On 9/18/2011 6:08 PM, Martin Paljak wrote:
> Hello,
>
> The included patch [1] fixes the usage text and also the man page to reflect
> the fact that specifying the module is mandatory.
>
> Not the most elegant one (abuses app_name) but works.
> [1]
> https://github.com/martinpaljak/OpenSC/comm
Hello,
The included patch [1] fixes the usage text and also the man page to reflect
the fact that specifying the module is mandatory.
Not the most elegant one (abuses app_name) but works.
0001-pkcs11-tool-update-help-and-man-page-to-reflect-the-.patch
Description: Binary data
[1]
https://g
Hello,
On Sep 16, 2011, at 11:39 , Mike Tancsa wrote:
> For some reason, this does not work on 12.x ? It just comes up with a
> usage error.
>
> # pkcs11-tool -v -O
> Usage: pkcs11-tool [OPTIONS]
> Options:
> --module Specify the module to load (mandatory)
The Usage: line should
For some reason, this does not work on 12.x ? It just comes up with a
usage error.
eg on 11.8
# pkcs11-tool -v -O
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
Certif
Hello,
On Mar 14, 2011, at 12:18 AM, Juan Antonio Martinez wrote:
> Using opensc from svn:
>
> [jantonio@router opensc]$ src/tools/pkcs11-tool -lO
> error: Failed to load pkcs11 module
> Aborting.
>
> Looking at src/pkcs11/pkcs11-tool.c seems that "opt_module"
> variable is not properly initiali
Using opensc from svn:
[jantonio@router opensc]$ src/tools/pkcs11-tool -lO
error: Failed to load pkcs11 module
Aborting.
Looking at src/pkcs11/pkcs11-tool.c seems that "opt_module"
variable is not properly initialized thus C_LoadModule
is called with "NULL" as module name...
Is a bug so strange.
On Mon, 2010-11-29 at 08:50 -0600, Douglas E. Engert wrote:
>
> On 11/25/2010 10:23 AM, Andre Zepezauer wrote:
> > Hello,
> >
> > I would like to commit the attached patch. It modifies the method of
> > public key retrieval in pkcs11-tool.
> >
> > Currently the non standard attribute CKA_VALUE is
On 11/25/2010 10:23 AM, Andre Zepezauer wrote:
> Hello,
>
> I would like to commit the attached patch. It modifies the method of
> public key retrieval in pkcs11-tool.
>
> Currently the non standard attribute CKA_VALUE is uses. With the patch
> applied, only attributes defined by PKCS#11 are used
Hello,
I would like to commit the attached patch. It modifies the method of
public key retrieval in pkcs11-tool.
Currently the non standard attribute CKA_VALUE is uses. With the patch
applied, only attributes defined by PKCS#11 are used for public key
retrieval. Tested with OpenSSL 0.9.8.
Regard
Mr Dash Four wrote:
>>> I already tested pcsc-lite-libs+OpenCT+OpenSC
>>
>> Why do you need pcsc-lite-libs?
>
> Spotters badge!
>
> Executing "rpm -qRp" on the newly-built package gives me
> "pcsc-lite-libs(x86-64)" so, naturally, I assumed that was needed (the
> package contains two .so files, s
> In the next few days I will build the scripts for installing all files
> and automatically build initrd/initramfs and then will be in a
> position to test it. As I pointed out above I already tested
> pcsc-lite-libs+OpenCT+OpenSC (without anything else) and it works to
> absolute perfection,
I already tested pcsc-lite-libs+OpenCT+OpenSC
Why do you need pcsc-lite-libs?
Spotters badge!
Executing "rpm -qRp" on the newly-built package gives me
"pcsc-lite-libs(x86-64)" so, naturally, I assumed that was needed (the
package contains two .so files, so not much of a difference
Mr Dash Four wrote:
> I already tested pcsc-lite-libs+OpenCT+OpenSC
Why do you need pcsc-lite-libs?
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
>> The pcscd daemon simply refuses to work if either HAL or D-Bus is not
>> installed and running.
