Please consider adding the attached patch to pkcs15-gemsafe.c
which I originally sent August 10. This version is against
the 0.11.2-pre2.
While trying to use the GemSafe cards as formated by GemPlus
for Windows, with Id Ally CSP I ran across a few problems,
of which all but one are fixed by this patch:
The private key needs to be listed a public so the pkcs15-framework
can use the public key from the cert.
The path to the private key needs to be relative, not absolute
so the security environment is not lost.
Max size needs to be 248, as is required by some other cards too.
I believe the change was not added in August becaue I had included
some comments about IdAlly having a problem. This change is not
dependent on them, and they are also fixing thier problem.
Thanks.
Andreas Jellinghaus wrote:
Hi,
I also create a new opensc pre release. But I have no clue about the
current status of the trunk code, and have no yet looked at the bugs
in our bug tracker or everyone else bugs tracker and patch repository.
This release is meant as a reference point so we can have a look, check
for remaining issues to fix, and as a good candidate for testing all the
new code we added since the last release.
I meant to change parts of the muscle code for a while, but as you can
see, I didn't manage to get it done. Meanwhile thomas has improved the
code several times. So lets have another look at it and check that
it works and document how to use it.
http://www.opensc-project.org/files/opensc/testing/
http://www.opensc-project.org/files/opensc/testing/opensc-0.11.2-pre2.tar.gz
Feedback on this release is very welcome.
Special thanks to martin for checking the old bugs and closing the
obsolete ones etc. I do appreciate that a lot!
Regards, Andrea
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--- ,pkcs15-gemsafe.c Sun Jul 23 05:10:46 2006
+++ pkcs15-gemsafe.c Fri Nov 3 17:08:12 2006
@@ -186,8 +186,8 @@
};
const prdata prkeys[] = {
- { "1", "AUTH key", 1024, USAGE_AUT, "3F0002000009",
- 0x00, "1", SC_PKCS15_CO_FLAG_PRIVATE},
+ { "1", "AUTH key", 1024, USAGE_AUT, "I0009",
+ 0x00, "1", 0},
{ NULL, NULL, 0, 0, NULL, 0, NULL, 0}
};
@@ -209,6 +209,13 @@
SC_FUNC_CALLED(card->ctx, 1);
+ /* need to limit to 248 */
+ if (card->max_send_size > 248)
+ card->max_send_size = 248;
+ if (card->max_recv_size > 248)
+ card->max_recv_size = 248;
+
+
/* could read this off card if needed */
p15card->label = strdup("GemSAFE");
@@ -473,9 +480,6 @@
/*DEE need to look for them by reading and checking mudulus vs
cert */
- prkey_info.path.value[2] = dfpath >> 8;
- prkey_info.path.value[3] = dfpath & 0xff;
-
/* will use the default path, unless we found a key with */
/* the same modulus as the cert(s) we already added */
/* This allows us to have a card with a key but no cert */
@@ -484,8 +488,8 @@
if (sc_pkcs15_compare_id(&kinfo[j].id, &prkey_info.id))
{
sc_debug(card->ctx, "found key in file %d for
id %d",
kinfo[j].fileid, prkey_info.id);
- prkey_info.path.value[4] = kinfo[j].fileid >> 8;
- prkey_info.path.value[5] = kinfo[j].fileid &
0xff;
+ prkey_info.path.value[0] = kinfo[j].fileid >> 8;
+ prkey_info.path.value[1] = kinfo[j].fileid &
0xff;
break;
}
}
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
