Niclas Hoyer wrote:
> > Maybe the reader contacts have oxidized, or the plastic on the edges
> > of the reader has been worn or damaged so that the card is not guided
> > to the exact right location under the contacts, or maybe even the
> > card contacts are worn?
>
> I tested a bit more. If i pus
Niclas Hoyer wrote:
> I have set up OpenCT and cm4040 on a up to date full x64 ArchLinux
> system. The only thing I had to do, after I installed
> openct from AUR and pcsclite from the repositories was to first
> comment out
>
> #reader cm4040 {
> #driver = ccid;
> #device = pcmcia
Niclas Hoyer wrote:
> > Um, ok, please let me know if I should spend time helping you to get
> > the cm4040 working?
>
> Thanks for your help. I think I got it working now. I reinstalled
> openct and double checked /etc/reader.conf.d/reader.conf
>
> $ cat /etc/reader.conf.d/reader.conf
> FRIENDLY
Hannu Kotipalo wrote:
> >> Personally, I got pissed off with fighting with openct. pcsclite
> >> works much better.
> >
> > This is simply not true. As I already explained, OpenCT works
> > perfectly, and it offers the rather significant advantage that
>
> hmm.. when I tried openct some time ag
Niclas Hoyer wrote:
> Unfortunately, it seems that the tar file, that HID uploaded is not correct:
> $ tar xvf ifdok_cm4040_lnx_x64-2.0.0.tar.gz
> tar: This does not look like a tar archive
Their web server is configured to automatically gzip compress file
names which end with .gz, so you get a ta
Niclas Hoyer wrote:
> thanks for your help. I just copied your entries in /etc/reader.conf and
> it worked!
> Unfortunately, it just worked once really well. OpenCT crashed somehow
> and now just responses with
> ct_card_lock: err=-7
I haven't seen this on my system, but OK, let's solve that probl
Hannu Kotipalo wrote:
> Personally, I got pissed off with fighting with openct. pcsclite
> works much better.
This is simply not true. As I already explained, OpenCT works
perfectly, and it offers the rather significant advantage that
I do not have to rely on a closed source software for doing my
Martin Paljak wrote:
> > Key is to build pcsc-lite with support for openct.
>
> I guess you mean the opposite: build openct with pcsc-lite support.
Yes, that's right. Sorry for the confusion.
> It would be nice if some OpenCT user would:
> - remove CCID support from OpenCT default build
> - mak
Niclas Hoyer wrote:
> $ openct-tool list
> 0 CCID Compatible
> $ openct-tool atr
> Detected CCID Compatible
> Card present, status changed
> ATR: 3b ff 96 00 ff 81 31 ...
Good stuff. This means kernel driver and OpenCT are all in order.
In order to work easily with OpenSC and other software tha
Andreas Jellinghaus wrote:
> > I'm running a recent ArchLinux on a Thinkpad x60t and installed a
> > CardMan4040 pcmcia card reader.
> > OpenCT works, at least I get an ATR:
>
> Buy a real card reader, CardMan 4040 never worked right in all these
> years, as far as I know.
Not so. I'm using one w
Ludovic Rousseau wrote:
> >> The good news is that a new stable version of libusb should be
> >> available "soon".
> >
> > Oh cool. Thanks for fixing it.
The patch has been available for a long time already, it has taken
libusb a good while to catch up with all issues.
> > Is it worth filing bugs
Alon Bar-Lev wrote:
> However, there are some advanced cards that can generate
> authentication token, so you can actually authenticate once using
> PIN get authentication token out of the card (many can be available
> at same time), then each transaction is authenticated using these
> tokens. This
Viktor TARASOV wrote:
> when creating new object with protected usage (using
> 'pkcs15-init'), the 'auth-id' argument is mandatory.
> 'Auth-id' argument can have only one possible value
This I think is the crux, and it always seemed stupid to me that I
need to provide an argument which can only ev
Frank Morgner wrote:
> > > But you can also accept the overhead and use standardized
> > > interfaces. This approach gives you support for a wide variety of
> > > applications and (existent) hardware/software.
