about GnuPG support

uses PKCS#11 so you need to use a pre-personalized smart card with opensc-pkcs11.so In the configuration file: provider-p1-library /usr/lib/pkcs11/p1.so Should be: provider-p1-library /usr/lib/opensc-pkcs11.so Probably, it needs to point to the real file. -- Martin Paljak

Re: [opensc-devel] How to know free space left on a smartcard

some (few) bytes for internal bookkeeping and you get the rough size that gets used on the card. The same applies to on-board key generation. You know the size in bits of the keys and probably there is some extra space used for internal bookkeeping. -- Martin Paljak @martinpaljak.net

Re: [opensc-devel] MSI installer free software tools

integration with the platform. The discussion faded out then, one of outstanding issue is adding an OpenSC home registry during installation so that profiles could be found without consulting the configuration file even if OpenSC gets installed to non-standard locations. -- Martin Paljak

Re: [opensc-devel] MSI installer free software tools

. -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] OpenPGP card v2

] http://www.opensc-project.org/opensc/wiki/OpenPGP [2] http://www.opensc-project.org/opensc/wiki/SupportedHardware -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc

Re: [opensc-devel] ANN/RFC: KeyGen2/SKS

forgot to include the links, which I hereby fix: [1] http://webpki.org/ [2] http://code.google.com/p/openkeystore/ As you can see from [2], the reference implementation is Apache License 2.0 -- Martin Paljak @martinpaljak.net +3725156495 ___ opensc

Re: [opensc-devel] ANN/RFC: KeyGen2/SKS

useful in this specification, feel free mentioning where you got it from. Note: it is possible that there are pieces that already are patented by other parties but the author is currently unaware of any IPR encumbrances. [1] http://webpki.org/papers/keygen2/dp-sks.pdf -- Martin Paljak

Re: [opensc-devel] ANN/RFC: SmartCardWebApplet

Hello, On Jul 1, 2010, at 02:26 , Peter Stuge wrote: Martin Paljak wrote: SmartCardWebApplet It is awesome that you are putting so much effort into getting smart cards to the web, but I'm afraid I personally think that a Java approach is an enormous mistake. There are three different

<    1   2   3   4   5   6   7   8   9   >