[opensc-devel] Testing a new driver - File not found
Hi everybody Several days ago I wrote a message about testing a new driver. I wrote my new driver over piv driver. Now, I am testing it... My driver uses a pkcs15-emulator. When I use pkcs15-init -C , I get the following message: [pkcs15-init] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 14 bytes] = 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 .. == [pkcs15-init] reader-pcsc.c:173:pcsc_internal_transmit: called [pkcs15-init] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 6A 82 j. ( File not found ) [...] Card does not support the requested operation If I have an emulation layer, this call will not fail... I want to know if I am in right way or I must to change anything. Thank you everybody. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC 0.11.8 released with security update
> Hej Rickard, > > I think we met after the EPP presentations? Hmm... Sorry, can't recall that I was at the EPP presentations. > I saw it, and it is still in my inbox (along with thousands > of other open source messages that I could and should attend > to if I had time) but because you didn't "have time" to send > a patch, I figured the problem was not too serious. Sorry about that. Found the issue when I was about to run to my bus home. > Maybe get Jakob S and AMEL involved and go talk to people at > IIS about open source. I think they really know that it is > important to contribute back, so it should really be possible > for you to spend a few minutes on creating the patch and > explain what issues are about when you encounter them. Yeah, we know about open source and they are involved. Have sent patches before. Just thought that a one-liner-fix would be equivalent of work for the developer as applying a patch. Also attached the problem description with that email. > > so I'm sorry everyone missed your email, I guess it shows > the state of > > the project quite well. > > Yeah. I will try to be more clearer in the future. Thanks for your good work. // Rickard PGP.sig Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Am Dienstag 12 Mai 2009 09:32:57 schrieb Egon: > Hi everybody > > Several days ago I wrote a message about testing a new driver. I wrote my > new driver over piv driver. Now, I am testing it... My driver uses a > pkcs15-emulator. > > When I use pkcs15-init -C , I get the following message: I'm no expert on PIV, but I thought all emulated cards are read-only, i.e. they have no code to change the card (other than maybe change or unblock a PIN). lets say: most emulated cards are national id cards, so you can't change them. not sure if PIV is different, but it would be the first emulated card that can be initialized, to my knowledge at least. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Hi Egon, I think, if you use pkcs15 emulation you can't or didn't need to use pkcs15-init tool, using pkcs15 emulation it's required when cards are uncompatible with real pkcs15 structure so pkcs15-init tool can't use them. Use an another tool to init them or create yours... François. Egon a écrit : > Hi everybody > > Several days ago I wrote a message about testing a new driver. I wrote my new > driver over piv driver. Now, I am testing it... My driver uses a > pkcs15-emulator. > > When I use pkcs15-init -C , I get the following message: > > [pkcs15-init] apdu.c:184:sc_apdu_log: > Outgoing APDU data [ 14 bytes] = > 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 .. > == > [pkcs15-init] reader-pcsc.c:173:pcsc_internal_transmit: called > [pkcs15-init] apdu.c:184:sc_apdu_log: > Incoming APDU data [2 bytes] = > 6A 82 j. ( File not found ) > [...] Card does not support the requested operation > > If I have an emulation layer, this call will not fail... I want to know if I > am in right way or I must to change anything. > > Thank you everybody. > > > > > > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Thank you for your quick response. If I want to test my new driver, I must to write card-CARD.c and pkcs15-CARD.c . With pkcs15-tool can be useful? pkcs11-tool -I can be useful? My card have no pkcs15 structure, but it has an emulation layer. I think that I must to modify my pkcs15-CARD.c in order to select the correct EF in my card that contains pkcs15 data. If I test pkcs11-tool -I I get the following message: [opensc-pkcs11] pkcs15.c:532:sc_pkcs15_bind_internal: unable to enumerate apps: Incorrect parameters in APDU [opensc-pkcs11] pkcs15.c:761:sc_pkcs15_bind: returning with: Unsupported card Cryptoki version 2.11 Manufacturer OpenSC (www.opensc-project.org) Library smart card PKCS#11 API (ver 1.0) Thank you very much. I want to say thank you specially to Andreas Jellinghaus. --- El mar, 12/5/09, Andreas Jellinghaus escribió: > De: Andreas Jellinghaus > Asunto: Re: [opensc-devel] Testing a new driver - File not found > Para: opensc-devel@lists.opensc-project.org > CC: "Egon" > Fecha: martes, 12 mayo, 2009 9:43 > Am Dienstag 12 Mai 2009 09:32:57 > schrieb Egon: > > Hi everybody > > > > Several days ago I wrote a message about testing a new > driver. I wrote my > > new driver over piv driver. Now, I am testing it... My > driver uses a > > pkcs15-emulator. > > > > When I use pkcs15-init -C , I get the following > message: > > I'm no expert on PIV, but I thought all emulated cards are > read-only, > i.e. they have no code to change the card (other than maybe > change or > unblock a PIN). > > lets say: most emulated cards are national id cards, so