Jeffrey Hutzelman wrote:
> Something like the Reflex "reader" which is really just an egate
> adapter.
I don't think there is a USB device until the egate is inserted.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://w
Andreas Jellinghaus wrote:
> if anyone wants to walk into the opposite direction, write a daemon
> that monitors usb and then acts on any change, that is fine with me
> - I think pcscd does exactly that? not sure.
Implementation should be simple at least for Linux.
//Peter
__
Stanislav Brabec wrote:
> On the link level, USB interrupt mode is based on periodical
> re-submitting of the interrupt URB.
Yeah. USB devices can be put to sleep and signal wakeup too.
Seems our opinion is that HAL is bloat and bad for life.
Your situation does not align with this.
Obviously y
Martin Paljak wrote:
> AFAIK we don't support any wireless things.
librfid [http://openmrtd.org/] can use OpenCT for wireless things.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/list
http://www.cryptoken.com/en/products/hardware/ct2000.php
Anyone know about this product? Claims Linux support.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Andreas Jellinghaus wrote:
> 2.) I think those are better defaults, you think otherwise.
> what does everyone else think about these changes?
> my take is "doesn't work - ah, the card can't generate an
> rsa key, so I need to turn on this option" won't happen very
> often, because nearly every card
Jeffrey Hutzelman wrote:
> Incidentally, it is arguably time to change the DELETE ACL's on PIN
> and key directories in the cryptoflex and cyberflex access profiles
> to $SOPIN instead of NONE. Anyone have a comment on this?
Sounds good. Please do.
//Peter
__
Chaskiel M Grundman wrote:
> the ccid spec supports using an interrupt pipe message to notify
> the host of card insert/remove events, but devices are not required
> to implement that part. Even for devices that do, I don't
> understand enough of how usb and libusb handle interrupt endpoints
> to k
Egon wrote:
> But, i must to know where is the pkcs15 directory...
Ah. It is never installed when OpenSC is installed, it only exists in
the source code.
Please download the latest trunk source code from the subversion
repository according to the instructions at
http://www.opensc-project.org/open
Egon wrote:
> Why do you know that i must to write a pkcs15-mycard.c ? Why must
> this file be in pkcs15 directory??
OpenSC really only understands PKCS#15 card filesystem layouts.
If your card isn't strictly PKCS#15 (most aren't) then
pkcs15-yourcard.c translates between #15 and what's actually
Martin Paljak wrote:
> Anyone has any idea why Trac shows a LOT of changes for this
> commit? http://www.opensc-project.org/engine_pkcs11/changeset/112
Is it the same also with the direct-svnfs repo driver? I've seen
Trac's caching cause weird output before..
//Peter
Martin Paljak wrote:
> Do we have somewhere a list of applications linking directly to
> libopensc?
I don't think so.
> If you know of those applications please drop a line,
The only one I know of is OpenSSH.
//Peter
___
opensc-devel mailing list
Rickard Bondesson wrote:
> Perhaps use a similar solution as in the signature testing code?
Can you help with a patch?
//Peter
pgp3l6ntDszms.pgp
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www
On Thu, Jul 31, 2008 at 02:34:04PM +0200, Johannes Deisenhofer wrote:
> The resulting structure is something resembling PKCS#15, but not quite.
> It needs quite a few changes to opensc all over the place to even list
> the certificates and keys.
Did you already look into the emulation layer in Ope
> @@ -133,6 +133,8 @@
> ids = {
> usb:072f/9000,
> usb:072f/90d0,
> + usb:072f/9006, # ACS CryptoMate Token
> + usb:072f/9007, # ACS ACR 100 SIMFlash
> };
> };
> #driver wbeiuu { #
Alon,
On Thu, Apr 24, 2008 at 07:43:59PM +0300, Alon Bar-Lev wrote:
> +++ src/include/winconfig.h.in(working copy)
> @@ -67,11 +67,17 @@
> #endif
>
> #ifndef S_IRUSR
> +#ifdef S_IREAD
> #define S_IRUSR S_IREAD
> +#else
> +#define S_IRUSR _S_IREAD
> #endif
>
> #ifndef S_IWUSR
> +#
On Fri, Apr 25, 2008 at 03:51:59PM +0400, Aktiv Co. Aleksey Samsonov wrote:
> !!! Linux-2.6.x: info == -1 // (info == MAP_FAILED)
> !!! Linux-2.4.x: info == NULL
Oh yay.
