On 11/11/2012 03:24 AM, Anthony Foiani wrote:
Greetings.
I'm working with a CardContact HSM, and would like to generate a
keypair on the token, then get a certificate based on that key.
Hello,
Your question was on openssl, but just in case someone is interested.
If you have any recent
On 11/11/2012 11:50 PM, Anthony Foiani wrote:
certtool --generate-request --outfile req.pem --load-privkey
pkcs11:yyy --load-pubkey pkcs11:xxx
should generate a request from the objects based on a smart card. The
pkcs11: URLs are obtained using the p11tool --list-all --login command.
On Mon, Aug 6, 2012 at 11:30 AM, Anders Rundgren
anders.rundg...@telia.com wrote:
On 2012-08-06 11:23, Andreas Schwier wrote:
I would assume, that checking constraints is the job of the RA, not the CA.
Anyway, our design works the other way around: The card generates the
CSR internally, so
On Wed, Mar 21, 2012 at 11:03 PM, Peter Stuge pe...@stuge.se wrote:
progress much faster, even in the price of committing not-the-best
solutions,
Do you find this a desirable quality for a security-related project?
I don't think that this thread was about a balance of quality against
2012/1/2 Jean-Michel Pouré - GOOZE jmpo...@gooze.eu:
Dear all,
Is there a way to store a 3DES key on smartcard, so it cannot be
extracted but still be usable by OpenSSL?
PKCS #11 allows that but opensc didn't support secret keys last time I
checked. Symmetric keys in smart-cards could be
On 09/22/2011 05:31 PM, Crypto Stick wrote:
The Gnuk project [1] is working on support of ECDSA. But I expect a few
more weeks or months until a public release.
[1] http://www.fsij.org/gnuk/
Looks pretty cool. About speed wouldn't using a gmp-based rsa (e.g. from
nettle) be of better
On Wed, Sep 21, 2011 at 9:59 AM, Stef Walter st...@collabora.co.uk wrote:
Is it normal for a Gooze Feitan ePass PKI Token to take over 60 seconds
to initialize when used with PKCS#11?
Mine operates much faster than that. I've noticed though that it does
not operate when plugged to a usb port
On Fri, Sep 9, 2011 at 9:38 AM, Martin Paljak mar...@martinpaljak.net wrote:
Hello,
Autumn has started (at least in northern hemisphere) so it is time to
pull together next OpenSC release.
- ECDH support [5]
Out of curiosity, are the ECDH static keys used anywhere? They remind
me of the DH
On 09/06/2011 03:38 PM, Martin Paljak wrote:
I'm trying to use the opensc 0.12.x ECDSA support, to allow ECDSA
signing in gnutls via PKCS #11. However I have no such cards to test it.
Do you have any suggestion on which card to use? (My only requirement is
that it must be obtainable without
Hello,
I'm trying to use the opensc 0.12.x ECDSA support, to allow ECDSA
signing in gnutls via PKCS #11. However I have no such cards to test it.
Do you have any suggestion on which card to use? (My only requirement is
that it must be obtainable without placing a mass order)
regards,
Nikos
On 08/18/2011 11:11 AM, Hans Witvliet wrote:
Perhaps a ludicreous question, but i post it anyway... Some
creditcard companies or banks supply their customer with cards plus
pin-code in order to identify themselfs during financial
transactions.
From my focus i presume these look like
On 08/04/2011 06:57 PM, Alon Bar-Lev wrote:
Hello,
In gnutls we dropped our own PKCS #11 back-end based on pakchois
for p11-kit. I try to contribute to the discussion based on this
experience.
pkcs11-helper targets developers who like to introduce PKCS#11 into
their application, especially
On 06/21/2011 07:59 PM, Stef Walter wrote:
I didn't like the pinfile attribute of pkcs11-urls much, because
its semantics are undefined. I see it as an option that could cause
compatibility issues between libraries using URLs. That's why I
have ignored it so far.