> >
> > The *only* interface that matters is p11.
>
> This is not true in many regards.
Frank Morgner wrote:
> But you can also accept the overhead and use standardized
> interfaces. This approach gives you support for a wide variety of
> applications and (existent) hardware/software.
The *only* interface that matters is p11. All the other crap is 30
year old legacy that the world wo
Jean-Michel Pouré - GOOZE wrote:
> > For the sake of purity, I don^t think that --list-public-keys should
> > display a fake public key object, which does NOT exist on the card in
> > relevant PKCS#15 structures. but patches for documentation are most
> > welcome.
>
> I understand your point of v
Alon Bar-Lev wrote:
> >> it would be better to emulate some standard interface, such as
> >> serial over USB.
> >
> > Absolutely not.
>
> I would not dismiss this entirely...
Yes, entirely. It is incredibly silly to create a protocol on top of
stream emulation on top of a protocol which is *ALREA
NdK wrote:
> Fox Board ( http://acmesystems.com/ ).
.it
> It's surely not cheap
I will probably get a gumstix board for another couple of projects,
and might prototype on that. I'm not sure the final system should run
Linux because it's a whole lot of code for a simple device and
because it does
Alon Bar-Lev wrote:
> it would be better to emulate some standard interface, such as
> serial over USB.
Absolutely not.
> Serial over USB has the advantage to work on all modern operating
> systems, including Windows (PKCS#11 only not mini CSP). While
> implementing all logic within userspace.
NdK wrote:
> One of the projects on my TODO list (quite a long list :( ) is to
> implement a suitable interface (CCID+virtual token? Could be better to
> opt for something that doesn't require APDUs...) on an embedded system
> w/ USB device interface...
Right. This is the idea for a USB p11 token
Jean-Michel Pouré - GOOZE wrote:
> It took me some time to understand that pkcs15-tool --list-public-keys
> did not return all public keys. So I expect users to be lost.
>
> We need one simple command returning precise information.
Yes and no. It's not bad to have low-level tools which are useles
Martin Paljak wrote:
> > - Needs a consensus on variable list,names and so
>
> I guess there's some kind of (international/EU) standard for travel
> documents (ICAO MRTD?) that define names for common fields of such
> documents. That could be used as a reference, probably there's even
> a standard
Peter Marschall wrote:
> Sorry for doing it again via mail this time.
> Give me time until Easter to try github.
I think posting patches to the mailing list is great because it makes
it so easy for everyone to look at them.
//Peter
___
opensc-devel mai
jons...@terra.es wrote:
> A little patch to "installer_from_build.sh" script to use correct
> mingw prefix on win32 builds
Tricky. I don't think "correct" is defined by what the distribution
happens to have packaged. :\
//Peter
___
opensc-devel mailing
Martin Paljak wrote:
> The way I understand it, opensc-pkcs11.dll (and other DLL-s)
> resources should contain the version of the overall OpenSC package
> for visual inspection, not what libtool thinks is the "interface
> level".
This is actually what libusb-1.0 does too.
//Peter
___
Martin Paljak wrote:
> > * File versioning. Current .rc uses the libtool related version in the file
> > versioning which is not optimal. It has to my knowledge no relation to the
> > libtool interface versioning. Versions from OpenSC version and SVN revision
> > could be used instead. 0.12.1.52
Douglas E. Engert wrote:
> can run the opensc-cardmod.dll mini-driver
Request fixing this filename. Suggest opensc-minidriver.dll instead.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman
Peter Stuge wrote:
> As for incomplete, that suggests to me going beyond a technical
> requirement, ie. does the CN actually include all subject's middle
> initials?
Or at least to policy; is subject OU required and missing?
//Peter
__
Brian Thomas wrote:
> The subject of the requirement is to verify that "malformed" or
> "incomplete" certificates cannot be loaded on to the card.
As you may know, X.509 is a low level standard, so what is considered
malformed in one circumstance may be unproblematic in another.
