Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

On Mon, 2010-08-30 at 00:54 +0200, Andre Zepezauer wrote: > To summarise my impression of the upcoming 0.12.0 release, the feature > set is low. The most user visible things are the graphical installers > and the support of new cards. Other changes are bug fixes and small > improvements. Things tha

[opensc-devel] pcscd access rights limitation and scard group

Hello, As listed on the pcsc-lite TODO file [1] I would like to run pcscd as a normal user instead of root. To do this I need to: 1. select a normal user id or group id to use 2. write a udev (or whatever hotplug mechanism is used) file to set the access rights of the USB reader device when connec

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

Hello, First, thank you for a constructive review. On Aug 30, 2010, at 1:54 AM, Andre Zepezauer wrote: > I had a look at the NEWS file to see which improvements it will bring to us. > After reading > this list of changes some questions arises to me: NEWS file can be and probably is incomplete. B

Re: [opensc-devel] pcscd access rights limitation and scard group

Hello, On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: > As listed on the pcsc-lite TODO file [1] I would like to run pcscd as > a normal user instead of root. To do this I need to: Good idea. > But since both OpenCT and pcsc-lite should not be installed at the > same time the problem is ve

Re: [opensc-devel] New Italian CNS/eID patch

On Aug 27, 2010, at 12:55 PM, Andre Zepezauer wrote: > On Fri, 2010-08-27 at 11:12 +0300, Martin Paljak wrote: >> Hello, >> >> On Aug 26, 2010, at 6:34 PM, Andre Zepezauer wrote: >>> One application for the give_random() function is contained in the >>> attached patch. In short: C_SeedRandom() w

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

Hello, On Aug 30, 2010, at 10:22 AM, Jean-Michel Pouré - GOOZE wrote: > IMHO, I support a 0.12.0 release for these reasons: > > * Maintaining two different releases is a lot of work. ... Yes, it is apparently difficult and a lot of work to roll out a 0.11.14 tarball (with the pcsc-lite changes),

Re: [opensc-devel] Opensc and SetCOS.

Hello again, Just to clarify before posting fully debuglogs, we have our private certificates on these cards. But those are not exportable right ? And by posting fully opensc(debug 99) logs here i wont expose those in any way right ? /Patrik Martinsson On 08/27/2010 01:37 PM, Patrik Martin

Re: [opensc-devel] [Muscle] Re: pcscd access rights limitation and scard group

Helo, On Aug 30, 2010, at 1:36 PM, Johannes Findeisen wrote: > On Mon, 2010-08-30 at 13:11 +0300, Martin Paljak wrote: >> On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: >>> As listed on the pcsc-lite TODO file [1] I would like to run pcscd as >>> a normal user instead of root. To do this I

Re: [opensc-devel] [Muscle] Re: pcscd access rights limitation and scard group

Hello Martin, On Mon, 2010-08-30 at 14:04 +0300, Martin Paljak wrote: > Helo, > On Aug 30, 2010, at 1:36 PM, Johannes Findeisen wrote: > > > On Mon, 2010-08-30 at 13:11 +0300, Martin Paljak wrote: > >> On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: > >>> As listed on the pcsc-lite TODO fil

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

On Mon, 2010-08-30 at 12:40 +0300, Martin Paljak wrote: > Hello, > > First, thank you for a constructive review. > > On Aug 30, 2010, at 1:54 AM, Andre Zepezauer wrote: > > I had a look at the NEWS file to see which improvements it will bring to > > us. After reading > > this list of changes som

Re: [opensc-devel] Opensc and SetCOS.

Hello again, Here is the log with the card *not insterted* in the reader. I'm using this version of pcsc. rpm -qa | grep pcsc pcsc-lite-libs-1.5.2-5.el6.x86_64 pcsc-lite-1.5.2-5.el6.x86_64 pcsc-lite-devel-1.5.2-5.el6.x86_64 pcsc-lite-debuginfo-1.5.2-5.el6.x86_64 ccid driver I'm currently using

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

Hello, thanks for going through the drivers! > The handful of drivers with insecure operations I was talking about, I > got with the following command: grep -n OPENSSL libopensc/card-*.c > > But looking closer to each drivers source, I must confess that there are > only two of them affected: > >

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

On Mon, 2010-08-30 at 13:42 +0300, Martin Paljak wrote: > Providing "official unofficial" .deb and .rpm packages would be nice > (as said in a previous e-mail). Feel free to work on that. Not sure. The availability of packages is linked to the Debian release schedule. After Debian Squeeze is rel

Re: [opensc-devel] pcscd access rights limitation and scard group

2010/8/30 Martin Paljak : > Hello, > > On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: >> As listed on the pcsc-lite TODO file [1] I would like to run pcscd as >> a normal user instead of root. To do this I need to: > Good idea. > >> But since both OpenCT and pcsc-lite should not be installed

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

Hello, On Aug 30, 2010, at 2:52 PM, Emanuele Pucciarelli wrote: >> The handful of drivers with insecure operations I was talking about, I >> got with the following command: grep -n OPENSSL libopensc/card-*.c >> >> But looking closer to each drivers source, I must confess that there are >> only tw

Re: [opensc-devel] Problem with 2K keys and MyEID

Aventra development wrote: The 1K key generation works nicely, but we are having a problem generating a 2K key using OpenSC 0.11.13 and our own MyEID card. OpenSC correctly finds a new file id and creates the file, and after that it tries to store the key to that file. The issue is that th

Re: [opensc-devel] How to Initialize a token using C_InitToken() from PKCS#11 interface?

I think my last message got cut because of too many attached files, so I'm resending with links to the files. Also, please enable debugging (set to 9 and uncomment debug_file in > opensc.conf) and send the generated log file. This file (opensc-debug.log

Re: [opensc-devel] Personal Review Of The Upcoming 0.12.0 Release

On Mon, 2010-08-30 at 16:36 +0300, Martin Paljak wrote: > Hello, > > On Aug 30, 2010, at 2:52 PM, Emanuele Pucciarelli wrote: > >> The handful of drivers with insecure operations I was talking about, I > >> got with the following command: grep -n OPENSSL libopensc/card-*.c > >> > >> But looking c

Re: [opensc-devel] use algorithm_ref in set_security_env

Hello, Andre Zepezauer wrote: > Hello, > > attached is a patch which makes it possible to explicitly request > specific algorithms for the cryptographic operations. The advantage is, > that if the token provides sufficient information about itself, then the > driver is not required to do any gues

Re: [opensc-devel] use algorithm_ref in set_security_env

On Mon, 2010-08-30 at 17:50 +0200, Viktor TARASOV wrote: > Hello, > > > Andre Zepezauer wrote: > > Hello, > > > > attached is a patch which makes it possible to explicitly request > > specific algorithms for the cryptographic operations. The advantage is, > > that if the token provides sufficient

[opensc-devel] Initialisation of CardOS

Hello all, what do you think of dropping the possibility to initialise CardOS smart cards in 0.11.14? The reason of doing so, is to stop the production of more of these questionable split-key cards. People who want to initialise CardOS are then forced to do this with either 0.11.13 or 0.12.X. Hop

Re: [opensc-devel] Initialisation of CardOS

Am Montag 30 August 2010, um 22:13:34 schrieb Andre Zepezauer: > what do you think of dropping the possibility to initialise CardOS smart > cards in 0.11.14? The reason of doing so, is to stop the production of > more of these questionable split-key cards. Very bad idea. CardOS is working very wel