> addr = mmap(NULL, *size, prot, MAP_SHARED, fd, 0);
> + if (addr == MAP_FAILED)
> + addr = NULL;
Ni
On Mon, Apr 21, 2008 at 10:36:31PM +0300, Alon Bar-Lev wrote:
> Anyway this branch adds the following:
Looks good.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
On Thu, Apr 17, 2008 at 02:00:07PM +0300, Alon Bar-Lev wrote:
> Is there a reason why openct supoprt only ccid-1.00?
Probably because everyone started using Ludovic's ifdhandler with
pcsc-lite.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.o
On Wed, Apr 16, 2008 at 07:55:24PM +0300, Alon Bar-Lev wrote:
> > I see the script, its a start, but I though NSIS was the direction?
>
> Sure!
> But I find nobody who wish to help. And I won't maintain this...
I am interested in NSIS but I don't have the time. :(
//Peter
_
On Wed, Apr 16, 2008 at 10:23:34AM -0500, Douglas E. Engert wrote:
> OK, I am willing to try and build with a cross compile using mingw
> as that appears to be the consensus of opensc-project members.
MinGW can also be used to build on Windows. It isn't a requirement to
actually _cross_ compile, a
On Fri, Apr 04, 2008 at 07:43:09PM +0200, Peter Stuge wrote:
> On Windows this means using MinGW.
Just to be extra clear;
MinGW (Minimalist GNU for Windows) at http://mingw.org/
http://prdownloads.sf.net/mingw/MinGW-5.1.3.exe?download
and optionally also:
http://prdownloads.sf.net/mingw/M
On Fri, Apr 04, 2008 at 07:47:36PM +0300, Alon Bar-Lev wrote:
> > The complexity issue works both ways. By doing cross compiling
> > you have now introduced additional packages to build it, using
> > derived header files.
>
> I don't understand.
I think he means that in the current state which
On Thu, Apr 03, 2008 at 05:02:24PM -0500, Douglas E. Engert wrote:
> The first problem deals with the rutoken modules which define many
> duplicate names. It appears some code was copied from the Windows
> header file: WinCrypt.h
..
> Both rutoken and WinCrypt.h define: _RSAPUBKEY, RSAPUBKEY,
> _
On Tue, Apr 01, 2008 at 08:52:35AM -0500, Timothy J Miller wrote:
> Can someone review the following text & diagram for accuracy?
..
> Figure 4 OpenSC / OpenCT architecture block diagram
Text and figure are good.
> In addition to the pure architecture described above, OpenSC
> provides an IFD S
On Wed, Mar 26, 2008 at 06:27:02PM -0700, Huie-Ying Lee wrote:
> I found that Solaris doesn't support "automake", "aclocal" and
> "libtoolize" commands currently
I suggest that you install automake, autoconf and libtool in order to
work more efficiently with this and many other software packages.
On Sat, Mar 15, 2008 at 10:07:31PM +0200, Alon Bar-Lev wrote:
> I've updated the putty patch [1] to work with latest gcc and free
> pkcs11.h file.
Nice!
> Does anyone know the different between OpenSC solution and [2]?
No idea. There is a source tarball though.
//Peter
___
On Tue, Feb 26, 2008 at 07:18:47AM +0100, Andreas Jellinghaus wrote:
> Am Montag, 25. Februar 2008 23:49:37 schrieb Douglas E. Engert:
> > pkcs15-prkey-rutoken.c also has problems with u_int32_t,
> > unsigned int might be a beter choice.
>
> unsigned int is a 64 bit number on 64bit architectures?
On Thu, Feb 21, 2008 at 06:34:43PM +0800, Anri Lau wrote:
> The card reader used by us is Serial Port Reader. Does openct only
> support the usb?
No, openct also supports several serial readers.
Please have a look at http://www.opensc-project.org/openct/
//Peter
On Thu, Feb 21, 2008 at 11:08:59AM +0100, Jan Just Keijser wrote:
> AFAIK openct sits on top of pcscd (pcsc-lite). Or am I mistaken?
Not always. openct has native drivers for several cards, but it can
also be made to use pcscd.
//Peter
___
opensc-devel
On Thu, Feb 21, 2008 at 05:22:16PM +0800, Anri Lau wrote:
> Is there another choice for card reader except pcscd?