Much more specifi
Brian Thomas wrote:
> I need to prove to our customer that OpenSC performs some sort of
> sanity checking before loading a certificate on to a smart card.
Sanity checking of what?
If the requirement is not qualified any further then that is one
stupid requirement.
> PKCS15-init does some kind o
NdK wrote:
> $ ssh otheruser@myhost
> Enter PIN for 'MyEID (User Auth)':
> C_Sign failed: 257
> ssh_rsa_sign: RSA_sign failed: error:25066067:DSO support
> routines:DLFCN_LOAD:could not load the shared library
> Permission denied (publickey,password,keyboard-interactive).
> -8<--
>
> Even an strac
Viktor TARASOV wrote:
> Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01
..
> It seems that for the quoted form of #include macro preprocessor do
> not looks for the file to include in the directory of the file that
> contains this #include statement.
That seems wrong. Oh well
Hi Jean-Michel,
Jean-Michel Pouré - GOOZE wrote:
> I ran twice time pkcs15-init --generate-key rsa/2048:
Thanks for testing!
> 0.01user 0.00system 0:51.63elapsed
> 0.00user 0.00system 1:33.16elapsed
>
> So everything is okay. It is fast and not constant time.
42 seconds is a pretty big "aro
Jean-Michel Pouré - GOOZE wrote:
> Le mardi 08 février 2011 à 15:30 +0100, Peter Stuge a écrit :
> > Quality of key material is however very important, for all cards,
> > since these are security products.
> > If in fact a card is not so secure, then we will do the world a
&g
Jean-Michel Pouré - GOOZE wrote:
> > Hopefully the quality of your key is.
>
> The issue of the quality started with a remark from Ludovic:
>
> > It looks like bad news for me.
> > A prime number generator in constant time is _very_ suspect.
>
> On mailing list, this kind of remark is meant to s
Jean-Michel Pouré - GOOZE wrote:
> Le mardi 08 février 2011 à 11:53 +0100, Ludovic Rousseau a écrit :
> > Jean-Michel, can you work on setting up the tools and procedure?
>
> Sorry, I wron't. As you generate RSA keys once and forget it, the
> generation speed is not an issue to me IMHO.
Hopefully
Jean-Michel Pouré - GOOZE wrote:
> > It is _expected_ to have a _highly_ variable time for prime number
> > generators.
>
> This is understood now. So please let us remove key generation time on
> the wiki for all cards.
This suggestion could easily be misinterpreted as promoting security
by obsc
Dan Lukes wrote:
> > Andreas Jellinghaus wrote:
> >> hmm, can you
> >> #ifdef WIN32
> >> #define %size_t %Iu
> >> #else
> >> #define %size_t %zu
> >> #endif
> >
> > #define PCT_SIZE_T "%lu" and "%zu" could work I guess.
>
> If you mean "define PCT_SIZE_T %lu on Windows, %zu otherwise",
No, I don'
Ludovic Rousseau wrote:
> >> Can you do this script, let's say 10 times, and give a mean value, a
> >> min and a max value? The RSA key generation time is usually (highly)
> >> variable.
> >
> > I ran it 10 times already and it pretty stable around these values.
>
> It looks like bad news for me.
Andreas Jellinghaus wrote:
> hmm, can you
> #ifdef WIN32
> #define %size_t %Iu
> #else
> #define %size_t %zu
> #endif
#define PCT_SIZE_T "%lu" and "%zu" could work I guess.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
htt
Dan Lukes wrote:
> >> - printf("expecting %lu, got only %d bytes.\n", len, r);
> >> + printf("expecting %u, got only %d bytes.\n", len, r);
>
> > In fact the correct answer is %zu [1]
> > But this does not work on Windows.
>
> Then use %llu and cast len to unsigned lon
Jean-Michel Pouré - GOOZE wrote:
> I having a problem with CAcert certificates when they contains
> email=123123123123123. But it could be anything.
