Dmitry Zhigulin wrote:
> Hello Peter!
>
>> What kind of logon do you mean (ie. Windows-logon, SSH-logon, ...)
>
> Just authenticate user for security operation.
>
>> This only happens if you are using an Aladdin eToken that
>> was formatted by the Aladdin-tools. If you format your
>> eToken wi
Discardi Nicola wrote:
> There no way to put pkcs15 schema of a card in an xml file instead to
> write a specific source file?
>
> I think is good to find a way to insert new card without recompile
> anything.
me too, but unfortunately that's not so simple as you need to
encode different workflow
Douglas E. Engert wrote:
>
> Lars Silvén wrote:
>> Douglas,
>>
>> You got to have a reader capable of "extended APDU".
>> Then no chaining is needed since the commands may exceed 256 bytes.
>
> Well what if I don't have a reader that is capable of extended APDU,
buy another one ?
> can the card
Eddy Nigg (StartCom Ltd.) wrote:
> mkarmowski wrote:
>>
>> Eddy Nigg (StartCom Ltd.) wrote:
>>
>>> Perhaps try the latest OpenSC version (0.11.3)
>>>
>>
>> I using currently revision from trunk.
>>
> Thanks! Guess that's another call for Nils ;-)
the CREATE FILE apdu isn't available in
Alon Bar-Lev wrote:
> Hello,
>
> I am trying to use the new Athena support, it is my first attempt to
> use opensc as a native driver so I may got this wrong.
>
> I don't see that there are traces more than the --verbose flag.
> The "File not found" result is common to any PIN I write.
> The card
Andreas Jellinghaus wrote:
> On Wednesday 18 July 2007 22:27:06 Nils Larsch wrote:
>> IMHO the right way to fix this would be to tell the profile
>> layer to use the decryption operation for signing and not to
>> modify the card driver.
>
> I don't know about the p
Dmitry wrote:
> Some time ago I tests Cardos SC_CARD_TYPE_CARDOS_M4_3, with atr:
> 3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74
>
> Sign fails on final transmit of sign adpu. I analyzed adpu winscard.dll log
> of
> SmartTrustPersonal, which CSP sign correctly.
> And found that it use other way of sig
Eric Norman wrote:
...
>>> # cardos-info
>>> Info : CardOS V4.3B (C) Siemens AG 1994-2004
>>> Chip type: 123
>>> Serial number: 56 71 90 17 32 11
>>> Full prom dump:
>>> 33 66 00 40 EB EB EB EB 7B FF 56 71 90 17 32 11 [EMAIL PROTECTED]
>>> 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ...
Daniel Weller wrote:
> Hi Nils,
>
> cardos-info produces the following:
>
> # cardos-info
> Info : CardOS V4.3B (C) Siemens AG 1994-2004
> Chip type: 123
> Serial number: 56 71 90 17 32 11
> Full prom dump:
> 33 66 00 40 EB EB EB EB 7B FF 56 71 90 17 32 11 [EMAIL PROTECTED]
> 00 00 00 00 01 00 00
Alessandro Premoli wrote:
> I found the problem with my eAladdin eToken and latest OpenSC. It's
> missing the CardOS 4.01 ATR (it was accidentally removed a few days ago
>>from card-cardos.c but not re-added together with 4.01a).
I've fixed the atr matching code => please try a new snapshot.
Nils
Daniel Weller wrote:
> Hi all,
>
> I've been using the opensc CLI tools for some time together with the
> Siemens CardAPI pkcs11 library. As the Linux version of CardAPI has
> some, in my opinion, severe drawbacks (e.g. no support for protected
> authentication path, no support for C_InitToken)
Vladislav Kurz wrote:
...
> Is there any test suite whose results might be interesting to developers?
> E.g. trunk/src/tests/regression/run-all ?
",/run-all --continue" testd some important workflows
and should work for cardos (otherwise please send a bug report)
Nils
Jan Just Keijser wrote:
> Hi Nils,
>
> this is with Eddy's patch; before that I was never able to get this far ;-)
> also, I can dump the contents of my etoken now using
> ./opensc-tool -f
> and even a 'get' a file using opensc-explorer seems to work now, except
> for the fact that I don't know
Jan Just Keijser wrote:
> Hi Eddy,
>
> hmmm I was hoping to get cross-platform cross-software pkcs11 support to
> work. However, pkcs15-init also fails on me, BTW:
>
> ./pkcs15-init -C -v -v -v
> [pkcs15-init] sc.c:196:sc_detect_card_presence: called
> [pkcs15-init] reader-openct.c:207:openct_re
Eddy Nigg (StartCom Ltd.) wrote:
> Jan Just Keijser wrote:
>> yes it's an eToken PRO 32K ; I've always seen this thing reported by
>> OpenSC as a 64k card but I figured this was due to bad support for these
>> cards.
