Hi, I don’t have any objections on the change you proposed Andre. I have also prepared and attached to this message a patch, please review and commit. It adds the following features to the MyEID driver (based on trunk) includes also some fixes on whitespace:
- Card initialization and finalization (activation) - Key generation (thanks to Viktor, however now I have some problem with pcsc transmit failing after some time while the card is generating the key) - PIN change and unblock (code added to MyEID driver, but it does not work with pkcs15-tool (does nothing), pkcs11-tool works, but pkcs#11 module does not when using Firefox). Other problems with firefox is that certificate enrollment does not work when using the pkcs#11 module, e.g. when using this site: pkitest.gdm.de/starsign Anyway it's a step forward. If somebody is able to help with the Firefox problem or knows why the pkcs15-tool does not work, feel free to edit the code or send some information to me so we will get also these working. Kind regards, Toni > -----Original Message----- > From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- > boun...@lists.opensc-project.org] On Behalf Of Andre Zepezauer > Sent: 31. elokuuta 2010 21:02 > To: Viktor TARASOV > Cc: 'OpenSC-devel' > Subject: Re: [opensc-devel] Problem with 2K keys and MyEID > > On Tue, 2010-08-31 at 18:40 +0200, Viktor TARASOV wrote: > > Andre Zepezauer wrote: > > > On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote: > > > > > >> Aventra development wrote: > > >> > > >>> The 1K key generation works nicely, but we are having a problem > > >>> generating a 2K key using OpenSC 0.11.13 and our own MyEID card. > > >>> > > >>> OpenSC correctly finds a new file id and creates the file, and after > > >>> that it tries to store the key to that file. > > >>> > > >>> The issue is that the created file’s size is only 1024 bytes, so the > > >>> card will answer with 67 00 (Wrong length). > > >>> > > >>> Some code in OpenSC decides to create the wrong sized file, but I have > > >>> not been able to find it. > > >>> > > >>> Now I’m curious that, does other cards work when generating (or just > > >>> loading) 2048 byte keys? > > >>> > > >>> > > >> For me, to generate the 2048 bits key on the Aventra card, > > >> the following path was needed to be applied to the OpenSC trunk. > > >> > > >> If no objection, I'll commit this patch to trunk. > > >> > > > > > > Hello Viktor, > > > > > > I would write the check for supported modulus length a bit more generic. > > > But it's functional the same like yours, because myeid supports only > > > 1024 and 2048 bit (at least the driver does). Therefore it doesn't > > > matter a lot. > > > > > > #include "internal.h" > > > > > > pkcs15init/pkcs15-myeid.c:513 > > > /* check that the card supports the requested modulus length */ > > > if (_sc_card_find_rsa_alg(p15card->card, keybits) == NULL) > > > SC_TEST_RET(ctx, LEVEL, ERROR, MSG); > > > > > > > Agree, it's much better. > > I hope that Toni (maintainer of myEID driver) have no objections. > > > > > On the other hand it would be fine to give a good example, because > > > someone may want to copy+paste your code. See copy+paste in the card > > > drivers [1]. > > > > > > The same check also occurs in line 427, 514, 574, 637. And interestingly > > > _always_ some lines below there is the following conditional assignment: > > > if (file->size < 1024) > > > file->size = 1024; > > > > > > > Will you prepare the patch? > > Haven't the required hardware, therefore testing isn't possible to me. > But if someone would send me some pieces of these cards, I could do it > myself the next time. > > > > Regards > > > Andre > > > > > > > Kind wishes, > > Viktor. > > > > > [1]http://www.opensc-project.org/pipermail/opensc-devel/2010- > August/014615.html > > > > > > > > > > > > > > > > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel
opensc-myeid.patch
Description: Binary data
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