>
> How to debug this kind of issue using OpenSSL engine pkcs11? Or can
> anyone guide me during debugging?
You would have to explain what the probl
Martin Paljak wrote:
> 2. Use meaningful commit messages,
I find this very very important, *especially* if seeking review from
peers.
> - If it fixes a ticket - include ticket number
Trac can pick up special commands from commit messages and
automatically add references to tickets, or close ti
Jean-Michel Pouré - GOOZE wrote:
> > As you probably know that is not how open source projects
> > work. I don't think anything has been planned.
>
> Do we all agree that open source project usually release often.
I agree that release often is good. I was refering to the "request"
for release by
Brian Thomas wrote:
> My company is going to propose a patch to fix this problem.
Great!
> We are in dire need of this functionality to be implemented in a
> public release with 1 months timeframe.
Eh.. Well.. As you probably know that is not how open source projects
work.
> Does anybody have
Brian Thomas wrote:
> To meet our customer's deadline we cannot perform a modification to
> OpenSC due to the amount of V&V efforts associated with it.
All you need to do is send a clean patch with a commit message that
makes sense. But I guess that's too much. :\
//Peter
___
Lionel Elie Mamane wrote:
> > Implemented. you shouldn't be able to send email to
> > opensc-d...@opensc-project.org any more.
>
> Then please change the Reply-To of the opensc-commit mailing
> list... Commit messages come with
>
> Reply-To: opensc-de...@opensc-project.org,
> opensc-devel
Jean-Michel Pouré - GOOZE wrote:
> > I've been under the impression (based on the header in "should work"
> > list [1]) that it contains readers which work as expected and which
> > Ludovic has.
>
> The names should be then:
> * Unsupported.
> * Supported (and not should work).
> * Supported and r
Jean-Michel Pouré - GOOZE wrote:
> The libccid supported list is for companies which pay technical review.
> When companies do not pay, readers are listed in "Should be supported".
What do you mean by this? It sounds really obnoxious, but I think
there is a language barrier here and I do not want
Anders Rundgren wrote:
> In a recent project there were a requirement for frequent and *automated*
> renewals of certificates. The renewal procedure is based on creating
> a self-signed request which is then signed by the original key.
>
> It appears that the new key cannot (for a *remote* CA) be
Andreas Jellinghaus wrote:
> > The motivations are, again:
> >
> > * to have one canonical mailing list address
> > + meaning that mail to other addresses has some handling
> > to help guide posters to the canonical address (ie. something
> > better than current forwarding)
>
> fine wit
Jean-Michel Pouré - GOOZE wrote:
> * Start with a 15 minutes slides presenting the various crypto
> frameworks at OS level + application level. The last topic on CSP rang
> the bell to me and this is really hell of a jungle.
>
> This presentation could be called 'Hell of a jungle' and be funny.
Andreas Jellinghaus wrote:
> > But it isn't working, that's the point. It's ambiguous and
> > unneccessary to have two addresses for the list and every now and
> > then there are duplicate messages
>
> so you want a postfix config change with smtpd_recipient_restrictions
> gaining an check_recipie
Andreas Jellinghaus wrote:
> the biggest argument of course is: why change a working system?
But it isn't working, that's the point. It's ambiguous and
unneccessary to have two addresses for the list and every now and
then there are duplicate messages because a message ends up being
sent to both a
Martin Paljak wrote:
> >> I would appreciate if we could change the canonical email address of
> >> the list to be *without* the lists. name. Possible?
> >
> > but it is much easier to direkt all emails to @lists.opensc-project.org
> > to mailman.
Is this the only argument?
> > the alternative
Jean-Michel Pouré - GOOZE wrote:
> Did any succeed in using eID authenticate under Windows 7 with the
> Feitian PKI card: https://sourceforge.net/projects/eidauthenticate/
This seems to only be for use with eid. Do you mean that you imported
your eid onto the feitian card?