Maybe openct can work for you.
Jan is right, if openssl should be able to use the card you have a
lot of work to do, to include all of opensc into openssl.
I suggest you investigate
On Thu, Feb 14, 2008 at 12:09:27PM +0100, Antonio Nastasi wrote:
> Hi, I have compiled libp11 and engine_pkcs11 under windows with
> Visual C++ 2005 express + Microsoft Platform SDK. Now, when I test
> engine with openssl with this command:
>
> OpenSSL> engine -t dynamic
I've broken down the comm
Hi Renato,
On Mon, Feb 11, 2008 at 03:52:12PM -0200, Renato da Silveira Martini wrote:
> But, if my card does not have an on-board key generation
> facilities, if my card is no-PKI,
If your card can't do public key crypto OpenSC isn't very useful.
> the OpenSC's pkcs15-init send to us some "war
On Tue, Feb 05, 2008 at 10:00:48PM +0200, Alon Bar-Lev wrote:
> > well, itis more about which libraries the dll depends on. don't
> > know too much about mingw, and if they are 99.9% compatible or
> > 100%.
>
> 100%
Yep. MinGW is a full win32 gcc, so everything is native. Binaries
link against MS
On Mon, Feb 04, 2008 at 01:20:59PM +0530, Eswar S wrote:
> What is ISO 7816 standard used in OpenSC ISO 7816 card driver
> implementation?
A low-level protocol for communication with smart-cards. Thanks to
this, most cards and readers are compatible.
On top of this each card type needs it's own d
On Sat, Feb 02, 2008 at 12:42:47PM +0200, Alon Bar-Lev wrote:
> I still don't understand why building a working release using MinGW
> is a bad idea...
I think this possibility would be very good.
//Peter
___
opensc-devel mailing list
opensc-devel@lists
Is the new Cryptoflex eGate any good?
(Ie. better than the old dongle?)
I'm looking for a sturdy piece of hardware. Other options?
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listin
On Sun, Nov 11, 2007 at 07:33:59PM +0200, Martin Paljak wrote:
> AFAIK cross-compiling OpenSC with mingw for windows is kind of
> difficult if not impossible as pcsc on windows a system component
> that is not available in mingw headers.
Good point. Does anyone know if the w32api people have cons
The gputils project has some files that we may be able to work from,
if anyone else has interest in pursuing this before I get around to
it - which will take a while.
http://gputils.svn.sourceforge.net/viewvc/gputils/trunk/scripts/build/mingw/gputils.nsi.in?revision=443
3-clause BSD license
NSIS i
On Thu, Sep 20, 2007 at 02:08:31PM -0500, Douglas E. Engert wrote:
> > If MinGW can build OpenSC (I don't remember) it would be nice to
>
> Sounds like it is not to hard to include a manifest with a mingw
> created dll:
>
> http://lists-archives.org/mingw-users/06476-mingw-and-dll-manifest-file.h
On Wed, Sep 19, 2007 at 04:58:55AM -0700, mkarmowski wrote:
> Peter Stuge wrote:
> > Can you say if the publicKeyToken changes if the code is changed?
> > Or is that just some fingerprint for VC80.CRT?
>
> publicKeyToken was not changed
Good news!
Do you know what t
On Tue, Sep 18, 2007 at 04:32:07PM -0500, Douglas E. Engert wrote:
> > Can you say if the publicKeyToken changes if the code is changed?
> > Or is that just some fingerprint for VC80.CRT?
>
> Not clear to me either. I think that came from the signed VC80.
Yeah, looks like it.
I found further pa
On Tue, Sep 18, 2007 at 02:48:25AM -0700, mkarmowski wrote:
>
> I compile sources from trunk rev. 3267 on Vista using Visual Studio 2005
> Express, and opensc works fine. There are not problem with Vista. Compiler
> has made file opensc.dll.manifest:
>
>
>
>
>
>
>version='8.0.5
On Thu, Sep 13, 2007 at 05:35:31AM -0700, mkarmowski wrote:
> I found ticket http://www.opensc-project.org/scb/ticket/26
> Is there any progress?
