On Thu, 7 Jun 2001, Carlos Prados wrote:
Hi,
--- David Corcoran [EMAIL PROTECTED] wrote:
Definitely. The interface exported must be a subset
of the
available functionality or else someone could write
a worm which does a
Verify Key function incorrectly and blocks cards
where
On Fri, 8 Jun 2001, Dr S N Henson wrote:
Carlos Prados wrote:
Again, I would pay more athention to local security.
Why is the file /tmp/.pcscrx world writtable? isn't
this a security hole?
On the subject of security...
As may be apparent I've only just got my setup working and
PROTECTED]]
Gesendet am: Freitag, 8. Juni 2001 12:07
An: [EMAIL PROTECTED]
Betreff: Re: MUSCLE Linux Login with RSA SmartCards
You can design your application so that whenever a signature (or
decryption) operation is to be performed, a PIN code should be presented,
the operation performed
Hi,
--- David Corcoran [EMAIL PROTECTED] wrote:
Definitely. The interface exported must be a subset
of the
available functionality or else someone could write
a worm which does a
Verify Key function incorrectly and blocks cards
where services are
available.
Even worst. If you leave
Carlos Prados wrote:
Again, I would pay more athention to local security.
Why is the file /tmp/.pcscrx world writtable? isn't
this a security hole?
On the subject of security...
As may be apparent I've only just got my setup working and I've not
examined things in any detail. I did
On Mon, Jun 04, 2001 at 12:57:20PM -0700, David Corcoran wrote:
Hello,
You can't use pcsc-lite-0.9.1 for remote use of the resource manager. I
wanted to create the core package as local only. I'm working on an RPC
like service that sits atop the local service which will export the PC/SC
On Wed, 6 Jun 2001, Ludovic Rousseau wrote:
On Mon, Jun 04, 2001 at 12:57:20PM -0700, David Corcoran wrote:
Hello,
You can't use pcsc-lite-0.9.1 for remote use of the resource manager. I
wanted to create the core package as local only. I'm working on an RPC
like service that sits
For accessing remote computers (which the original query was about)
something like ssh or secure telnet using smart card based keys
for authentication would be more appropriate.
Of course what you really want is for the session to be secure all the way
to the card, not just to the
Hi,
I think the PCSC is good enough if it enables access
to the local smartcard to local proceses, and
verifies that the user has UNIX permission to use the
smartcard reader (for instance if /tmp/.pcsctx anc
/tmp/.pcscrx are accessibe to the user).
For remote authentication, a client/server
Definitely. The interface exported must be a subset of the
available functionality or else someone could write a worm which does a
Verify Key function incorrectly and blocks cards where services are
available. A signature function must be carefully exported and
authenticated to so it does not
Hello,
You can't use pcsc-lite-0.9.1 for remote use of the resource manager. I
wanted to create the core package as local only. I'm working on an RPC
like service that sits atop the local service which will export the PC/SC
interface . To the apps it will be identical to the older
Hi,
You're right, you have to change these two lines that it works properly.
The standard file size for the 0x file (CHV) is 39 (0x27).
We forgot to add the header while creating the file, so it is 16 bytes too
short.
It is strange that it worked for our cards.
Thanks for your hint!
Martin
Hi,
The package looks fine for me. It fails for me with
Cyberflex, but it's due to the timeout issue I have
asked in the other thread in this mailing list.
Just one question: do you intend to hanlde the case
where the user logs in from a remote computer via,
let's say `telnet` ?
Because
Hi,
I got 67 00 (wrong length) while running `makecard',
when the program tried to do an Update Binary of the
EF 0x (CHV1).
The message returned by the program was error writing
PIN
I edited the file cat/makecard.c, line 250, activated
the line:
check = createFile(0x, 0x0027,
Message -
From: David Corcoran [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, June 02, 2001 4:57 AM
Subject: Re: MUSCLE Linux Login with RSA SmartCards
Hi,
This looks great. A couple of notes:
the --aut0=aut0 XXX does not seem to work - it still
Hi,
This looks great. A couple of notes:
the --aut0=aut0 XXX does not seem to work - it still uses the
default keys. I checked the code and if cryptoflex is found then it
overwrites the command line with the cryptoflex default aut0.
This looks really good though - now I just need to
16 matches
Mail list logo