gmane.comp.encryption.opensc.devel

SIM

Hans Witvliet — 2012-05-24T21:49:39

Hi all,

EF's on the smartcard.

Although they miss the directory structure normally found on cards, is
there any reason why i should not be able to read thsoe EF's?

I mean, when inserting a SIM into a reader, i get the ATR, but nothing
more. I hoped that opensc-explorer could read them.

Do those cards require special middleware (like those from safesign) or
is there an other reason why i can not read them?


Hans

libccid + keyboard

2012-05-24T14:02:03

Hi all,

Just accidentally I came across some lines in Lodovic's blog.

For the latest version of licccid-1.4.6, he writes:
"Disable SPE for HP USB CCID Smartcard Keyboard. The reader is bogus and unsafe."

I am not sure what "SPE for HP..." means, 
but I certainly hope I can still use it for our smartcards as we have a couple of thousands of those keyboards.

I hope that it is just an obscure extra feature.

Hans


______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake

ACR122U + MyEID dual interface

NdK — 2012-05-24T13:21:33

Hi all.

Just received $subj and started testing.

Too bad the cards aren't recognized by default:
$ opensc-tool -a -n
Using reader with a card: ACS ACR122U PICC Interface 00 00
3b:85:80:01:4d:79:45:49:44:78
Unsupported card

Is it only matter of unknown ATR and I can safely use force myeid? Or
should I add support for 'em digging in the code (for this, help from
Aventra would be really welcome -- big task!).

Is it possible to make that reader handle multiple cards "in parallel"
(both placed on the reader)?

PS: the card in "MyLogin for Windows" kit reports an ATR of
3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 01 00 00 00 00 6A
Does someone know something about this card?

Tks,
 Diego.

CRYPTOMATE64

NdK — 2012-05-23T11:57:46

Hello all.

Someone already tested that token? It's the only one I could find that
handles RSA4096...

http://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=CRYPTOMATE64

I'm thinking to use one to store our internal root CA's key (4096bit
RSA). [actually I'm thinking more about a "ring of roots", but that's
another story]

Intermediate CAs will use other cards/tokens (still undecided between
Aventra's MyEID and Gooze's ePass2003 token), that are way cheaper and
up to the job :)

BYtE,
 Diego.

Getting Facial image and Biometrics off Piv Card

John Curtis — 2012-05-18T23:41:28

Hello,

Sorry to send email on this thread, given that it is dated.  However it refers exactly to what I am doing at the moment.

First, thanks for the script posted here<http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014318.html>, it was very helpful!

Second, this thread states:

It would greatly help me to see this program as well.  If it is available, can you send it to me?

Many Thanks.
--JDC

John Curtis

Software Development Manager
Cummings Engineering
(480) 459-0547

_______________________________________________
opensc-devel mailing list
opensc-devel< at >lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

BT reader

2012-05-21T08:50:50

Hi,

Anyone around who had the chance to look at
http://www.biometricassociates.com/products-baimobile/smart-card-reader-iphone-android.html

I know that there exist for some time BT-readers, but those from RIM present themselves only as a `rim` device.

These are probably not as cheap as an ordinary reader, but if usable under Linux/OpenSC, it may be worthwhile....

HW


______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and

Cannot compile OpenSC

Nguyễn Hồng Quân — 2012-05-21T02:41:08

Hello all,

I'm trying to compile OpenSC on Ubuntu 12.04, but fail (both OpenSC
0.12.2 and 0.12.3pre), due to this error:

/usr/bin/ld: ../../src/common/.libs/libpkcs11.a(libscdl.o): undefined
reference to symbol 'lt_dlsym'
/usr/bin/ld: note: 'lt_dlsym' is defined in DSO
/usr/lib/i386-linux-gnu/libltdl.so so try adding it to the linker
command line
/usr/lib/i386-linux-gnu/libltdl.so: could not read symbols: Invalid
operation
collect2: ld returned 1 exit status

Anyone encounter this?
Ubuntu 12.04 comes with libltdl v2.4.2. I compiled successfully on
Ubuntu 11.04, with libltdl v2.2.6

OpenPGP card / Cryptostick - current status???

Peter Koch — 2012-05-20T21:35:58

Hi

Early this year I was asked by the German Privacy Foundation
wether I was willing to enhance OpenSC support for their
CryptoStick.
http://www.crypto-stick.com/2011/opensc-pkcs11-driver-development

I wrote a PKCS#11-library for OpenPGP cards in 2010 so I have
some experience with this kind of card. But I did not have
enough time to do this job and I was unsure wether full OpenSC
support for OpenPGP card was passible or not.

