I have the PKCS#11 importer in GNOME working. Just wanted to say thanks
to you guys for your help and patience. Here's a demo:
http://stef.thewalter.net/2011/10/importing-certificates-and-keys.html
This'll be in GNOME 3.4 and Seahorse.
Cheers,
Stef
_
In my ongoing saga to get a private key and certificate on a Feitan
smart card via the gnome-keyring importer and PKCS#11 ...
I was running into an issue where the PIN would fail to verify, and
C_CreateObject would return CKR_USER_NOT_LOGGED_IN. I tracked this down
to the PIN cache. It tries to
Scratch that. My git master build was building without openssl. Now that
I've built with the openssl dependency, it recognizes the smart card.
Sorry for the noise.
Cheers,
Stef
On 2011-10-04 18:40, Stef Walter wrote:
> For some reason when building opensc from git master, it doesn&
For some reason when building opensc from git master, it doesn't see my
Entersafe token in my Feitan 310 card reader...
In fact it comes down to using a different pkcs11-tool binary. The one
in git master is located in /data/build/opensc and when I use it to load
the OpenSC PKCS#11 module I don
On 09/28/2011 04:14 PM, Douglas E. Engert wrote:
> Its not an OpenSC issue. You can have PKCS#11 private key objects independent
> of any cert objects. So the PKCS#11 caller needs to do two operations.
Right, obviously. What I meant was that currently you can't store a
certificate via PKCS#11 unt
On 09/28/2011 08:11 AM, Jean-Michel Pouré - GOOZE wrote:
>> However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED
>> when
>> calling the PKCS#11 C_CreateObject method. It looks like the Entersafe
>> driver doesn't support write operations. Am I misreading something? In
>> card-entersaf
Hi all,
I'm working on support for viewing and basic management of smart cards
in Seahorse. For the initial round had planned to use the Gooze Feitan
smart cards to develop against and test.
However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED when
calling the PKCS#11 C_CreateObject
On 09/21/2011 10:57 AM, Ludovic Rousseau wrote:
> 2011/9/21 Stef Walter :
>> Is it normal for a Gooze Feitan ePass PKI Token to take over 60
>> seconds to initialize when used with PKCS#11?
>
> No. It is not normal. I guess you suffer from a libusb bug. See [1].
> The
Is it normal for a Gooze Feitan ePass PKI Token to take over 60 seconds
to initialize when used with PKCS#11?
I've tracked down the wait to pcscd, and have logs attached. In the logs
I've annotated several lines with five asterisks *. You can see that
during the initialization process there is
I get an intermittent C_Initialize crash when opensc is initialized
shortly after login. The crash occurs here:
#0 C_Initialize (pInitArgs=) at pkcs11-global.c:254
254 pkcs11-global.c: No such file or directory.
in pkcs11-global.c
Thread 3 (Thread 0x7f573a1b2700 (LWP 2063)):
#0 C_I
On 08/04/2011 11:30 PM, Nikos Mavrogiannopoulos wrote:
>>> * Coordinating initialization and finalizing.
>> You referencing a bad implemented application that is use PKCS#11 in
>> two independent places. A practical solution is to fix the library
>> implementation (such as GnuTLS) to provide some
Hi Alon,
Thanks for all the PKCS#11 integration work you've spearheaded across
the community.
You may have heard of p11-kit before. It tries to solve several problems
with using PKCS#11 modules across the Desktop. In particular when
multiple applications or libraries want to use the same PKCS#11
ed Mon Sep 17 00:00:00 2001
From: Stef Walter
Date: Mon, 1 Aug 2011 12:18:50 +0200
Subject: [PATCH] Install a config file so that opensc works with p11-kit
config format.
* Install a config file to /etc/pkcs11/modules to load the opensc
module in p11-kit based systems like: gnutls, glib,
On 06/22/2011 12:22 PM, Nikos Mavrogiannopoulos wrote:
> On 06/21/2011 07:59 PM, Stef Walter wrote:
>
>>> I didn't like the pinfile attribute of pkcs11-urls much, because
>>> its semantics are undefined. I see it as an option that could cause
>>> compatibili
Sorry for taking so long to answer, was away for a week...
On 06/15/2011 11:28 PM, Nikos Mavrogiannopoulos wrote:
> On 06/13/2011 11:11 AM, Stef Walter wrote:
>> Since the PKCS#11 URI's say that the pinfile attribute of the URI
>> can be determined by the application, we
On 06/10/2011 07:08 PM, Martin Paljak wrote:
> On Jun 10, 2011, at 13:11 , Stef Walter wrote:
>> After sleeping on this idea, I realized it won't work in certain
>> cases. In particular when the key has CKA_ALWAYS_AUTHENTICATE and
>> requires C_Login with CKU_CONTEXT_SPEC
On 06/09/2011 09:37 PM, Stef Walter wrote:
> I'm working on integrating smart card support via PKCS#11 into glib and
> gcr (part of gnome-keyring). We're integrating with GnuTLS for TLS support.