>>
> Nope...that's simply wrong. Another call for Nils ;-)
>
> Guess we'll n
Vladislav Kurz wrote:
> On Sun, 10 Jun 2007, Eddy Nigg (StartCom Ltd.) wrote:
>
>> Try this patch (not fully tested yet). Apply to current version or trunk.
>
> Thanks for the patch, i tried it with trunk. opensc-tool recognizes the
> card, I can expore it with opensc-explorer and see the DF 666
Hisham Aziz wrote:
> I want to use some unique attribute of the eToken to authenticate with
> the LDAP. Obviously I am talking outside the scope of using and
> cryptographic objects such as certificate and keys. We want this to be
> hardware specific, such as the eToken ID or the Smartcard ID fo
Andreas Jellinghaus wrote:
> On Thursday 24 May 2007 15:12:34 Robin Bryce wrote:
>> Was not sure whether this should be a ticket on the opensc trac or the
>> libp11 trac.
>
> this is libp11 code, so the libp11 trac is prefered.
>
>> Thought I'd raise it here instead. I believe the current
>> imp
Andreas Jellinghaus wrote:
...
> the more important questions is: but why do we need an official ssl
> certificate at all? there is no user information on opensc-project.org,
> all we use ssl for is the developer write access to the svn repository
> (and the login with trac and awstats and munin -
Martin Paljak wrote:
> On 02.05.2007, at 15:21, Alaric Dailey wrote:
>> StartCom has free certs, and is now accepted by most browsers.
>
> Nice service.
>
> But real life statistics say: 80% users use IE (in Estonia)
80% of the opensc-project.org visitors use IE I'm little
bit disappointed
Andreas Jellinghaus wrote:
On Monday 23 April 2007 21:01:07 Nils Larsch wrote:
or include a separate copy of the opensc.conf in the tests/regression
directory and use it in the test scripts (by setting the OPENSC_CONF
env. variable). On the other hand has the options caused quite a lot
of
Andreas Jellinghaus wrote:
Am Sonntag, 22. April 2007 11:38 schrieb Nils Larsch:
does setting "lock_login = true" or "cache_pins = true" in the opensc
config help ?
cache_pins solves the problem. enable that by default?
or include a separate copy of the opensc.conf in
Andreas Jellinghaus wrote:
Am Freitag, 20. April 2007 06:48 schrieb Nils Larsch:
Andreas Jellinghaus wrote:
Am Dienstag, 17. April 2007 19:52 schrieb Nils Larsch:
which test / card ? otherwise a APDU log would be interesting
(if the problem is reproducible).
cardos and cryptoflex with
Andreas Jellinghaus wrote:
Am Dienstag, 17. April 2007 19:52 schrieb Nils Larsch:
which test / card ? otherwise a APDU log would be interesting
(if the problem is reproducible).
cardos and cryptoflex with crypto001 test script in test/regressions.
happends always.
do the other test work
Andreas Jellinghaus wrote:
I as about to release 0.11.2, but regression tests found this:
pkcs15-tool --read-public-key 45 -o ./test-data/key.pem
--- Command output ---
asn1.c:1366:asn1_encode_entry: encoding of ASN.1 object 'key' failed: Out of
memory
asn1.c:1366:asn1_encode_entry: encoding of
Peter Koch wrote:
Hi all!
I'm trying to do an EXTERNAL AUTHENTICATE against a CardOS 4.01 card.
Requesting the challenge is easy. But how do I calculate the response?
Here's an example that I captured with an USB-sniffer:
APDU 1: 0084 08, Response 584eb56f6d9f13c5 9000
APDU 2: 00820081 08
Dmitry wrote:
I have 2 cards.
1. "Deutsche Bank - db SignaturCard" card - detected by opensc as "STARCOS SPK
2.3" and as "db SignaturCard" by SecCardAdmin from http://www.seccommerce.de.
