2010/9/2 Peter Stuge :
> Patrik Martinsson wrote:
>> We actually need to buy pcmcia/expresscard-readers for all our
>> Linux users to get their laptops working.
>
> Make sure to go for ExpressCard. PCMCIA chips are on par with PCI
> chips, there are no docs and also no good API.
The first 3 reader
Patrik Martinsson wrote:
> We actually need to buy pcmcia/expresscard-readers for all our
> Linux users to get their laptops working.
Make sure to go for ExpressCard. PCMCIA chips are on par with PCI
chips, there are no docs and also no good API.
Buy a few different ExpressCard readers and test.
Hello,
On Sep 2, 2010, at 11:32 AM, Patrik Martinsson wrote:
> Hello again,
>
>>> That can be improved in gdm/screensaver. OpenSC returns CKF_USER_PIN_LOCKED
>>> after a PIN entrr try if the method got blocked. Even NSS/Firefox used to
>>> ignore this return code for a long time and as a result
Hello again,
>> That can be improved in gdm/screensaver. OpenSC returns CKF_USER_PIN_LOCKED
>> after a PIN entrr try if the method got blocked. Even NSS/Firefox used to
>> ignore this return code for a long time and as a result asked for a PIN 3
>> times (hardcoded apparently) even if the PIN
Thanks for the info Peter, well explained !
I laughed to myself when I read this part,
>> There's maybe a handful of people at HP worldwide who really know
the details of components in the systems they sell.
I can only confirm this, I've called HP several times about the
smartcard-reader in ou
Martin Paljak wrote:
> > R5C822 (http://www.ricoh.com/LSI/product_pcif/pcc/5c821/index.html).
> > According to the homepage the chip is discontinued however HP
> > still delivers them in their brand new models, 8440p for example,
> > god knows why. Is there any chance that we would see some support
On Wed, 2010-09-01 at 12:58 +0200, Patrik Martinsson wrote:
> >> wpa_supplicant, which NetworkManager uses, should support
> PKCS#11,
> but apparently the functionality is not important enough to be
> exposed
> via the GUI.
> Exactly, we got this working with wpa_supplicant, however it would be
Hello,
On Sep 1, 2010, at 1:58 PM, Patrik Martinsson wrote:
> As a Linux user today at our company you need to find a Windows computer or
> go to our helpdesk to get your card unlocked, you also need to call the
> helpdesk to get your puk.
> I guess what I'm asking for is a simple way for the us
About gdm, screensaver etc.
Yes i know its possible to lock the screen at removals and poke the
screensaver at insertions, my suggestion was the ability to unlock the
pin on the card at those times. (eg. entered wrong pin x number of times
and pin gets locked.)
Whether this is a good security
On Sep 1, 2010, at 1:28 PM, Jean-Michel Pouré - GOOZE wrote:
Hello,
> On Wed, 2010-09-01 at 11:12 +0200, Patrik Martinsson wrote:
>> 2. Support by gdm/screensaver/or any application actually that uses
>> pkcs11, to handle locked cards. (I think if the card is locked you
>> should get the possib
On Wed, 2010-09-01 at 11:12 +0200, Patrik Martinsson wrote:
> 2. Support by gdm/screensaver/or any application actually that uses
> pkcs11, to handle locked cards. (I think if the card is locked you
> should get the possibility to unlock it with your puk, I don't know
> why
> this is not possibl
Hello,
On Sep 1, 2010, at 12:12 PM, Patrik Martinsson wrote:
> 1. Support for integrated readers (like the one's in hp's laptops
> (6930p/8440p etc.), i guess the hardware manufacturers are the only ones
> that could change this.
Only if they integrate standard CCID readers directly to the USB b
On Sep 1, 2010, at 11:25 AM, Jean-Michel Pouré - GOOZE wrote:
> On Wed, 2010-09-01 at 10:06 +0200, Patrik Martinsson wrote:
>> I've no openct packages installed, and in my opensc.conf there is
>> only
>> the pcsc driver enabled, is there some other way to disable it that i
>> dont know of ?