No. Please help if you can.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
ht
On Wed, Aug 22, 2007 at 09:57:15PM +0200, Peter Stuge wrote:
> > I don't know if you can hook into "distcheck" but it would be
> > nice to have an automated test that compares configure version
> > and src/include/version.h and win32/Make.rules (IIRC the exact
&g
On Wed, Aug 22, 2007 at 09:30:07PM +0200, Lars Silvén wrote:
> I have added two tickets:
> https://www.opensc-project.org/opensc/ticket/157
> https://www.opensc-project.org/opensc/ticket/158
Thanks!
> Is it a good idea for us non-developers to add tickets.
Yes, by all means!
> Or it is a bett
On Wed, Aug 22, 2007 at 08:41:36PM +0200, Andreas Jellinghaus wrote:
> > Can I help make releases more automated so there's only one big
> > button to push?
>
> I don't know if you can hook into "distcheck" but it would be nice
> to have an automated test that compares configure version and
> src
On Mon, Aug 20, 2007 at 10:21:35PM +0200, Andreas Jellinghaus wrote:
> forgot to update the windows version files!
Can I help make releases more automated so there's only one big
button to push?
What would need to be done?
//Peter
___
opensc-devel mai
On Tue, Aug 14, 2007 at 07:27:09PM -0700, Siddhartha Kasivajhula wrote:
> Here's config.log, with the wrong settings, i.e. with no SSL support.
Thanks! There's an interesting error in it:
...
> configure:20169: checking for pkg-config
> configure:20187: found /usr/bin/pkg-config
> configure:2019
On Tue, Aug 14, 2007 at 07:46:20PM -0700, Siddhartha Kasivajhula wrote:
> > Depending on your card OS this may be irreversible. :\
>
> How about this command "unblock"? OpenSC says it can "unblock a
> PIN". What is the format of this command? I tried:
> unblock KEY1 11
> unblock KEY1 11:11:11
On Tue, Aug 14, 2007 at 07:15:59PM -0700, Siddhartha Kasivajhula wrote:
> How do I verify that the certificate is on the card?
pkcs15-tool -c
> I was trying to run "verify" in opensc-explorer, but I entered the
> wrong password too many times and now it says "authentication
> locked"!
Depending
On Tue, Aug 14, 2007 at 06:56:41PM -0700, Siddhartha Kasivajhula wrote:
> I "fixed" the problem. There seems to be a bug in the configure
> script, it was failing a long 'if' condition that would set the
> OPENSSL path to whatever is provided in --with-openssl, so I just
> hardcoded it outside the
On Fri, Aug 10, 2007 at 10:49:29PM +0200, Dennis van Dok wrote:
> I'm currently pulling my hair out trying to figure out what I can
> do to make this work in a fashion that won't disgrace the build
> system.
One way is a simple wrapper for gcc maybe.
//Peter
_
On Mon, Aug 06, 2007 at 03:32:45PM -0700, Siddhartha Kasivajhula wrote:
> On 8/6/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
> > This might be an issue, specially since I suspect that your
> > opensc was compiled with a different openssl version.
>
> Yes, it looks like that was the p
On Mon, Aug 06, 2007 at 05:06:02PM -0700, Siddhartha Kasivajhula wrote:
> > Perhaps you can simply define the engine as pkcs11
>
> Hmm, it goes crazy when I try that:
>
> OpenSSL> engine pkcs11 -pre
> SO_PATH:/opt/ITsmartcard/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
> LIST_ADD:1 -pre LOAD
On Mon, Aug 06, 2007 at 04:29:03PM -0700, Siddhartha Kasivajhula wrote:
> $ openssl engine
> (pkcs11) PKCS #11 engine support
So no support for dynamic loading then.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www
Please don't top-post. Please see
http://www.catb.org/~esr/jargon/html/T/top-post.html
and http://en.wikipedia.org/wiki/Top-posting - thanks!
On Mon, Aug 06, 2007 at 02:26:13PM -0700, Siddhartha Kasivajhula wrote:
> When you say "one" and "the other", do you mean engine_pkcs11 and
> openSC?
I do
On Mon, Aug 06, 2007 at 01:26:21PM -0700, Siddhartha Kasivajhula wrote:
> openssl is version 0.9.7. Is this version incompatible? It seems to
> be very recent.
0.9.7 should be followed by a letter. 0.9.7m is the most recent 0.9.7
version, released 2007-02-23.
If one uses 0.9.7 and the other 0.9.8
On Fri, Aug 03, 2007 at 10:00:15PM +0200, Lars Silvén wrote:
> But the passports in Sweden has to be signed with MGF1 signing.