2. "A - Trust" card - detected by opensc as "A-TRUST ACOS" and as "A - Trust
ECC" by SecCardAdmin.
A
Nils Larsch wrote:
Andreas Jellinghaus wrote:
Am Montag, 19. März 2007 23:30 schrieb Nils Larsch:
well, which platforms actually have a getpassphrase() function ?
Perhaps it's time to replace getpass() with something own
(getpass() isn't really nice anyway as it suppresses some sign
eugene wrote:
Nils Larsch wrote:
may I ask what the current status of your patches is
(we are planning a new release _very_ soon).
Hello.
I'm sorry for delay. Patches were made and tested by me long ago but I
havn't got any answers from hardware producers yet.
GZipped opens
Marcin Cieslak wrote:
Looks like I forgot to add --sha-1 argument to pkcs15-crypt. Is it
correct now? zapr-SHA-1 contains SHA-1 hash of some file.
% pkcs15-crypt -p 123456 -s --sha-1 -i zapr-SHA-1 --pkcs1 -o signed
Patched:
http://akson.sgh.waw.pl/~saper/opensc/pkcs15-sign-patched-debug-sha1.l
Marcin Cieslak wrote:
Hallo,
I am new to this list and I have the same issue with my brand new German
D-Trust card. However, the hack given already does not work for me.
I was getting similar reader error (I am using Omnikey 4040 PCMCIA on
FreeBSD).
On http://akson.sgh.waw.pl/~saper/opensc/tes
Andreas Jellinghaus wrote:
Am Dienstag, 20. März 2007 21:06 schrieb Nils Larsch:
Douglas E. Engert wrote:
...
grep serial_number * shows {most|all} the cards set something for
pkcs15->serial_number, even if its "" Is this a PKCS15
requirement to have a serial number?
th
Douglas E. Engert wrote:
...
grep serial_number * shows {most|all} the cards set something for
pkcs15->serial_number, even if its "" Is this a PKCS15
requirement to have a serial number?
the card serial number is not optional in pkcs15
Nils
___
Andreas Jellinghaus wrote:
Am Montag, 19. März 2007 23:30 schrieb Nils Larsch:
well, which platforms actually have a getpassphrase() function ?
linux and solaris have it, hpux doesn't.
Perhaps it's time to replace getpass() with something own
(getpass() isn't really ni
Andreas Jellinghaus wrote:
Am Montag, 19. März 2007 23:30 schrieb Nils Larsch:
well, which platforms actually have a getpassphrase() function ?
Perhaps it's time to replace getpass() with something own
(getpass() isn't really nice anyway as it suppresses some signals).
we could use
Albert Solana wrote:
Hi all,
While testing an OpenSC compiled by myself, I've found a strange
behaviour when using a smart card with a PIN greater than 8 bytes.
Any verify_pin or C_Login function returned Wrong PIN, but I was sure
I've entered it correctly.
All functionality except from it, wo
Simon Eisenmann wrote:
Works fine with this patch!
note that this is just a quick hack and no real solution.
Nils
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Martin Paljak wrote:
...
Confusion should be avoided with something else (maybe a more different
name for the module, one
that does not start with opensc-... ?)
what about something like [opensc_]estid_auth_pkcs11.so ?
If the name clearly indicates that this is a very special
version of the op
Martin Paljak wrote:
On 06.03.2007, at 0:05, Andreas Jellinghaus wrote:
It would be good to have opensc 0.11.2 soon, so I made another
pre-release with current trunk available:
It would be really good - especially becuase due to lack of time a year
ago 0.11.1 has a regression that renders 0.1
Nils Larsch wrote:
Simon Eisenmann wrote:
Here is the debug output to add some more details for this issue:
...
card-cardos.c:714:cardos_set_security_env: returning with: 0
sec.c:67:sc_set_security_env: returning with: 0
sec.c:49:sc_compute_signature: called
card-cardos.c:761
Douglas E. Engert wrote:
Is the OpenSC card driver missing some chaining of input code for this
card?
no
If his card can support an RSA key = 2048 it will need to send receive
256 bytes of data. If the card can support RSA key > 2048 then it
will have to read the data in multiple operations
Simon Eisenmann wrote:
Here is the debug output to add some more details for this issue:
...
card-cardos.c:714:cardos_set_security_env: returning with: 0
sec.c:67:sc_set_security_env: returning with: 0
sec.c:49:sc_compute_signature: called
card-cardos.c:761:cardos_compute_signature: called
card-
Douglas E. Engert wrote:
...
if it is not needed why included it ?