>>
On Sep 1, 2010, at 10:29 AM, Jean-Michel Pouré - GOOZE wrote:
> On Wed, 2010-09-01 at 09:11 +0200, Patrik Martinsson wrote:
>> I got the same result as earlier, however following line is not
>> present
>> anymore
>> reader-pcsc.c:284:refresh_attributes: OMNIKEY CardMan 3x21 00
>> 00:SCardGe
>> When using Gnome for example, Iceweasel, evolution and seahorse can have
>> simultaneous access, which may throw an error at some point.
>> Just for information, a nice project would be to participate
>> in Gnome-Keyring to have good support for PKCS#11 and let Gnome-Keyring
>> manage
>>
These settings should suffice.
Ok, cool.
When using Gnome for example, Iceweasel, evolution and seahorse can have
simultaneous access, which may throw an error at some point.
Hmm, i dont have anything else running on the computer at this time.
Your problem probably lays somewhere else. U
When using Gnome for example, Iceweasel, evolution and seahorse can have
simultaneous access, which may throw an error at some point.
Just for information, a nice project would be to participate
in Gnome-Keyring to have good support for PKCS#11 and let Gnome-Keyring manage
security based on smart
On Wed, 2010-09-01 at 10:06 +0200, Patrik Martinsson wrote:
> I've no openct packages installed, and in my opensc.conf there is
> only
> the pcsc driver enabled, is there some other way to disable it that i
> dont know of ?
> reader_drivers = pcsc;
These settings should suffice.
Another possib
Hmm, yes i hear you,
I've no openct packages installed, and in my opensc.conf there is only
the pcsc driver enabled, is there some other way to disable it that i
dont know of ?
reader_drivers = pcsc;
These lines indicates that something is wrong, doesnt they ? How can i
debug this ?
0x7fb5c065
On Wed, 2010-09-01 at 09:11 +0200, Patrik Martinsson wrote:
> I got the same result as earlier, however following line is not
> present
> anymore
> reader-pcsc.c:284:refresh_attributes: OMNIKEY CardMan 3x21 00
> 00:SCardGetStatusChange failed: 0x8013
Make sure you don't compile OpenCT or
Hey again, (my last message seems to have been discarded somehow)
Martin,
I tried the same setup with the open ccid driver and I'm posting my logs
here.
I got the same result as earlier, however following line is not present
anymore
reader-pcsc.c:284:refresh_attributes: OMNIKEY CardMan 3x
Hello again,
Here is the log with the card *not insterted* in the reader.
I'm using this version of pcsc.
rpm -qa | grep pcsc
pcsc-lite-libs-1.5.2-5.el6.x86_64
pcsc-lite-1.5.2-5.el6.x86_64
pcsc-lite-devel-1.5.2-5.el6.x86_64
pcsc-lite-debuginfo-1.5.2-5.el6.x86_64
ccid driver I'm currently using
Hello again,
Just to clarify before posting fully debuglogs, we have our private
certificates on these cards. But those are not exportable right ?
And by posting fully opensc(debug 99) logs here i wont expose those in
any way right ?
/Patrik Martinsson
On 08/27/2010 01:37 PM, Patrik Martin
On Fri, 2010-08-27 at 21:02 +0200, Jean-Pierre Szikora wrote:
> It can not answer to this question. When we saw the price increase,
> our interest to investigate further was completely stopped ;-)
You may try the Feitian PKI smartcard or the Feitian ePass PKI instead.
Hope this helps.
--
Le 27-août-10 à 15:27, Patrik Martinsson a écrit :
> Hi Jean-Pierre,
>
> Ok. Cool, I did not know that.
> I've tested it and confirmed,
>
> $ opensc-tool -s 00:CA:DF:30:05
> 0x7fd0da512700 15:24:21.566 [opensc-tool] reader-pcsc.c:
> 964:pcsc_detect_readers: returning with: 0
> Using reader with
Hey,
>> Better use the open source CCID driver. Just to be sure.