>>
>
> why do you want to use pcscd altogether? AFAIK the Aladdin eToken 64k
> are based on CardOS. That means, you can access them with the pkcs11
> library provided by OpenSC. That library is
Hello,
On Sat, 2010-10-23 at 16:13 +0100, Mr Dash Four wrote:
> >>> In other words, build a wrapper around libccid with an api
> >>> compatible with libpcsclite.
> >>>
> >> Then I think it would be a better idea to make a p11 provider
> >> directly on top of libccid.
> >>
> >
> > That
>> the simple job of reading a data token from the smartcard
>>
>
> It's not at all simple. I guess it seems simple when you run
> pkcs11-tool, but there is a lot going on behind the scenes.
>
That may well be the case - I've never pretend to be an expert and it is
this reason why I canva
Mr Dash Four wrote:
> the simple job of reading a data token from the smartcard
It's not at all simple. I guess it seems simple when you run
pkcs11-tool, but there is a lot going on behind the scenes.
> Any ideas anyone?
You need to do some development, to allow also minimal environments
to acc
>>> In other words, build a wrapper around libccid with an api
>>> compatible with libpcsclite.
>>>
>> Then I think it would be a better idea to make a p11 provider
>> directly on top of libccid.
>>
>
> That may work. But Mr Dash Four wrote he also need OpenCT.
> Since he do not give t
On Sat, 2010-10-23 at 05:37 +0200, Peter Stuge wrote:
> Andre Zepezauer wrote:
> > In other words, build a wrapper around libccid with an api
> > compatible with libpcsclite.
>
> Then I think it would be a better idea to make a p11 provider
> directly on top of libccid.
Your approach may be usefu
>> Then I think it would be a better idea to make a p11 provider
>> directly on top of libccid.
>>
>
> That may work. But Mr Dash Four wrote he also need OpenCT.
> Since he do not give the list of readers he wants to use I can't really help.
>
You already know that I am using Aladdin eToke
2010/10/23 Peter Stuge :
> Andre Zepezauer wrote:
>> In other words, build a wrapper around libccid with an api
>> compatible with libpcsclite.
>
> Then I think it would be a better idea to make a p11 provider
> directly on top of libccid.
That may work. But Mr Dash Four wrote he also need OpenCT.
Mr Dash Four wrote:
> I already use libpcsclite, but there are other dependencies on (mainly)
> openct as well as the pcsc-lite libraries you mention (libdbus-1.so.3,
> libhal.so.1 are two of those).
That is not the fault of packages - blame your distribution for that.
What you want is technic
Andre Zepezauer wrote:
> In other words, build a wrapper around libccid with an api
> compatible with libpcsclite.
Then I think it would be a better idea to make a p11 provider
directly on top of libccid.
//Peter
___
opensc-devel mailing list
opensc-de
> you could use something like this:
> pkcs15-crypt --key 3b8d4e --input cipher.bin --decipher -R
>
> The only requirement is libpcsclite. Everything else could be turned
> off. Correct?
>
You've lost me!
I already have the data object stored on my smartcard and I need a
stripped-down pkcs11-
Hello,
you could use something like this:
pkcs15-crypt --key 3b8d4e --input cipher.bin --decipher -R
The only requirement is libpcsclite. Everything else could be turned
off. Correct?
If you don't want a running pcscd, you could try to get libpcsclite to
access the usb stack directly. In other w
Is it possible to have a stripped-down and slimmed version of
pkcs11-tool (or a similar, may be new) program which does just one
thing: read the contents of a data object (given by either
application-id or application-label) on a smartcard (enter PIN if the
data object was previously stored wit
Hi,
Does anybody uses pkcs11-tool in scripts (besides the regression tests
in OpenSC)?
Actually pkcs11-tool do C_Login() when '--login' or '--pin' options are
supplied.
I propose to limit C_Login only for the first one, and to let the usage
of the second one for the unlogged sessions also.
A
It's confirmed by my provider that it should work with OpenSC, even
better i've prove because a friend of mine has no problems with it.
Same OS and hardware ..
I'll probably try again to solve the issue with a support team of the
my provider.