It is needed to get the config.h so it could test for HAVE_ZLIB_H
ok
By the way, every system I have has zlib. And the Windows
Smart Card Bundle also builds with zlib, so what system does not
have it?
this is not really r
Douglas E. Engert wrote:
One minor change, it looks like the #include "internal.h"
was removed from pkcs15-piv.c. I can add that back in
with any other changes you might want.
if it is not needed why included it ?
btw: the patch is imcomplete: at least the compression.c|h
files are missing.
N
Douglas E. Engert wrote:
I would to propose two sets of changes to the
./etc/opensc.conf.in file.
The first cleans up some PIV issues:
adding # piv to the list of supported internal driver names,
removing the # pkcs15emu = "PIV-II"; comment line,
adding the PIV-II to to the list of the
Douglas E. Engert wrote:
Peter,
I sent this to Andreas and Nils, but it might help answer your
questions
Andreas Jellinghaus wrote:
Am Montag, 5. März 2007 23:37 schrieben Sie:
Any chance getting the patch for the PIV compression ticket #128
into this release?
I'm asking Nils for feedback.
eugene wrote:
Hello,
I want to add support of a new smart card named RuToken to openct and
opensc projects.
Thank Nils and Cheers very much for help.
Now this card can be used for:
- signing e-mails with Icedove/Thunderbird.
- login user with PAM-PKCS#11 module.
- Russian GOST 28147-89 ciphe
Service Développement wrote:
...
According to your various remarks, i have changed the source code like
this :
- I deleted the added flags field of sc_pkcs15init_dataargs
structure and i used the auth_id field in the place of it.
- I modified the label management.
So the "patch_creatio
Heiko Knospe wrote:
Hi,
I can confirm the problem with cryptoflex RSA 2048 bit keys. With 1024
bit keys, it works fine. I also considered the recommendation in the
opensc FAQ to set max_send_size and max_recv_size to a lower value
(240), but the problem persists.
yep, 2048 bit RSA keys doesn
S. Wefel wrote:
Hi all,
for a test of our new CardOS4.3b cards I've upgraded from
opensc-0.11.1 to opensc-0.11.1-svn-r3119..
But this version doesn't seem to work with
Cryptoflex e-gate 32k cards.
ATR: 3B 95 18 40 FF 62 01 02 01 04
The card was initialized using opensc-0.11.1 and works well
wit
Wolfgang Glas wrote:
...
The first problem I have been faced with is, taht I could not present
both the user and the SO PIN to the toekn using C_Login. I cirumvented
this by applying the attached patch to opensc.
not sure if I really understand what you are trying to do but
according to pkcs1
Service Développement wrote:
...
I agree with you that objects are created with PIN protection if auth_id
is empty. But, it's not the goal of this modification.
The pkcs#11 documentation says that "The common Objects attributes
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL must be specified whe
Martin Paljak wrote:
This whole feature would look nice in a branch, IMHO.
agree, it might be a good idea to test such changes in
separate branch before changing the API in the main branch.
Cheers,
Nils
___
opensc-devel mailing list
opensc-devel@list
Service Développement wrote:
...
I agree with you that objects are created with PIN protection if auth_id
is empty. But, it's not the goal of this modification.
^ a 'not' is missing here
The pkcs#11 documentation says that "The common Objects attributes
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE,
Service Développement wrote:
...
Index: E:/Sources/opensc/svn_trunk/src/pkcs15init/pkcs15-init.h
===
--- E:/Sources/opensc/svn_trunk/src/pkcs15init/pkcs15-init.h(r‚vision 3114)
+++ E:/Sources/opensc/svn_trunk/src/pkcs15init/pkcs1
Dmitry wrote:
Hello! I am trying to work with starcos 2.3 card throw opensc, but get errors.
In according with documentation this card type is supported.
Help me please to make work opensc with this card.
and what exactly did you try to do with the card ? Is the card
empty or already personali
Cornelius Kölbel wrote:
Hello,
tried to write a patch for pkcs11-tool, that would allow to write the
public key to the smartcard.