Yes, I understand that
On Mon, May 9, 2011 at 9:53 PM, Alon Bar-Lev alon.bar...@gmail.com wrote:
This is a matter of interpretation.
Either is not constant and user is not suppose to know of.
Apart of the special case of having a single slot, so you expect 0 I presume.
You can check which slot is what simply by
On Tue, May 10, 2011 at 9:40 AM, Giuliano Bertoletti g...@symbolic.it wrote:
Hello Nikos,
just a few notes.
The pkcs#11 standard adresses cryptographic devices in general, not only
smart-cards which might (or might not) have a single slot.
Cryptographic devices such HSMs are capable of
On 01/26/2011 08:46 PM, Andreas Jellinghaus wrote:
Am Mittwoch 26 Januar 2011, um 12:12:42 schrieb Nikos
Mavrogiannopoulos:
I don't understand what you mean by a reasonable enrollment
system, however having seen the EMV protocol, I believe that the
available PKCS #11 compatible smart-cards
On Wed, Jan 26, 2011 at 12:00 PM, Anders Rundgren
anders.rundg...@telia.com wrote:
External tokens on mobile phones is a difficult idea that most likely
will be marginalized by on-line schemes using embedded crypto hardware.
If there was this One Provider things could be OK, but it is really
On 11/08/2010 01:48 PM, Andre Zepezauer wrote:
I'm interested in the security attributes, that are set when the file
above is created. The simplest way to get these attributes is to use
opensc-explorer:
Here it is:
$ opensc-explorer
OpenSC Explorer version 0.12.0-rc1
Using reader with a card:
On Sun, Nov 7, 2010 at 8:07 AM, Andre Zepezauer
andre.zepeza...@student.uni-halle.de wrote:
Hello Nikos,
please could you post the access conditions of 3F00/5015/4946. I wounder
why the error code SC_ERROR_NOT_ALLOWED is returned. To me it seems,
that r4853 has only discovered an older bug.
The commit applied in svn revision 4853[0] does not allow me to
erase my feitian smart card:
$ ./pkcs15-init -E
Using reader with a card: OmniKey CardMan 3121 00 00
Couldn't bind to the card: Not allowed
The error I get from sc_select_file is -1209 and if set to zero
as before I can erase and
Hello Nikos,
AFAIK only RSA is supported by OpenSC.
Is this a design decision or a limitation of the supported cards?
regards,
Nikos
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
On 11/04/2010 09:46 PM, Nikos Mavrogiannopoulos wrote:
I'm trying to destroy an object I created on a Feitian PKI smart
card using pkcs11 calls. My result is CKR_GENERAL_ERROR. I can
reproduce it using the pkcs11-tool:
On the Feitian PKI and most smartcards, objects cannot be deleted,
per
token (0x1)
Logging in to Nikos Mavrogiannopoulos (User PI.
Please enter User PIN:
error: PKCS11 function C_DestroyObject() failed: rv = CKR_GENERAL_ERROR
(0x5)
Aborting.
If there is any additional help I can provide on that please let me know.
regards,
Nikos
On 11/04/2010 06:56 PM, Andre Zepezauer wrote:
If there is any additional help I can provide on that please let me know.
$export OPENSC_DEBUG=9
$pkcs11-tool [options] 2 file.log
But be aware of the fact, that your pin will be included in the log file.
There was no additional output with
Hello,
Another issue I had with opensc is when trying to use it with secret
keys (symmetric ones)[0]. My feitian card says it supports 3DES and DES
thus I assumed it should support storing symmetric keys as well. I tried
to do:
I used C_CreateObject with template:
CKA_CLASS - CKO_SECRET_KEY
On 11/04/2010 07:05 PM, Jean-Michel Pouré - GOOZE wrote:
Le jeudi 04 novembre 2010 à 18:37 +0100, Nikos Mavrogiannopoulos a
écrit :
I'm trying to destroy an object I created on a Feitian PKI smart
card using pkcs11 calls. My result is CKR_GENERAL_ERROR. I can
reproduce it using the pkcs11
26 matches
Mail list logo