If you have any other ideas, i'll appreciate if
Sevdalin Todorov Todorov a écrit :
> Hi,
>
> [din...@mini]-[/Library/OpenSC/bin]$ ./cardos-info
> Running cardos-tool --info
> Using reader with a card: OmniKey CardMan 6121 00 00
> 3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74
> Info : CardOS V4.3B (C) Siemens AG 1994-2004
> Chip type: 124
> Serial numbe
Hi,
[din...@mini]-[/Library/OpenSC/bin]$ ./cardos-info
Running cardos-tool --info
Using reader with a card: OmniKey CardMan 6121 00 00
3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74
Info : CardOS V4.3B (C) Siemens AG 1994-2004
Chip type: 124
Serial number: 26 67 9b 08 15 1a
Full prom dump:
33 66 00 1B 5B
Hi,
Your card (a CardOS from Siemens) is (probably) not initialized with
OpenSC tools (pkcs15-init). Maybe you need to use a PKCS11 module
specifically designed for your card!
What is the output of the cardos-info command? and of the opensc-tool
-f command?
Jean-Pierre
Sevdalin Todorov Todo
Hi Jean-Pierre thanks for the reply,
the output of previews commands is from SCA 0.2.4.1 - installed
because of recommendation of my certificate issuer.
But, before 0.2.4.1 i also tried the SCA 0.2.6, with no success.
Now i've installed SCA 0.2.6 back to try again but the result is same:
[din..
Hi Dincho,
Which SCA did you use? opensc 0.11.5 is pretty old now.
Which smartcard? Is it supported by OpenSC?
Have you tried with the module specification:
/Library/OpenSC/bin/pkcs11-tool -t -l --module
/Library/OpenSC/lib/opensc-pkcs11.so
Cheers,
Jean-Pierre
Sevdalin Todorov Todorov a écrit
Hello list,
I'm experiencing a problem using my certificate. After a couple hours
of debug I'm stuck on a "bus error" message generated from pkcs11-tool.
I'm wondering how to read some more debug information, what's wrong
with it ?
Adding - options didn't help.
OSX 10.5.7
[din...@mini
2009/3/11 Peter Stuge :
> Rickard Bondesson wrote:
>> Will my patch be applied to the system?
>
> I hope so. I can't commit or I would have done so.
>
> Could someone please commit this?
Committed in revision 3663
Thanks
--
Dr. Ludovic Rousseau
___
op
Rickard Bondesson wrote:
> Will my patch be applied to the system?
I hope so. I can't commit or I would have done so.
Could someone please commit this?
//Peter
pgp8Wgd2cAqq5.pgp
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@l
Will my patch be applied to the system?
// Rickard
PGP.sig
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
> Good find! Any chance you can send a patch? Thanks!
Ohh sorry. This patch is more correct. Forgot to increase the attribute counter
with one.
// Rickard
pkcs11-tool-keygen.patch
Description: Binary data
PGP.sig
Description: PGP signature
___
opens
> Good find! Any chance you can send a patch? Thanks!
Here is the patch
// Rickard
pkcs11-tool-keygen.patch
Description: Binary data
PGP.sig
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.ope
Hi,
Rickard Bondesson wrote:
> The publicKeyTemplate when generating a keypair should contain:
>
> {CKA_TOKEN, &_true, sizeof(_true)},
Good find! Any chance you can send a patch? Thanks!
//Peter
pgpCoeODjsoZs.pgp
Description: PGP signature
___
op
Hi
The publicKeyTemplate when generating a keypair should contain:
{CKA_TOKEN, &_true, sizeof(_true)},
http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs11-tool.c#L1043
Or else will the public key be deleted when the session closes. The CKA_TOKEN
defaults to false when not spe
hi,
yesterday we discovered a slight nuisance in pkcs11-tool: when you
generate a private key on a token (Aladdin eToken in our case) then
pkcs11-tool hardcodes
publicExponent = 3
Turns out that this is almost the worst exponent you can choose, read e.g.
http://www.mail-archive.com/[EMAIL PR
> *I have another card that has been initialized with pkcs15-tool, is it
> possible to initialize it with pkcs11-tool?