Hm, does not work for me, yet.
hmm, it could be useful if you tell us what does not work ;-)
Cheers,
Nils
___
opensc-
Andreas Jellinghaus wrote:
or mask both values before comparing?
ok
Index: card.c
===
--- card.c (revision 3093)
+++ card.c (working copy)
@@ -765,14 +765,20 @@
matr_len = strlen(matr);
eugene wrote:
Hi,
I am working on new smart card driver for opensc library.
Here is the description of problems I found during implementation:
SC does not conform to PKCS#15, it does not contain RSA/DSA ciphers at
all, except Russian GOST-28147.89 standard,
but Windows drivers support keeping
Andreas Jellinghaus wrote:
Nils Larsch wrote:
If this sounds reasonable I will prepare a patch.
not 100% sure I understood it correctly, but it is worth
a try. please do so.
well, I thought of something like this (see attached patch,
note: untested).
Cheers,
Nils
Index: src/libopensc
Thomas Harning Jr. wrote:
On Sat, 2007-01-06 at 16:28 +0100, Nils Larsch wrote:
OpenSC wrote:
#128: Patch: PIV Card update patch
-+--
Reporter: harningt |Owner: opensc-devel@lists.opensc.org
Type
Heiko Knospe wrote:
Hello,
my (actually fully supported) Cryptoflex 32K v4 card is not detected
because of a bug with ATR masking:
card.c:188:sc_connect_card: trying driver: flex
card.c:746:match_atr_table: ATR : 3b:95:18:40:ff:64:02:01:01:02
card.c:754:match_atr_table: ATR try : 3b:95:15
OpenSC wrote:
#128: Patch: PIV Card update patch
-+--
Reporter: harningt |Owner: opensc-devel@lists.opensc.org
Type: enhancement | Status: new
Priority: normal |
Andreas Jellinghaus wrote:
...
I guess we will need to move the loop logic into the iso function, so
each card can have it's own loop logic. now what I don't know what the
common case should be.
I think we should keep it in apdu.c. If an APDU returns 0x61xy
we should try to read at least xy mo
Andreas Jellinghaus wrote:
at least with cryptoflex only the sign apdu returns 0x61 and the number
of bytes we can fetch. all get response commands return 90 00. so we
need to keep the number of bytes to get from the first command, and then
loop till we received all bytes.
I hope this also wor
Peter Koch wrote:
...
Unfortunately the login-process uses some sort of challenge-response
mechanism (GET CHALLENGE command followed by EXTERNAL AUTH)
So far I have absolutely no idea how to compute the response from
a given challenge. I do know where the certs and keys are, and I do
know all APD
Percival Blakeney wrote:
I am involved in a project that is considering the use
of Aladdin's eToken PRO USB tokens for system access
control and document signing (my customer currently
uses tokens are provisioned using Entrust 7 on
Windows.)
One "nice-to-have" feature for the project would be to
OpenSC wrote:
#129: trunk breaks openssh support
-+--
Reporter: aj |Owner: opensc-devel@lists.opensc.org
Type: defect | Status: new
Priority: highest |Milestone
Faidon Liambotis wrote:
Andreas, hi,
[please Cc me on replies]
Andreas Jellinghaus wrote:
thanks. I think smart card pins are too important to be passed to other
modules. so I removed that code completely.
I have to disagree here. Smart card pins are indeed sensitive but I
think that PAM is tr
Andreas Jellinghaus wrote:
Thomas Harning Jr. wrote:
Now for my patching/licensing question:
In the headers of the files I notice copyright notices of developers.
What sort of patch contribution is expected in order to get in that
list? Thanks!
very good question!
if you add something to a
John T. Guthrie wrote:
On Sun, 2006-11-19 at 02:31 -0500, Chaskiel Grundman wrote:
It should be possible to construct an appropriate PKCS15Object from a
PKCS#12 file, but I do not know of any publicly available code that does.
Such code does not seem to be relevant to opensc.
I would think th
Chaskiel M Grundman wrote:
--On Friday, November 17, 2006 10:38:34 AM +0100 Andreas Jellinghaus
<[EMAIL PROTECTED]> wrote:
no idea what the code meant to do, so not sure if
this is a bug / how to fix it. maybe someone can have
a look?
btw: which compiler did you use ?