Do you have any experience from NIDEL by the way?
> My point is just that signing keys on cards should be capable of
> signing with any algorithm.
It depends on the car
On Fri, Jul 20, 2007 at 02:39:17PM +0200, Andreas Jellinghaus wrote:
> or do you need an option for those who have it installed (including
> development files), and try to compile opensc, but don't want opensc
> to automatically compile the plugin during that?
Good point, --enable- and --disable-
On Wed, Jul 18, 2007 at 10:43:21AM -0500, Douglas E. Engert wrote:
> > If you can use OpenSC in your application why not use only OpenSC?
> >
> > If you must use CryptoApi then OpenSC can't help.
>
> I disagree...
> IdAlly has a CSP that can call PKCS#11/OpenSC and is usable for
> login...
> http
On Wed, Jul 18, 2007 at 09:10:30AM +, Dmitry wrote:
> I need asymmetric encrypt throw standard Windows CSP, and decrypt
> throw OpenSc, it is possible?
>
> I just want hear, what I'm moving in right direction.
Either you would use CryptoApi or OpenSC, but I don't see much point
in using both?
On Thu, Jun 21, 2007 at 09:34:35PM +0200, Andreas Jellinghaus wrote:
> personally I'd like to investigate cmake.
I kind of like it too.
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/li
On Mon, Jun 11, 2007 at 08:22:34PM +0200, Jan Just Keijser wrote:
> However, before a fully-opensc solution works I would have to make
> sure that
>
> - initializing our etokens works, including setting of a
> non-default SOPIN
> - generating and storing X509 certificates works
> - integration w
On Fri, May 25, 2007 at 01:03:18PM -0700, Justin Karneges wrote:
> Isn't the point of generic USB devices that you don't need a weird
> table like this?
Indeed.
> A CCID driver should be capable with past and /future/ devices that
> implement the spec. So even if you have a name mapping for pre
Hey,
Please explain the motivation for this caching scheme, and please
outline how it works.
On Thu, May 17, 2007 at 02:40:21PM -0500, Douglas E. Engert wrote:
> I really don't like adding card manufacture specific code to get
> the serial number of the card to what should be generic PIV code.
On Thu, May 10, 2007 at 03:59:30PM -0500, Douglas E. Engert wrote:
> > Would you be willing to post a .pdf with the slides somewhere?
>
> Gave the same talk at NIST q few weeks ago, before 0.11.2 was
> released:
>
> http://middleware.internet2.edu/pki07/proceedings/slides/10-engert-piv-linux.ppt
On Thu, May 10, 2007 at 12:33:03PM -0500, Douglas E. Engert wrote:
> I can now update my PowerPoint sides for a talk in 4 hours
> at the AFS & Kerberos Best Practices Workshop.
Would you be willing to post a .pdf with the slides somewhere?
//Peter
___
On Thu, May 10, 2007 at 07:33:21AM +0300, Alon Bar-Lev wrote:
> > It would be more practical and possibly also more secure to have
> > a proxy that looks like an ssh-agent
>
> What is the difference between implementing properietary proxy
> interface, and allowing openssh to use standard PKCS#11 i
On Wed, May 09, 2007 at 10:53:04PM +0300, Alon Bar-Lev wrote:
> > > 6. Haven't thoughts about slot events yet, don't know if I want
> > > to support these in first version.
> >
> > I think it is important to do so. Better if it takes a bit longer
> > to be released.
>
> Applications should fall-do
On Wed, May 09, 2007 at 10:33:20PM +0300, Alon Bar-Lev wrote:
> 6. Haven't thoughts about slot events yet, don't know if I want to
> support these in first version.
I think it is important to do so. Better if it takes a bit longer to
be released.
Otherwise too many will use the version without.
On Tue, May 01, 2007 at 10:19:56PM +0200, Andreas Jellinghaus wrote:
> On Tuesday 01 May 2007 21:14:26 Martin Preuss wrote:
> > For CTAPI drivers there is also another problem that should be addressed in
> > the next step: I think it would be best to have a system
> > group/user "chipcard" (or what
On Mon, Apr 09, 2007 at 11:41:50AM +0600, Yuri wrote:
> Why opensc-pkcs11's C_Initialize was done that way? Can you clarify
> commented situation?
A single card can have multiple key pairs and certificates.
PKCS#11 does not permit readers to dynamically change the number of
available slots.