I haven't tested that so far, but should work.
> *Is it possible to use pkcs11-tool on a muscle compatible card, a
> cyberflex javacard?
only with current svn code and see the m
Hi all,
*I am using a cryptoflex 32 K card and I wish to initialize it using
pkcs11-tool, this card is completely blank.
I launched:
$ pkcs11-tool --init-token -label nesrine --slot 4
pkcs15.c711:sc_pkcs15_bind: returning with unsupported card
Please enter the new SO PIN
*
Cornelius Kölbel wrote:
...
I liked the pkcs11-tool very much and used it with aladdin's own
pkcs11-lib. But I could not manage to initialize the token and i
could not change the pin.
The Aladdin eToken can only be initialized after having logged in
as a user and having closed this session again
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello Nils,
Nils Larsch schrieb:
> Cornelius Koelbel wrote:
>> Hello,
>>
>> I liked the pkcs11-tool very much and used it with aladdin's own
>> pkcs11-lib. But I could not manage to initialize the token and i
>> could not change the pin.
>>
>> Th
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello,
what are the command line parameters to change the SO_PIN?
As far as I know, the SO_PIN has to be changed by C_Login using the
SO_PIN and the doing a C_SetPin.
But from looking at the code, I get no idea what parameters should be
combined.
Cornelius Koelbel wrote:
Hello,
I liked the pkcs11-tool very much and used it with aladdin's own pkcs11-lib.
But I could not manage to initialize the token and i could not change the
pin.
The Aladdin eToken can only be initialized after having logged in as a
user and having closed this session
:-)
It depends on, what your understanding of "work at last" is.
Within a restricted environmet (some distributions) it works fine.
I am running it on Fedora Core 4 and it is quite reliable.
Regards
Cornelius
On Fr, 31.03.2006, 01:43, Eddy Nigg (StartCom Ltd.) sagte:
> Very interesting...does the
Very interesting...does the Aladdin driver and module work at last? I
understand, that this is the real release, not beta...
Question to Nils: Are you going to implement the patches and
suggestions of Cornelius?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
A small other note:
When I want to change the User PIN not only by using --init-pin but by
using -c, I need a read/write sesseion:
--snip--
case 'c':
do_change_pin = 1;
need_session |= CKF_SERIAL_SESSION; /* no need for
a R/W sessio
Hello,
I liked the pkcs11-tool very much and used it with aladdin's own pkcs11-lib.
But I could not manage to initialize the token and i could not change the
pin.
The Aladdin eToken can only be initialized after having logged in as a
user and having closed this session again.
The PIN can only be
Cornelius Kölbel wrote:
| Hello,
|
| I am using pkcs11-tool with the Aladdin's pkcs11-lib.
| Many things work out fine.
| But when I try to initialize a eTokenPro I get the following output:
|
| [EMAIL PROTECTED] opensc-0.10.1]# pkcs11-tool --module
| /usr/local/lib/libetpkcs11.so --init-token --
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Marc Bevand schrieb:
> Cornelius Kölbel wrote:
> | Hello,
> |
> | I am using pkcs11-tool with the Aladdin's pkcs11-lib.
> | Many things work out fine.
> | But when I try to initialize a eTokenPro I get the following output:
> |
> | [EMAIL PROTECTE
Hello, I am using the pkcs11-tool with Aladdin's pkcs11 lib with an
eTokenPro. I can not manage to change the User PIN of the Token:
[EMAIL PROTECTED] opensc-0.10.1]# pkcs11-tool --module
/usr/local/lib/libetpkcs11.so -c Please enter the current PIN: Please
enter the new PIN: Please enter the new P
Hello,
I am using pkcs11-tool with the Aladdin's pkcs11-lib.
Many things work out fine.
But when I try to initialize a eTokenPro I get the following output:
[EMAIL PROTECTED] opensc-0.10.1]# pkcs11-tool --module
/usr/local/lib/libetpkcs11.so --init-token --label testToken
Please enter the new SO
56 matches
Mail list logo
