thanks, commited to svn trunk.
Regards, Andreas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Le mardi 12 janvier 2010 à 12:13 +0800, Xiaoshuo Wu a écrit :
> Thank you for reporting this, it's a flaw in entersafe driver.
> I'd like to propose the patch for it, it removes the assert line and
> some
> unused code, solves a problem with ePass3000, see my attachment.
> Regards, Xiaoshuo
Dea
I have also been contemplating my small personal PKI hierarchy. From the
top of my head:
The Root CA would function on a dedicated old laptop, disconnected and
offline, running off a linux USB stick, with the CA's private keys and
intermediate CA's private key backups stored on smart cards, bot
> Why don't you want to generate the keys on the card? Under normal
circumstances that's the thing smart cards are for.
I've got limited experience with PKI policies, but what about key
escrow? Or the poor man's version, creating a backup copy of a smart
card on another smart card, kept in a f
Am Montag 11 Januar 2010 14:52:04 schrieb Jean-Michel Pouré:
> * I would like to add a page with dummy certificates on the wiki. One
> root CA, one secondary CAs and several certs. So that users only have to
> download them to test command lines. Would you favor that ?
src/test/regression contains
On Mon, 11 Jan 2010 22:17:09 +0800, Martin Paljak
wrote:
Is pkcs15-init fully working? Or is it a Feitian card issue or me not
fully understanding what is possible to do?
pkcs15-init is fully working. The failing assert comes from entersafe
(feitian) driver code.
Thank you for reporting th
Le lundi 11 janvier 2010 à 16:53 +0100, Peter Stuge a écrit :
> > > Of course, if your card is damaged, lost or stolen, your
> > > certification should be revoked by the CA and reissued with a new
> > > certification. But you still need the old key to decrypt old data
> > > to re-encrypt with the n
On 11.01.2010, at 17:28, Jean-Michel Pouré wrote:
> Le lundi 11 janvier 2010 à 16:17 +0200, Martin Paljak a écrit :
>> Definitely not. You might find glitches and shortcomings with
>> pkcs11-tool but that would just benefit OpenSC as we could see the
>> problems and fix them.
>
> Sorry to insist,
Martin Paljak wrote:
> > Of course, if your card is damaged, lost or stolen, your
> > certification should be revoked by the CA and reissued with a new
> > certification. But you still need the old key to decrypt old data
> > to re-encrypt with the new key, right?
>
> Correct.
If encryption code
On 11.01.2010, at 17:28, Eric wrote:
> > Why don't you want to generate the keys on the card? Under normal
> > circumstances that's the thing smart cards are for.
>
> I've got limited experience with PKI policies, but what about key escrow? Or
> the poor man's version, creating a backup copy of
Le lundi 11 janvier 2010 à 16:17 +0200, Martin Paljak a écrit :
> Definitely not. You might find glitches and shortcomings with
> pkcs11-tool but that would just benefit OpenSC as we could see the
> problems and fix them.
Sorry to insist, but from a user point of view, what is the difference
betwe
On 11.01.2010, at 16:30, Peter Stuge wrote:
> Martin Paljak wrote:
>> for generic educational purposes I would suggest making
>> YetAnotherSelfSignedSnakeOilOpenSSLCAGenerationGuide which the
>> user could just copy-paste.
>
> I made one of those some time ago for BincIMAP and while the wiki it
Martin Paljak wrote:
> for generic educational purposes I would suggest making
> YetAnotherSelfSignedSnakeOilOpenSSLCAGenerationGuide which the
> user could just copy-paste.
I made one of those some time ago for BincIMAP and while the wiki it
lived at is now offline I have mirrored the archived we
On 11.01.2010, at 15:52, Jean-Michel Pouré wrote:
> For example, I tried:
> pkcs15-init -S foobar.pkcs12 -f PKCS12 --auth-id 01 --pin
> --insecure --passphrase "XX"
>
> but it failed with error messages.
>
> Importing 1 certificates:
> 0: /C=FR/L=Paris/O=Foobar organisation/CN=Foobar
Hello Jean-Michel,
On 11.01.2010, at 15:52, Jean-Michel Pouré wrote:
> * I would like to add a page with dummy certificates on the wiki. One
> root CA, one secondary CAs and several certs. So that users only have to
> download them to test command lines. Would you favor that ?
For pure test purpose
Hello,
To clarify my knowledge, I would like to contribute some user
documentation on the wiki. The subject of transferring an RSA key pair
to a smartcard seems interesting.
Here are some newbee questions before I go on:
* I would like to add a page with dummy certificates on the wiki. One
root
16 matches
Mail list logo