OpenSC
On Thu, Apr 05, 2007 at 10:03:51PM +0200, Roberto Resoli wrote:
> > Are there any practical attempts to negotiate keys for SM by
> > use of public keys?
>
> As someone noted in another reply, there is another very
> interesting CWA: in 14890-1 (Chapter 8, "Device authentication"),
> different sc
On Wed, Mar 14, 2007 at 07:27:22PM +0100, Andreas Jellinghaus wrote:
> but I have no clue why it doesn't fail properly. maybe it has to do
> with sub shells? part of it is run in
> (
> pushd
>
> popd
> ) 2>&1 |tee compile.log
>
> so I have a log file of what happened.
> any idea what I
On Mon, Mar 05, 2007 at 04:37:14PM -0600, Douglas E. Engert wrote:
> Any chance getting the patch for the PIV compression ticket #128
> into this release?
I think it looks good at a glance.
Does it apply cleanly to svn?
Has it been tested?
Two general comments:
1. I would prefer if the p15car
On Mon, Feb 12, 2007 at 02:28:53AM +0100, Dan Lukes wrote:
> So the better patch - the timeout shall be set to
> currenttimeout=max(MAX_INT, timeout) and the read() need to be
> called in loop as long as timeout occur and
> (timeout-=currenttimeout) greater than zero.
This is usually done with sel
Hello,
On Thu, Jan 25, 2007 at 04:14:40PM +0100, Service Développement wrote:
> We would like to participate to the OpenSC project, That's why we would
> like to know if it was possible to validate this code, and if it was
> possible to integrate it into the project.
This depends on the quality.
Hello,
On Wed, Jan 17, 2007 at 06:57:18PM +0100, Jian wrote:
> I want to write a IFDHandler for a special smart card named
> certgate, so that it can be used under linux and so on.
Cool.
> Since OpenSC is an open souce project, and I have never work with
> an open source project, there are many
Hello,
On Fri, Dec 29, 2006 at 11:41:05AM +0100, Damien Sauveron wrote:
> >The Gentoo tool catalyst is similarly useful for making livecds,
> >and many of the packages mentioned are already available in
> >Gentoo.
> >
> >I'd be happy to write spec files but a build system would be nice
> >since my
On Thu, Dec 28, 2006 at 08:42:03PM +0100, Ludovic Rousseau wrote:
> I made a custom Knoppix CD with pam_pkcs11, mozilla configure with a
> smart card PKCS11, etc. It required a lot of manpower to setup.
>
> It may be a better idea to use something like live-package [1] to
> automate the build and
On Wed, Dec 06, 2006 at 08:27:05AM +0200, Alon Bar-Lev wrote:
> I've created a patch for Gentoo that enables disabling the linkage
> of pcsc-lite and openct, even if they are installed on system.
> It adds --disable-openct and --disable-pcsc-lite options.
This is good for other systems than Gentoo
On Fri, Dec 01, 2006 at 11:16:26PM +0100, Andreas Jellinghaus wrote:
> Peter Stuge wrote:
> >On Thu, Nov 30, 2006 at 10:28:14PM +0100, Andreas Jellinghaus wrote:
> >>the typedefs are not conditional or anything, so there is no
> >>difference if we uee "unsigned
On Thu, Nov 30, 2006 at 10:28:14PM +0100, Andreas Jellinghaus wrote:
> the typedefs are not conditional or anything, so there is no
> difference if we uee "unsigned char" directly in that function
Until it has to be changed in many places instead of one because
unsigned char isn't 8 bit anymore. M
On Thu, Nov 30, 2006 at 08:47:41PM +0100, Andreas Jellinghaus wrote:
> Peter Stuge wrote:
> >If the spec says bits and not bytes
>
> hu? sorry, I'm confused, could you please quote the spec
> and where our header file is different?
I'm not claiming a discrepancy, I&
On Thu, Nov 30, 2006 at 10:08:23AM +0100, Andreas Jellinghaus wrote:
> also there are no #ifdef or anything, so on every plattform and
> compiler the values are assigned like that, so I see no reason
> to add or keep any indirection. do you agree?
If the spec says bits and not bytes we could add t
On Mon, Nov 27, 2006 at 09:26:14PM +0100, Daniel Zauft wrote:
> I don't have any idea of the purpose of this certificate or the
Perhaps it's similar to the extra cert on NIDEL, the newest Swedish
ID card.