Lose the '*'. Chang
Andreas Jellinghaus wrote:
I'm using openct+opensc+libp11+engine_pkcs11+openss to do this:
create a certificate signed by the smart card.
with the ubuntu edgy packages this works ok, with all components
current trunk it doesn't work at all:
pkcs15-init -ET
pkcs15-init -CT -p pkcs15+onepin --labe
Jesus Luna wrote:
...
This HSM in particular (RealSec's CryptoSec at
http://www.realsec.com/esp/servicios/cifrado.html) does not store private
keys, it's only a crypto-accelerator.
how is this supposed to work ? pkcs11 expects the keys to be present
on token (or within the library) when a sign
John T. Guthrie III wrote:
Hello all,
The following may sound like a rather strange question. First a bit of
background. The company that I work for recently acquired some APC 7931 power
distribution units. These PDUs are quite nice for what they do, and they are
quite nicely managable. Howe
Jesus Luna wrote:
-Mensaje original-
De: Nils Larsch [mailto:[EMAIL PROTECTED]
Enviado el: lunes, 13 de noviembre de 2006 21:02
Para: Jesus Luna
CC: opensc-devel@lists.opensc-project.org; 'Oscar Manso'
Asunto: Re: [opensc-devel] Using engine_pkcs11 with openssl for OCSP
S
Andreas Jellinghaus wrote:
Nils Larsch wrote:
the code in apdu.c should do this automatically unless you explicitly
disable this (but perhaps it would be useful if the iso get_response
implementation would respect the reader limits).
that code doesn't look at max_send/recv_size. if the
Andreas Jellinghaus wrote:
...
also I wonder:
2048bit signatures with cryptoflex 32k cards in scm readers -
they won't work with ccid + pcscd + opensc either, correct?
i.e. we need to implement get response in several small steps
for cryptoflex?
the code in apdu.c should do this automatically u
Thomas Harning Jr. wrote:
On Thu, 2006-10-26 at 11:05 -0500, Douglas E. Engert wrote:
I would hope you would never try to cache a pin especially with
a card like the one you describe:
* If the card was issued such that you had to enter the pin
before every signature, then you are violat
Jesus Luna wrote:
Hello,
Our OCSP Responder is based on Apache's mod_ssl and uses openssl libraries
to perform crypto operations (i.e. signing the Responses). These days I've
been trying to implement HSM support with the PKCS11 DLL provided by the
crypto device manufacturer (Spain's RealSec).
Wh
Andreas Jellinghaus wrote:
lets test first, if it doesn't work...
test what ? If we globally restrict the buffer size we certainly
will have problems with some tokens (etokens pro with 2048 bit keys,
note: cardos m4.2 doesn't have a GET RESPONSE command => every byte
that doesn't fit into the r
Andreas Jellinghaus wrote:
...
If it's property of the gemsafe card it should
be put in the card driver if it's a limitation of the reader
we should place it in the reader driver.
If I understand this correctly, setting such a limit will not
cause any problem except some extra transactions and
Andreas Jellinghaus wrote:
[EMAIL PROTECTED] wrote:
Revision: 3055
Author: nils
Date: 2006-11-11 11:46:36 + (Sat, 11 Nov 2006)
Log Message:
---
remove useless code
Modified Paths:
--
trunk/src/libopensc/iso7816.c
Modified: trunk/src/libopensc/iso7816.c
===
Andreas Jellinghaus wrote:
+/* need to limit to 248 */
+if (card->max_send_size > 248)
+card->max_send_size = 248;
+if (card->max_recv_size > 248)
+card->max_recv_size = 248;
+
+
can we put something like this in the generic code for
all cards and drivers? or in the
Martin Paljak wrote:
On 11.11.2006, at 13:09, [EMAIL PROTECTED] wrote:
+if (p1->type == SC_PATH_TYPE_DF_NAME || p1->type ==
SC_PATH_TYPE_DF_NAME)
+/* we do not support concatenation of AIDs at the moment */
+return SC_ERROR_NOT_SUPPORTED;
+
This one seems to be a typo...
Douglas E. Engert wrote:
Please consider adding the attached patch to pkcs15-gemsafe.c
which I originally sent August 10. This version is against
the 0.11.2-pre2.
committed.