//Peter
__
Jean-Michel Pouré wrote:
> I just discovered the pGina project:
> http://www.gooze.eu/links/pgina-open-source-authentication-system
http://www.pgina.org/index.php/Main_Page
Didn't know they had a 2.x version out. Nice!
> I would like to use:
> * OpenSC under Windows.
> * pGina authentication sy
Mr Dash Four wrote:
> CNG-based Certificate Templates
..
> issuing Smart Card Logon certificates
Note that neither of these have much to do with the opensc p11.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.open
Mr Dash Four wrote:
> > You need either a CSP or a GINA replacement.
>
> Thanks Peter, but what is 'CSP' or 'GINA'?
You get to google that all on your own.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-p
Hi. Sorry for the double posting from me. I have seen it happen also
with other senders. I believe the problem is one of mailman
configuration.
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
I would appreciate if w
Mr Dash Four wrote:
> is it possible to use OpenSC/OpenCT to replace my standard (Windows
> GUI) login
You need either a CSP or a GINA replacement. (Though I think maybe
pGina stopped working in newer Windowses?) I think there is a
for-free CSP that can use the opensc p11.
//Peter
__
Brian Thomas wrote:
> I need to compile OpenSC version 12 myself. I am working on a custom
> implementation using a minidriver in Windows XP. Can somebody please
> list the required steps or point me in the direction of the required
> tools? Any help is much appreciated.
I don't know if there a
Andre Zepezauer wrote:
> Hello,
>
> today I encountered a new bug that was introduced with the fix of
> #266. A working patch was committed in r4983.
Please be careful about wording in the subject. It is very much
unclear what the version number means. :\
> That bug always occurs if there is an
Frank Morgner wrote:
> > >>> You're not supposed to link against libopensc via the sc_* API
> > >>> but use PKCS#11. It is possible but not encouraged,
> > >>
> > >> Why is it not encouraged?
> >
> > The effort that would be required to have a well designed and
> > documented public API and mainta
Jean-Michel Pouré - GOOZE wrote:
> > sells single pki cards starting at €
> > (10 cost each). jcop dual interface starting at 1***€.
>
> At GOOZE we are waiting for plenty of new products and we make very
> nice offers.
>
> I would like to make confirm: can we use the OpenSC mai
Andre Zepezauer wrote:
> > > support for GSM/UMTS SIM cards?
> > Do you know LGPL compatible A5/1 libraries ? :)
>
> Only GPL, but really amazing:
> http://openbsc.osmocom.org/trac/
It's lots of fun. Also see OsmocomBB, software running on an MS
(a phone).
There is also SIM interfacing, I'm not
Martin Paljak wrote:
> Trac was upgraded to new stable version (0.12.1)
Awesome! Thanks a lot!
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Mr Dash Four wrote:
> I would have done it ages ago if: 1) I had enough knowledge of how
> OpenSC/OpenCT works (or have enough time on my hands to acquire such
> knowledge - which I don't by the way);
I think you would have been done by now if you did.
How OpenSC and/or OpenCT works is not actu
Mr Dash Four wrote:
> I have to think about what other/better alternatives I have as
> executing "pkcs11-tool -O" and filtering the output seems to me a
> bit clumsy.
How about writing a tool which interfaces directly with a p11 module,
rather than being stuck with the particular things pkcs11-too
Juan Antonio Martinez wrote:
> > No need to change iso7816, just check for hooks in card driver
> > I'll think some way to encode this.
>
> Attached comes my patch proposal
> I've tried to be as less intrussive as posible
I think this approach is really clean and simple. Nice!
> +++ src/libopen
Juan Antonio Martinez wrote:
> An ideal solution for me (and for the other people that is working
> with SM cards) would be adding a new card operation
> "card_transmit_apdu()", that defaults in iso7816.c to
> sc_transmit_apdu(), but can be overriden when needed.
I don't think this would be ideal,
Mr Dash Four wrote:
>>> I already tested pcsc-lite-libs+OpenCT+OpenSC
>>
>> Why do you need pcsc-lite-libs?
>
> Spotters badge!
