On 9/4/2009 2:12 AM, JP Szikora wrote:
Have you problems with the latest SCA (0.2.7) on Snow Leopard?
Tokend crashes and the PKCS#11 module fails (but doesn't kill the
hosting process).
-- Tim
smime.p7s
Description: S/MIME Cryptographic Signature
__
Anders Rundgren wrote:
It is about a 50 cent built-in TPM versus $200+ of highly inconvenient c**p
that unlikely will ever be directly supported by the mobile platforms vendors.
There is still room to maneuver here. Smartcards with smartphones are
an utter PITA and all the users (esp. leader
Anders Rundgren wrote:
Conclusion: the smart card industry is working with dated designs
that doesn't really scale.
The smartcard industry knows where the money is, and it's not in selling
cards.
Tim: private keys are protected by a master key residing in EEPROM
in the USB controller.
Th
Anders Rundgren wrote:
For PKI support you only need a rather tiny API.
...which you then have to beat a gaggle of vendors into supporting, when
all the incentives at the card manufacturer's end is to *not* do so.
I plan to implement such an API in consumer-grade USB memory sticks.
Whith
Anders Rundgren wrote:
JavaCards seem like a solution for specific things like stored-value schemes;
for PKI support Java doesn't bring anything to the table as far as I can tell.
It does make card hardware and OS abstraction easier, at least in some
senses. I don't need to worry about card
Douglas E. Engert wrote:
But even if thats not your problem, it will be a problem in the future
for someone.
Maybe. So long as card provisioning is perceived as necessarily
stovepiped it's probably not going to arise; USG isn't going to slap a
PIV model on your bank-issued card; they're goi
Douglas E. Engert wrote:
Looking at this from the user's point of view, If the card has more then
one on-card application, how does the user express which one is to be used?
No no no. The user has two cards. Both are the same card stock. Each
card has different on-card applications on it h
Ludovic Rousseau wrote:
Using the ATR to identify a service on a card may have worked in the
past but it is really not a good idea now.
Unfortunately it's written into the specs.
I don't think I will implement the PCSC v2 part 6 (ICC Service
Provider) inside pcsc-lite.
I thought pcsc-lite
This is sort of a general question. I should probably have CC:'d the
MUSCLE list as well, but there's a lot of overlap with this one, so
here goes:
There was a time when each card had a fixed data model. This is no
longer true; card data models are now abstracted through the use of on-
c
On Apr 6, 2008, at 7:34 AM, Ludovic Rousseau wrote:
But is it "your" reader?
Only notionally. :)
You can start more than one pcscd if needed. The administrator can
give read/write access to _your_ user for _your_ reader and start a
pcscd with your identity with a communication socket in ~/p
On Apr 4, 2008, at 7:03 AM, Ludovic Rousseau wrote:
As you wrote all communications are over a single socket
/var/run/pcscd.comm. So you just need to use the Unix security
mechanism to restrict the access to this file to users allowed to use
the smart card (create a group smartcard for example).
On Apr 3, 2008, at 2:04 PM, Andreas Jellinghaus wrote:
not sure, but two different threads should be able to talk to two
different
card readers (and thus cards) without any issue - so on that level
openct
should be fine, and pcsc-lite most likely too.
note: access to a smart card is seri
Ludovic Rousseau wrote:
Can you be more explicit in your description?
On Apr 3, 2008, at 9:49 AM, Jan Just Keijser wrote:
This does raise another interesting question: how session safe is
pcsc-lite? Right now, all comms are over a single socket
/var/run/pcscd.comm - how is access control to
On Apr 3, 2008, at 7:24 AM, Ludovic Rousseau wrote:
Multi-slot is supported by my CCID driver and by pcsc-lite. Have a
look at the "Main CCID/ICCD features supported" section of [1].
But only a very small number of readers have more than one slot:
- the Gemalto GemCore POS Pro with two SIM card
On Apr 2, 2008, at 8:35 AM, Jim Rees wrote:
Andreas Jellinghaus wrote:
does this help?
I'd say that helps so much that it should go on the web site in a
prominent
place.
I'd agree, and I want to thank everyone for the feedback. Y'all been
most helpful.
-- Tim
smime.p7s
Descriptio
|
+++
| card | card |
+++
-- Tim
On Apr 1, 2008, at 8:52 AM, Timothy J Miller wrote:
Allcon--
I need a quick favor. Can someone review the following text &
diagram for accuracy? It's extracted from a high-level technical
paper I'm writing re: smart
Allcon--
I need a quick favor. Can someone review the following text & diagram
for accuracy? It's extracted from a high-level technical paper I'm
writing re: smartcards on Linux. This is intended to be purely
descriptive, and I'm mainly interested in making sure that I got the
architec
On Mar 31, 2008, at 9:42 AM, Andreas Jellinghaus wrote:
I thought: both. thanks for letting me know there is a way to
convert public
key files at least. secsh is the ssh 1 format? openssh has a
different format
these days, I guess that will be version 2?
To be honest, I have no idea. I t
On Mar 31, 2008, at 9:49 AM, Douglas E. Engert wrote:
PIV is really an application on a card, and there are currently 4
NIST approved cards. 800-73 defines the application that needs to be
stanadardized for end user use.
I've heard that there's at least one card provider that's going to
impl
On Mar 29, 2008, at 4:56 AM, Andreas Jellinghaus wrote:
> RSA is not a format. openssh has a format (actually two different
> ones, check
> your .ssh/authorized_keys file for public keys for example), and PEM
> is a
> format (from the x.509/openssl world). there is no tool to convert
> opens
On Mar 27, 2008, at 8:50 AM, Marc W. Abel wrote:
>
> From the FAQ at http://www.opensc-project.org/faq.html
>
> "Can I store my ssh private key on a smart card?
>
> "Most people prefer to use a smart card with a key that was
> generate
On Mar 18, 2008, at 1:23 PM, Andreas Jellinghaus wrote:
no. but puttysc claims to be GPL'ed, which is quite stupid - I don't
know of
any GPL compatible pkcs#11 implementation. (opensc is not - we use
openssl...
and pkcs#11 header files (the original) are GPL incompatible too.)
Huh? RedHat
There is no getting around the enrollment trust problem. Most
sensible smartcard and PKI deployments handle this via an enrollment
ceremony that involves a face-to-face component.
-- TIm
On Jul 2, 2007, at 1:59 PM, Alon Bar-Lev wrote:
On 7/2/07, Jim Rees <[EMAIL PROTECTED]> wrote:
We do s
Is this a full-on PIV card, or a DoD PIV-transitional? If it's
PIV-transitional, then functionally it can still be used as a CAC as it
still has the CAC applets. You may need to register the ATR with the
commonAccessCard.bundle via pscstool.
-- Tim
Kenneth Carrera wrote:
Douglas,
Thank y
24 matches
Mail list logo