The idea is that applications can check that this is in fact a real
national ID card and not
On Thu, Nov 16, 2006 at 01:32:43PM +0100, Jesus Luna wrote:
> This HSM in particular (RealSec's CryptoSec at
> http://www.realsec.com/esp/servicios/cifrado.html) does not store
> private keys, it's only a crypto-accelerator.
I don't speak spanish but from the datasheet it looks to me like a
tamper
On Fri, Nov 17, 2006 at 02:54:12PM -0500, John T. Guthrie III wrote:
> Does anyone on this list know of a way to convert between
> X.509/PKCS #12 data and PKCS #15 data without using a smart card?
Perhaps the easiest thing would be a card driver that works on flat
files..
//Peter
___
On Fri, Nov 17, 2006 at 02:47:31PM +0100, Ludovic Rousseau wrote:
> I don't know if pam_pkcs11 can know:
> - that a PIN pad is connected
> - that the PKCS#11 lib will/can use the PIN pad so the PAM module do
> not have to ask for a PIN on the keyboard.
Supposedly, it can.
CKF_PROTECTED_AUTHENTICA
On Sat, Nov 11, 2006 at 05:53:00PM +0100, Andreas Jellinghaus wrote:
> if limiting all readers to 248 bytes doesn't hurt anyone, then this
> is the best way from my point of view.
I would like to avoid that if possible..
> Also I'd like to make this a config file option. I guess that some
> manu
On Tue, Oct 24, 2006 at 08:37:42AM +0100, Bob Dunlop wrote:
> Well this one I can answer. A simple milli-second sleep routine:
[..snip C code..]
On Tue, Oct 24, 2006 at 09:24:38AM -0500, Douglas E. Engert wrote:
> Andreas Jellinghaus wrote:
> >sleep 1 as it is the easiest solution. (100ms would
On Wed, Oct 11, 2006 at 02:56:37PM -0500, Eric Norman wrote:
> While all these are very valid concerns, I sure don't see why
> they would be relevant to the OpenSC group and this list.
Because a user (me too) would expect OpenSC to abstract the smart
card in a way that does not expose her to any r
On Thu, Sep 28, 2006 at 09:47:11AM +0200, Andreas Jellinghaus wrote:
> >>maybe it is a nice addition we want to integrate?
> >
> >Dunno.. We don't want people to think it's ok (secure) to enter
> >pins that way..
>
> the user is always right. we can add lots of warnings and document
> the problems
On Wed, Sep 27, 2006 at 11:34:36PM +0200, Andreas Jellinghaus wrote:
> mandriva has a patch for pkcs15-crypt so it can accept pins from
> stdin.
>
> could someone please review this patch?
> maybe it is a nice addition we want to integrate?
Dunno.. We don't want people to think it's ok (secure) t
I'm thinking it would be nice to optimize openssl.cnf for use
with(in) SCB so lots of long pathnames and common options can
be avoided.
I spent yesterday learning how to create Windows compatible Smart
card logon certs too, we could include that in the default config
as well, since it's not that t
On Tue, Aug 15, 2006 at 11:35:52PM +0200, Andreas Jellinghaus wrote:
> sorry, I'm still quite confused: manifests, SxS directory,
> windows installer 3.1 requirement, new CRT lib, etc.
I don't like any of those cherries very much, but I do like least
common denominator.
I may just be too Windows
On Sat, Aug 12, 2006 at 10:35:49AM +0200, Wolfgang Glas wrote:
> Therefore, it would be more feasible to use either mingw (is this
> fully supported by now?)
I also think this is a good idea. I would have made some experiments
but haven't found the time.. Please feel free to try it out.
If it wo
On Mon, Aug 07, 2006 at 11:58:25PM +0200, Ludovic Rousseau wrote:
> >so now I only need to learn python :)
> >(has been on my todo for a while, only I need to find the time for
> >it).
>
> Me too :-)
It's very easy.
I wrote my first Python application (icon editor-like util) using Tk
in about 20
On Mon, Jun 26, 2006 at 10:17:07PM +0200, Andreas Jellinghaus wrote:
> Peter Stuge wrote:
> >Looks good. Perhaps there could be a compiled-in default also for
> >WIN32, that way the code would be slightly cleaner.
>
> The compiled in default is always wrong, as some people in
301 - 400 of 417 matches
Mail list logo