>
> Executing "rpm -qRp" on the newly-built package gives me
> "pcsc-lite-libs(x86-64)" so, naturally, I assumed that was needed (the
> package contains two .so files, s
Mr Dash Four wrote:
> I already tested pcsc-lite-libs+OpenCT+OpenSC
Why do you need pcsc-lite-libs?
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Mr Dash Four wrote:
> the simple job of reading a data token from the smartcard
It's not at all simple. I guess it seems simple when you run
pkcs11-tool, but there is a lot going on behind the scenes.
> Any ideas anyone?
You need to do some development, to allow also minimal environments
to acc
Martin Paljak wrote:
> I would use native and as-thin-as-possible GUI (Whatever Windows
> API,
See http://stuge.se/dlg.zip for a small example of a Win32 dialog.
Builds with MinGW. It doesn't register a window class which is
cleaner, but it will work for most things.
//Peter
Mr Dash Four wrote:
> I already use libpcsclite, but there are other dependencies on (mainly)
> openct as well as the pcsc-lite libraries you mention (libdbus-1.so.3,
> libhal.so.1 are two of those).
That is not the fault of packages - blame your distribution for that.
What you want is technic
Andre Zepezauer wrote:
> In other words, build a wrapper around libccid with an api
> compatible with libpcsclite.
Then I think it would be a better idea to make a p11 provider
directly on top of libccid.
//Peter
___
opensc-devel mailing list
opensc-de
Peter Stuge wrote:
> Should we organize ourselves a foss crypto devroom?
Deadline tomorrow.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Douglas E. Engert wrote:
> I have noticed that Debian (any maybe others) have started to convert
> to using GnuTLS in some packages like OpenLDAP, for licening reasons.
> (I spent two much time tracking down bugs and differences in nss and ldap
> because of this change.) So I would not suggest it a
JEAN Guillaume wrote:
> I'll repeat some things. This first version is intended to add the
> ability to debug the OpenSC source code using the graphical
> debugger.
Fine and well, but the proposed 28MB zip file is not good for
inclusion.
> I had to do with the time I was assigned to my internshi
Martin Paljak wrote:
> On Sep 25, 2010, at 11:19 PM, webmas...@opensc-project.org wrote:
> > ias/ecc: change path for Windows registers
> ...
> > - rc = RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\OpenSC", 0,
> > KEY_QUERY_VALUE, &hKey);
> > + rc = RegOpenKeyEx(HKEY_CURRENT_USER
Ludovic Rousseau wrote:
> make[2]: *** Pas de règle pour fabriquer la cible « man/*.1 »,
> nécessaire pour « distdir ». Arrêt.
>
> I guess it is because the man/*.1 files are generated by make but when
> this rule is used the files are not yet present (or not at the correct
> place).
> I will try
Martin Paljak wrote:
> I'm glad to write that Douglas decided to change his mind[1] and has
> been moved from "maintainer without commit access" to "maintainer
> with commit access" list[2].
Good stuff! :)
//Peter
___
opensc-devel mailing list
opensc-d
Andre Zepezauer wrote:
> Do you think it could be worthwhile to take some efforts on
> standardising on *one* single definition of pkcs11.h?
Maybe you know that there is one under the opensc umbrella already,
specifically created to be free as in speech.
> And given the case it would be worthwhi
Felipe Blauth wrote:
> Do you know any way of secure pin while it travels from the
> computer to the card?
It's called Secure Messaging, or SM for short.
> The problem here is that the pin needed to log in the Smart Card
> travels in an insecure way, while it goes trough the wire from the
> HSM
Martin Paljak wrote:
> >> have access from one smartcard to remote smartcard readers?
> >
> > Related is the SIM Access Profile in Bluetooth.
>
> Please elaborate.
--8<-- http://www.palowireless.com/infotooth/tutorial/n12_sap.asp
This SIM Access Profile defines the protocols and procedures that
Jean-Michel Pouré - GOOZE wrote:
> Trainings can involve 1 or 2 people at a time.
