On Thu, 10 Apr 2008 23:22:46 -0400
Thomas Harning <[EMAIL PROTECTED]> wrote:
> I'm working on understanding the BelPIC smartcard API at the APDU
> level to attempt to integrate it into another framework.
>
> Is there any one here that can shed a light on this oddit
perform the calculations to prepare
the padded data...)
--
Thomas Harning @ TrustBearer Labs (http://www.trustbearer.com)
Secure OpenID: https://openid.trustbearer.com/harningt
3201 Stellhorn Road 260-399-1656
Fort Wayne, IN 46815
___
opensc-devel
Andreas Jellinghaus wrote:
> unsigned int is a 64 bit number on 64bit architectures?
>
unsigned int is 32-bits on 64-bit archs (at least x86_64 as compiled w/
GCC and VC++ [in fact w/ VC++ is LLP meaning to get a 64-bit number, you
need to use "long long"..])
unsigned long is 64-bit in GCC..
__
}, and Code::Blocks Studio.
It's pretty fast and lightweight... http://premake.sf.net
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
http://www.trustbearer.com/
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
t; P.S. The compression works well. Last week working with a
> different federal agency, got OpenSC to use a 2048 bit key
> with a compressed cert on a demo card to authenticate to
> a Heimdal Kerberos KDC from a Mac using 0.11.2 with
> temporary patch to use the 2048 bit key.
>
Great
osh Keychain would only see certificates from the first card
> ever inserted for a given user)
Note: Using CPLC will not work on all PIV cards... Multos offers a PIV
card and since they are not a JavaCard... no CPLC exists.
--
Thomas Harning Jr.
Authentication Engineer @ Identit
al comments:
>
> 1. I would prefer if the p15card-helper bit was made into a separate
> patch to be applied first.
>
> 2. Does the copyright belong to Identity Alliance or Thomas Harning
> or both? Currently both are in the notice. In another project we use
> (for the Identity
h.
Not exporting it could work just as well, in which case any external
plugins would just have duplicate code.
I do agree w/ the fact that if compression.h is to be exported, then
functions/constants should probably be changed.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
http://www.trustbearer.com/
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Here's some really minimal docs on the APDUs that PIV cards use.
There's also 2 example apdu sequences:
1) Read certificate
2) Sign piece of data
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
http://www.trustbearer.com/
For PIN commands: replace p2's 80 with 81
ought could be placed on apdu.c as well. Putting it in ISO,
however makes things a little more customizable.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
http://www.trustbearer.com/
Index: src/libopensc/apdu.c
=
On Tue, 2007-01-02 at 20:22 +0100, JP Szikora wrote:
> Thomas Harning Jr. wrote:
> > Has anyone compiled SCA on a MacIntel?
> > I know that the recent builds of SCA are Universals, but I need a
> > version w/ the new PIV support patch applied ( ticket #128 on OpenSC ).
>
&
mpile SCA on a MacIntel w/ OSX 10.4.8,
that'd be even better.
Thanks and Happy New Year.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
http://www.trustbearer.com/
___
opensc-devel mailing list
opensc-devel@lists.opensc-projec
password/etc. Apps using PAM are supposed to register
functions for 'conversation' for retrieving information from the user.
So for the case of PIN reader, you just don't have your PAM plugin ask
for the PIN.
However... many app writers assume that a password is needed and
hard-w
d it cause confusion to
> the old trac installation? also is intertrac part of trac or an extra
> plugin?
>
InterTrac is part of the Trac versions 0.10.0 and up.
Adding the configuration shouldn't confuse Trac, however... it just
wouldn't be doing anything.
--
Thomas Harning
On Wed, 2006-12-06 at 10:13 -0500, Thomas Harning Jr. wrote:
> I recommend an update to the latest available Trac for OpenSC,
> especially for the fact that InterTrac is now working/mature. This will
> allow for simpler linking between the different OpenSC projects... as
> well as all
config section [intertrac] but that
should be simple. I'll post our stripped InterTrac section for an
example...
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
structure values, ex: label
could be a const or allocated w/ a different allocation library version.
Now for my patching/licensing question:
In the headers of the files I notice copyright notices of developers.
What sort of patch contribution is expected in order to get in that
list? Thanks!
N, you could reset the card or use unblock and it'd
be ok.
Yeah... using that as a transport key would make sense.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
n the certificate list (even trying pkcs15-tool -D
outside that in case of some strange caching issue...)
Does anybody have an idea?
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
___
opensc-devel mailing list
opensc-devel@lists.o
out shorts for permissions/lengths/etc... and since those are
right before it's sent/received to/from the card, there's no issue with
those values getting re-swapped upstream.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
__
:
* Clear
* Init
* Load Cert
* Load Key
* Read cert
* Read OpenSSH Key
* On-Card key generation
* PKCS11 Crypto ops/test
No PKCS11 perso tested.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
/* Support patch for MuscleCard Applet from musclecard.com
V card, since it requires a PIN
entry right before signatures using the SIG key.
Thunderbird and Firefox work fine re: security status problems... they
ask for the PIN on this error.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
irefox might need to change... I see that it
should be honoring any PKCS11 attributes that exist for the user-consent
policy.. but I am not sure if there exists any such attribute.
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
In working with OpenSC, I found that sc_list_files doesn't return the
length of the applicable buffer, but instead the # of files.
Here's a patch which fixes my wrong assumption in card-muscle.c
--
Thomas Harning
@ Identity Alliance
Index: car
On Wed, 14 Jun 2006 11:37:57 -0400
Thomas Harning <[EMAIL PROTECTED]> wrote:
> Just wondering... does the OpenSC pkcs11 library contain functions for
> data object creation?
> .
I have a sort-of working version, however Object ID's/labels are an
issue that I resolv
FILE_NOT_FOUND [correct]
file creation begins...
parent is selected successfully
parent is unsuccessfully authenticated to
key generation aborts
Thanks!
--
Thomas Harning
@ Identity Alliance
___
opensc-devel mailing list
op
x27;m working on a project that stores objects of the CKO_DATA class, so
the above 3 do not cover what I need.
Are there any pointers on how to implement this, if it has not been
already?
Thanks.
--
Thomas Harning
@ Identity Alliance
___
opensc-devel ma
On Mon, 12 Jun 2006 22:37:05 +0200
Stef Hoeben <[EMAIL PROTECTED]> wrote:
> Hi,
>
> the MuscleCard applet seems to work nicely.
> Here some additional questions:
>
> If you 'personalize' the applet with
> 00A4040006A101
> B02A38084D7573636C653030040108303030303030303008303030303030
27;s key slot will be
locked at that size. If you try to upload a key of a different size,
it will fail (even if you use pkcs15-init -E to erase the card). To
use a different key size, you'll need to reformat the card/reload the
muscle applet.
Have fun w/ it ;)
--
Thomas Harning
oping OpenSC plugins? I
don't think there are.. but its worth a stab.
If there's any further information needed from me, please let me know.
Thanks
--
Thomas Harning Jr. <[EMAIL PROTECTED]>
Identity Alliance
___
opensc-devel mail
30 matches
Mail list logo