Now Nguyễn Hồng Quân is trying to do this and I'm not
sure wether he is going into the right direction. So my suggestion
is to discuss the right direction first here on the mailing list.

Peter Marshall seems to have written most of the current OpenPGP
driver and Jan Suhr from German Privacy Foundation told me that
Martin Paljak already tried to enhance the driver.

Could you give us some information what the status of OpenPGP
support is right now.

Here are my own impressions - if they are wrong, please correct me:

1: OpenPGP cards do NOT have a filesystem like other smart car

PKCS15init profile to omit a part of path

Nguyễn Hồng Quân — 2012-05-18T09:59:10

Hello all,

I need a help to create pkcs15init profile structure so that I can 
change/rewrite the canonical path.

In general, the path to a file AABB in PKCS15 is as: 3F005015AABB, in 
which 3F00 is the MF, 5015 is the PKCS15-AppDF's file-id.

Now, because the virtual file system of my OpenPGP card (which is 
non-pkcs15) is constructed as:
MF (3F00)
    |
   +-- File_1 (AABB)
    |
   +-- File_2 (AACC)
    |
   +--- Directory (DDCC)
           |
          +-- File_3 (CCEE)

the real path to the file is 3F00AABB.
How would I define the profile file to omit the PKCS15-AppDF, i.e. the 
"5015", in the path?

Documentation about *.profile

Nguyễn Hồng Quân — 2012-05-18T04:21:06

Hello all,

I'm trying to write the pkcs15init binding for OpenPGP but have 
difficulty writing the profile file.
Is there a documentation for this file?
I also reference the profile file for other cards, but I don't know 
about those card, so it is rather difficult to figure out.

Can you let me know which card has the most complete profile? And where 
can we that card specification?

Import X.509 certificate via Firefox?

Nguyễn Hồng Quân — 2012-05-16T08:35:39

Hello all,

I'm supplementing OpenPGP card support for OpenSC.
I did some changes in OpenPGP driver and PKCS15 interface to make 
Firefox and Thunderbird read the X.509 certificate stored in the OpenPGP 
card (succeed). Now I want to make Firefox to import certificate to 
OpenPGP card (I implemented write support for OpenPGP driver already), I 
have some question to need your help:

- When Firefox import certificate, which C_* functions in PKCS#11 module 
will be called?
- What is the action flow from the C_* functions in PKCS#11 to the driver?
- Currently, after select *.p12 file, Firefox automatically assume the 
destination as Software Security Device (SSD), instead of asking me 
where to import (SSD or Smartcard...). There may be due to something 
missing in the PKCS-card_driver code. Can you point me what I need to 
implement to make Firefox know that "there are another place to import 
than the built-in SSD"?

Thanks

help Me I'm beginner

hamed izadi — 2012-05-11T17:45:46

Hi
I'm new in PKCS11 and want to create an app under windows platform. the
main goal of this app is to encrypt, decrypt  and wipe off files.
I'm trying to use pkcs11 for two factor authentication and use pkcs11
module for this reason. how can I do that? is it possible with libp11.h
that have presented in site?" if yes how? Please guide me.
I know my question is unusual but I trust  your kindness and wait for your
answer.
sorry I'm so poor in English.
best regards.

flex.profile missing and PIN-EIntry broken

Peter Koch — 2012-05-06T09:20:22

Hi

I just tried to erase my old Cryptoflex card an recreate a PKCS#15-structure
under Windows.

First problem was: flex.profile was missing - here's the relevant debug
output from pkcs15-init -Cvvv

2012-05-06 10:57:54.577 Trying profile file C:\Programme\OpenSC
Project\OpenSC\profiles\pkcs15.profile
2012-05-06 10:57:54.577 profile C:\Programme\OpenSC
Project\OpenSC\profiles\pkcs15.profile loaded ok
2012-05-06 10:57:54.577 [pkcs15-init] profile.c:380:sc_profile_load:
returning with: 0 (Success)
2012-05-06 10:57:54.587 [pkcs15-init] profile.c:327:sc_profile_load: called
2012-05-06 10:57:54.587 Using profile directory 'C:\Programme\OpenSC
Project\OpenSC\profiles'.
2012-05-06 10:57:54.587 Trying profile file C:\Programme\OpenSC
Project\OpenSC\profiles\flex.profile
2012-05-06 10:57:54.598 profile C:\Programme\OpenSC
Project\OpenSC\profiles\flex.profile loaded ok
2012-05-06 10:57:54.598 [pkcs15-init] profile.c:373:sc_profile_load:
returning with: -1201 (File not found)
2012-05-06 10:57:54.598 Failed to load prof

Buffer is not sufficient for extended APDU

Nguyễn Hồng Quân — 2012-05-04T05:05:44

Hello all,

I tried to send extend APDU in opensc-explorer with this command:
apdu 00CA0065000800
and found that the command failed due to insufficient buffer, which had
been automatically allocated:

(The line starting with ">>" is manually added to code by me to track
the process)

Do we consider this a bug?