>
> I'd like to be able to do a C_Login in my code, and then pass off the
&g
On 06/09/2011 10:11 PM, Alon Bar-Lev wrote:
> Yes.
> Most [usable] providers support this.
Good to hear.
> Although there are different issues to solve in your case, such as
> calling twice to C_Initialize, not calling C_Finalize if C_Initialize
> returned with already initialized.
This is what
I'm working on integrating smart card support via PKCS#11 into glib and
gcr (part of gnome-keyring). We're integrating with GnuTLS for TLS support.
I'd like to be able to do a C_Login in my code, and then pass off the
URL to Gnutls. GnuTLS would then open another session, recognize that
we're a
On 04/25/11 10:20, Martin Paljak wrote:
> Hello, On Apr 25, 2011, at 11:09 , Stef Walter wrote:
>
>> I've heard that openct may not be that relevant any more, but in
>> any case here's an OpenCT patch to add support for the smart card
>> reader in my laptop.
>
I've heard that openct may not be that relevant any more, but in any
case here's an OpenCT patch to add support for the smart card reader in
my laptop.
Should I put this in the opensc trac, or does it go somewhere else?
Cheers,
Stef
Index: etc/openct.conf.in
=
On 04/23/11 09:59, Jean-Michel Pouré - GOOZE wrote:
> Le vendredi 22 avril 2011 à 16:56 +0200, Stef Walter a écrit :
>>
>> Is there an openct git repository somewhere? I couldn't find it at the
>> 'Subversion Repository' page [1] I'm fiddling with my Broadc
Hi guys,
Is there an openct git repository somewhere? I couldn't find it at the
'Subversion Repository' page [1] I'm fiddling with my Broadcom 5880
smart card reader, and want to whip up a small patch.
Cheers,
Stef
[1] http://www.opensc-project.org/opensc/wiki/SubversionRepository
_
I worked on documenting some of the p11-kit stuff today. Here's the
documentation for the PKCS#11 URI reference implementation:
http://p11-glue.freedesktop.org/doc/p11-kit/p11-kit-URIs.html
And here's some docs for all of p11-kit, including the configuration
files, formats, etc.
http://p11-glue.
As a follow on from the discussion at FOSDEM, I've put together a
website for p11-kit and related stuff like trust assertions.
This is a place to put stuff and coordinate using PKCS#11 as a glue to
bring the various crypto libraries and applications together.
Website:
http://p11-glue.freedesktop
On 02/28/2011 10:42 AM, Martin Paljak wrote:
> Hello, On Feb 23, 2011, at 10:14 AM, Stef Walter wrote:
>
>> Hi guys. As a follow up from the security devroom at FOSDEM, I'm
>> working out hosting and mailing lists for the PKCS#11 glue stuff
>> [1] that I talked abo
Hi guys. As a follow up from the security devroom at FOSDEM, I'm working
out hosting and mailing lists for the PKCS#11 glue stuff [1] that I
talked about. This includes things like p11-kit, trust assertions,
pkcs11 uris and more.
Unless there are serious objections I'm requesting hosting at
freede
On 07/20/2010 10:16 AM, Martin Paljak wrote:
> Hello,
>
> A huge backlog of e-mails to go through, but here's a thought on the
> subject:
Thanks for responding.
> The Linux "paradox of choice": it
> is so good to be able to choose from so many possibilities, that it
> becomes bad that there's so
On 2010-07-18 13:34, Anders Rundgren wrote:
> On 2010-07-18 18:49, Stef Walter wrote:
>
>>
>> The missing piece is a common standard for specifying which PKCS#11
>> modules for an application to load.
>
> This is not what Microsoft and Apple offers.
>
> They
On 2010-07-18 10:27, Andreas Jellinghaus wrote:
> Am Sonntag 18 Juli 2010, um 00:16:15 schrieb Stef Walter:
>> Is there a spec around for specifying to applications which PKCS#11
>> modules to load and how to initialize them?
>>
>> I'm thinking something along th
On 2010-07-18 01:33, Anders Rundgren wrote:
> BTW, isn't there
> an effort establishing NSS as the Linux crypto platform?
Well in GNOME we're implementing a foundation for usable crypto based
around PKCS#11. We're 'equal opportunity' for crypto libraries. Although
NSS is a big player, and have put
On 2010-07-17 18:10, Peter Stuge wrote:
> Stef Walter wrote:
>> Is there a spec around for specifying to applications which PKCS#11
>> modules to load
>
> That's application specific.
>
>> I'm thinking something along the lines of PAM conf files, wh
Is there a spec around for specifying to applications which PKCS#11
modules to load and how to initialize them?
I'm thinking something along the lines of PAM conf files, where you can
specify which PAM modules different applications load.
We're working hard on PKCS#11 support in GNOME, and rather
33 matches
Mail list logo