Is this the ideal for you? Or would your material work also for a
larger group?
//Peter
pgp0yfWQYdDPD.pgp
Description: PGP signature
___
opensc-devel mailing list
opens
Jean-Michel Pouré - GOOZE wrote:
> I insist that I would like to be able to stay in the room and organize
> small trainings for people interested in smartcards and crypto token.
The benefit of doing some training is that maybe developers will get
interested in the field.
On the other hand, resour
Andreas Jellinghaus wrote:
> > Should we organize ourselves a foss crypto devroom?
>
> not sure if we need a full room. I guess large projects like debian
> do, but opensc is pretty small. and what other projects would there
> for a crypto room?
Fedora crypto consolidation, NSS, gnome-keyring, Se
Jean-Michel Pouré - GOOZE wrote:
> > Short slogans are better. I suggest simply "Protect your privates"
>
> As we are focusing on consolidation, I would suggest:
> "Crypto consolidation conference".
The slogan I mentioned was in reply to Martin's ideas on the
http://www.opensc-project.org/opens
Martin Paljak wrote:
> [2] https://wiki.mozilla.org/NSS_Shared_DB
I didn't realize that NSS was SO crappy. :(
Anyway, SoftHSM does this; it's a soft p11 using SQLite for backing
storage. BSD licensed, developed by the OpenDNSSEC project.
DNS with DNSSEC is also interesting in the scope of FOSS c
Jean-Michel Pouré - GOOZE wrote:
> How can we request a booth?
Deadline for the call for devroom is 2010-10-16, in about three
weeks. Booths can be requested after the devrooms have been
allocated.
//Peter
pgp4ZNhhBuneM.pgp
Description: PGP signature
__
Martin Paljak wrote:
> Being able to meet other developers from various different projects
> allows to promote a common agenda and maybe even have some code
> sprints.
FOSDEM loves this. Reading http://fosdem.org/2011/call_for_devrooms
they say over and over that they want related projects to coop
Jean-Michel Pouré - GOOZE wrote:
> There seems to be these kinds of projects:
> * Frameworks and libraries
> * CA and PKI management
> * Applications, network and VPNs
> * Public directories, proxies and Online CAs
Hm. I think it's also important to mention the particular APIs used.
I didn't know
Jean-Michel Pouré - GOOZE wrote:
> This is an interesting topic. Do you mean it could possible to have
> access from one smartcard to remote smartcard readers? Just like we
> share a printer or a scanner (laughts). Frankly, this would rock.
Related is the SIM Access Profile in Bluetooth.
//Peter
Jean-Michel Pouré - GOOZE wrote:
> > > Could you describe us what is devroom?
> > Check out FOSDEM website [1]
>
> Okay, a devroom is a presentation room, with VGA projector. The
> assistance connects using wifi.
>
> But then how is called the small classroom where you can do some
> training? Doe
Martin Paljak wrote:
> An introduction on how hardware security devices improve the
> situation and how smart cards and tokens are the cheapest and thus
> most available key containers.
In my experience this kind of info is not distributed so efficiently
in a booth. I am not arguing against a boot
Martin Paljak wrote:
> If the microSD interface will be vendor specific,
I think it is, sorta.
> there will be a need for something like OpenCT, which will not be
> very nice.
Yes.
> Something similar to what CCID is for USB is needed for microSD, so
> that support could exist without (binar
Patrik Martinsson wrote:
> >> Is there also a limit to the number of unlock attempts? What
> >> happens when the limit is reached?
> Yes there is, if you enter the wrong puk 8 times your card will be
> locked and not usable anymore.
It would be nice for usability if the PUK counter is displayed
Patrik Martinsson wrote:
> I just wanted to share a small program I wrote for unlocking pin's
> with your puk.
..
> Any comments, suggestions, improvements, thoughts around this
> method,
> are welcome. (Go easy on the coding-part since I'm not a
> programmer)
The approach seems fine to me. Some t
101 - 200 of 417 matches
Mail list logo