Fix a crash when trying to list objects viaopensc-pkcs11

Nguyễn Hồng Quân — 2012-05-03T08:36:07

Hello every one,

I've just committed a patch to fix a crash of opensc-pkcs11 when I
tested with CryptoStick.
Please review: https://github.com/OpenSC/OpenSC/pull/31

Does pkcs11-tool crash?

Nguyễn Hồng Quân — 2012-05-02T01:46:20

I'm trying pkcs11-tool with opensc-pkcs11 module and CryptoStick
(OpenPGP card).
The tool crashes when listing objects in the card.
Please let me know if it crashes also with other cards? I have only
CryptoStick, so I cannot test with other cards (I'm trying to fix this
crash).

new release?

Kalev Lember — 2012-04-29T20:50:37

Hello,

The staging branch has some nice changes, in particular I'm interested
in Stef's mlock fixes. Would it be possible to have a new opensc tarball
release off the staging branch, please?


P.S. Why is the development happening on 'staging'? In most open source
projects the 'master' branch is the development branch, which a lot of
people have come to expect.

Handling multiple USB tokens in IFD handler

Alexander Gozman — 2012-04-27T13:30:26

   Hello.

   Probably the problem I'm gonna describe is already known: OpenCT's 
IFD handler, used by pcscd, does not
handle multiple USB tokens correctly. With one token everything works 
fine, but if you insert another one, it
leads either to error, or even to pcscd's segmentation fault.
   The problem hides in CT_init() and CT_close() functions. The first 
one calculates wrong channel number for a
new device, and the second causes memory corruption when deleting an 
item from a linked list.
   I've made a simple patch that corrects these problems and makes IFD 
handler work good - see the attachment.
Hope it'll be useful.

_______________________________________________
opensc-devel mailing list
opensc-devel< at >lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Biometric integraiton?

Marc Boorshtein — 2012-04-25T13:10:06

So I now I have a PIV card that I know has a certificate on it because
I can login to my windows terminal with it (XP).  The card is using
biometrics or a passphrase to unlock.  We're using Precise Biometrics
card reader.  When I put the card into my OmniKey 3021 it didn't
recognize it at all, said it was an invalid card type (I'll send over
the logs).

Here's my question, does OpenSC support any of the biometric readers?

Thanks
Marc

epass2003 unpowered immediately after plugging in

Martin Kaiser — 2012-04-24T21:38:17

Dear all,

I've spent some time trying to get my epass2003 token to work with
opensc and pcsclite. Unfortunately, I'm stuck and I hope you can help me
track down my problem.

I'm running on Debian squeeze
Linux xxx 2.6.39-bpo.2-amd64 #1 SMP Tue Jul 26 10:35:23 UTC 2011 x86_64
GNU/Linux

I'm using pcsclite and ccid drivers (compiled from source, not the
debian packages)

pcsc-lite version 1.8.3.
Copyright (C) 1999-2002 by David Corcoran <corcoran< at >linuxnet.com>.
Copyright (C) 2001-2011 by Ludovic Rousseau <ludovic.rousseau< at >free.fr>.
Copyright (C) 2003-2004 by Damien Sauveron <sauveron< at >labri.fr>.
Report bugs to <muscle< at >lists.musclecard.com>.
Enabled features: Linux x86_64-unknown-linux-gnu serial usb libudev
usbdropdir=/usr/local/pcsclite/lib/pcsc/drivers ipcdir=/var/run/pcscd
configdir=/usr/local/pcsclite/etc/reader.conf.d


The token is detected by pcscd, it's powered when I plug it in. However,
it's unpowered immediately after reading the ATR. Therefore, it's not
visible with opensc-tool -l or similar.

It's

Where the card->ops is populated?

Nguyễn Hồng Quân — 2012-04-23T10:11:21

Hi all

I'm new and I'm researching OpenSC.

I'm tracing the "card->ops" variable in opensc-explorer.c, which points
to a list of functions to be called.
I want to know when that list is populated, to see how OpenSC know to
call the function specific to the connected card (function for OpenGPG
for example).

I just found this line:
memcpy(card->ops, card->driver->ops, sizeof(struct sc_card_operations));
but cannot trace any longer the driver->ops list.

Please help.