Cheers,
Nils
___
opensc-devel mailing list
opensc-devel@lists.opensc-projec
Jesus Luna wrote:
Dear all,
I'm trying to add HSM support to our OCSP Responder by integrating
engine_pkcs11 with openssl to it, however in our tests we have found that
RSA Signature operations are not implemented
Do you mean: signing ocsp responses with openssl (the command
line tool ?) doesn
Tarasov Viktor wrote:
Hello,
will it be more appropriate to change the SC_FUNC_RETURN (and similar)
define
from:
#define SC_FUNC_RETURN(ctx, level, r) { \
...
}
to:
#define SC_FUNC_RETURN(ctx, level, r) do { \
...
} while(0)
this will certainly improve the readability of the source
code as
Martin Paljak wrote:
Hi,
On 30.10.2006, at 15:25, Daniel Weller wrote:
This interoperability problem is of course undesired, but I am unsure
how to best approach this problem in the context of libp11. I have
attached my very unsophisticated workaround, which treats slots that
contain an unrecog
Martin Paljak wrote:
...
The subversion branch is called trunk. if someone uses it and want to
report a bug in this branch I imagine he knows what he is doing and
the name trunk should be reused for the version field.
Now this is a somewhat technical issue. If we had branches with ongoing
work t
Ludovic Rousseau wrote:
Hello,
I find it very irritating to have to change a root onwed file
(/etc/opensc/opensc.conf in my case) just to change the debug level in
libopensc.
you should be able to let opensc use a user supplied config file
by setting the OPENSC_CONF env. variable
I propose
Antti S. Lankila wrote:
Nils Larsch wrote:
disagree, (at least as far as pkcs11 concerned) as this would prevent
every application from using non-rep. keys not just application which
want to use non-rep. key for authentication.
It's not the job of a pkcs11 library to decide which ke
Antti S. Lankila wrote:
I used pkcs11-spy against opensc-pkcs11 to investigate the series of
events that leads to the login with the non-repudiation signature. I
would like to prevent this, as the key is simply too sensitive for being
unlocked without user's explicit intention of signing a cont
Hi,
is there interest in a tool / library to handle (create/verify/parse)
CV certificates ? cv certs (cv == card verifiable) are very simple
(notheless somewhat strange) certificates used for authentication,
secure installation of public keys etc. (the upcoming German heath
care cards use them fo
Michael Siebert wrote:
First:
Hello there!
Moin
Now, that we had that:
I have a few questions regarding the opensc PKCS15 implementation. as i
read in the sources (src/libopensc/pkcs15.h) in the function
static int sc_pkcs15_bind_internal(sc_pkcs15_card_t *p15card)
the lib tries to blind
Hi Ludovic,
Ludovic Rousseau wrote:
Hello,
I am trying to use a card that is ISO 7616-15 and follows a proposed
amendment to ISO 7616-15. I can send the full text of the amendment if
needed (33 KB) but it is too big for this list (without manual
approval).
I could approve it if there is gener
Ludovic Rousseau wrote:
Hello,
the seInfo field is defined in libopensc/pkcs15.c as:
{ "seInfo", SC_ASN1_SEQUENCE, SC_ASN1_CONS |
SC_ASN1_TAG_SEQUENCE, SC_ASN1_OPTIONAL, NULL, NULL },
but SC_ASN1_SEQUENCE type is not managed by asn1_decode_entry() in
libopensc/asn1.c
this is not rea
Ludovic Rousseau wrote:
Hello,
I have a card conforming to ISO 7816-15. ISO 7816-15 is slightly
different from PKCS#15 and among other changes the tokenInfo changed.
In PKCS#15 (v1.1, June 2000, page 48) we have:
TokenInfo ::= SEQUENCE {
version INTEGER {v1(0)} (v1,...),
s
Hi Martin,
Martin Paljak wrote:
Nils,
As you once did some rewrites in the pkcs#11 locking code, please have a
look at this patch (hmm, it was here some 6 months ago or so, but
still...) that makes the locking decision bit clearer and is in 'direct
relation' with pkcs11 spec. Commit as well
Ludovic Rousseau wrote:
Hello,
I have a card conforming to ISO 7816-15. ISO 7816-15 is slightly
different from PKCS#15 and among other changes the DDO (Discretionary
ASN.1 data objects) changed.
In PKCS#15 (v1.1, June 2000, page 11) we have:
DDO ::= SEQUENCE {
oidOBJECT I
1 - 100 of 240 matches
Mail list logo