Understood, will do that.
>> $ opensc-tool -i
Sorry, i meant opensc -n
>> $ opensc-tool -D
>> Ah, the double entry got removed, thanks for sending this!
Didn't notice it myself actually, just thought it would be useful as backg
Hello!
On Aug 27, 2010, at 2:37 PM, Patrik Martinsson wrote:
> Cardreader, OmniKey 3121, driver by their homepage. (tried with the one that
> comes with rhel too, but same issue)
Better use the open source CCID driver. Just to be sure.
> $ opensc-tool -i
> Using reader with a card: OMNIKEY C
Hi Jean-Pierre,
Ok. Cool, I did not know that.
I've tested it and confirmed,
$ opensc-tool -s 00:CA:DF:30:05
0x7fd0da512700 15:24:21.566 [opensc-tool]
reader-pcsc.c:964:pcsc_detect_readers: returning with: 0
Using reader with a card: OMNIKEY CardMan 3x21 00 00
Sending: 00 CA DF 30 05
Received (S
Patrik Martinsson a écrit :
>
> Cards are delivered by a company called secmaker, is suppose to have
> setcos 4.4.1, cards delivered by gemalto.
Hi Patrik,
The SetCOS cards is not produced anymore (end 2007) after Setec was
integrated by Gemalto. The SetCOS card was replaced by a GemXpresso4
ca
Hi again guys,
Thanks your input. I've been away for a couple of days, that's why I've
haven't been able to answer.
I feel i need to explain a little, just so we are on the same page here,
Running this on my rhel 6 system.
OpenSc, checked out revision 4654, configured and build. (patched with
On Thu, 2010-08-26 at 14:32 +0200, Andre Zepezauer wrote:
> On Wed, 2010-08-25 at 10:55 +0300, Martin Paljak wrote:
> > Hello,
> >
> > On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> > > Question #1,
> > >
> > > Try pkcs11_inspect.
> > > $ pkcs11_inspect
> > > [opensc-pkcs11] iso7816.c:9
On Wed, 2010-08-25 at 10:55 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> > Question #1,
> >
> > Try pkcs11_inspect.
> > $ pkcs11_inspect
> > [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Instruction code not
> > supported or invalid
> > [open
Helo,
On Aug 25, 2010, at 2:55 PM, Ludovic Rousseau wrote:
> 2010/8/25 Martin Paljak :
>> If everything is working fine, there's nothing to worry about. If not, then
>> it can be fixed by implementing a proper GET CHALLENGE method in
>> card-setcos.c. If you can sniff the correct APDU for this (
2010/8/25 Martin Paljak :
> Hello,
>
> On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
>> Question #1,
>>
>> Try pkcs11_inspect.
>> $ pkcs11_inspect
>> [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Instruction code not
>> supported or invalid
>> [opensc-pkcs11] card.c:588:sc_get_challenge:
Hello,
On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> Question #1,
>
> Try pkcs11_inspect.
> $ pkcs11_inspect
> [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Instruction code not supported
> or invalid
> [opensc-pkcs11] card.c:588:sc_get_challenge: returning with: Unsupported INS
> b
Hej Patrik!
Patrik Martinsson wrote:
> gdm-plugin-smartcard still doesn't work though, however now slot_id
> has a value. Something else is fishy, I'm talking to the
> gdm-developers about that, if any of you are interested, here's the
> link.
> http://mail.gnome.org/archives/gdm-list/2010-August/
Hey again,
I'm answering my own mail here.
This issue seems to be resolved in version opensc-0.12.0-svn-r4647, I'm
using that one now instead.
gdm-plugin-smartcard still doesn't work though, however now slot_id has
a value. Something else is fishy, I'm talking to the gdm-developers
about that,
Hello everyone,
At our company we use identification cards as security tokens. We have
successfully used those together with
the pkcs11 lib that the company behind these cards deliver, however I'm
getting tired of their negligent and incompetent support, therefore I
would like to use opensc dr
38 matches
Mail list logo