you > can't change > them. not sure if PIV is different, but it would be the > first emulated > card that can be initialized, to my knowledge at least. > > Regards, Andreas > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Hi Egon, so I get this right: you have a blank card, and you want to write a driver for it, so you can initialize that card, create PINs, create or store keys, store certificates and so on? but you don't want to implement PKCS#15, but some other format instead? I think you need to write a huge amout of code. the basic infrastructure should be already there: pkcs11 has a framework interface, and currently there is only a pkcs15init implementation. you can add an implementation of your own, and link it to your card driver. but note: noone has implemented something like this before, all the emulation drivers we have are read-only so far. good luck! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Sorry, I've done. I've integreated "westcos" cards. You need to implement a "card-xxx.c " a "pkcs15-xxx.c" and to create a tool "xxx-tool.c" With westcos-tool I use opensc api to write file I need on the card, I use pkcs15-westcos.c to emulate pkcs15 structure for this card and of course card-westcos for interface betwin opensc and westcos card. It is not so hard, but be careful I've started integrating this in librairies (under windows) and this not work with vista due to memory management (all malloc, calloc must be free in same process and opensc don't care of this). I put my work like internal card module and build completly opensc (cross compiling under linux) and it seem to work. For now I try to get avaibility to build on windows with virtual linux... (I use qemu and a debian distribution) The more difficult is to build completly opensc under linux with your code but if you are under linux it's quite easy. So go and if you need some help... Good luck. François. Andreas Jellinghaus a écrit : > Hi Egon, > > so I get this right: you have a blank card, and you want to write > a driver for it, so you can initialize that card, create PINs, > create or store keys, store certificates and so on? > > but you don't want to implement PKCS#15, but some other format > instead? > > I think you need to write a huge amout of code. > the basic infrastructure should be already there: > pkcs11 has a framework interface, and currently there is only > a pkcs15init implementation. you can add an implementation > of your own, and link it to your card driver. > > but note: noone has implemented something like this before, > all the emulation drivers we have are read-only so far. > > good luck! > > Regards, Andreas > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Hi Andreas and François and everybody! Thank you for your quick response. I have already initialized the card, this one have no pkcs15 structure, but I can create a few EFs into a DF. I think that I can implement a file system into a large EF and I will use it to store all pkcs15 structure. This option can be dangerous in security ways, because I must to set read only access to this EF that contains the filesystem and a person can do an image from my filesystem and compromise it. I made several changes to pkcs15-syn in order to register the new driver. I added to opensc in builtin mode in a linux system. I have a filesystem coded in C++, can I use it with opensc? Could be any problem with this change ? I have seen that opensc is coded in C, can I change Makefile from gcc to g++? Thank you very much, regards. --- El mar, 12/5/09, Andreas Jellinghaus escribió: > De: Andreas Jellinghaus > Asunto: Re: [opensc-devel] Testing a new driver - File not found > Para: "Egon" > CC: opensc-devel@lists.opensc-project.org > Fecha: martes, 12 mayo, 2009 11:39 > Hi Egon, > > so I get this right: you have a blank card, and you want to > write > a driver for it, so you can initialize that card, create > PINs, > create or store keys, store certificates and so on? > > but you don't want to implement PKCS#15, but some other > format > instead? > > I think you need to write a huge amout of code. > the basic infrastructure should be already there: > pkcs11 has a framework interface, and currently there is > only > a pkcs15init implementation. you can add an implementation > of your own, and link it to your card driver. > > but note: noone has implemented something like this > before, > all the emulation drivers we have are read-only so far. > > good luck! > > Regards, Andreas > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Testing a new driver - File not found
Egon wrote: > Hi everybody > > Several days ago I wrote a message about testing a new driver. I wrote my new > driver over piv driver. Now, I am testing it... My driver uses a > pkcs15-emulator. > The piv driver was never designed to work with pkcs15-init. as the card is not file based, and in normal use, OpenSC would only use the card, not initialize one. So you may have to add a lot of code if you need pkcs15-init. But for testing with beta PIV cards, the piv-tool.c was written to generate a key on the card (and retrieve the public key at the same time). OpenSSL with engine can be used to get a request signed, and the piv-tool can then load the cert on to the card. > When I use pkcs15-init -C , I get the following message: > > [pkcs15-init] apdu.c:184:sc_apdu_log: > Outgoing APDU data [ 14 bytes] = > 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 .. > == > [pkcs15-init] reader-pcsc.c:173:pcsc_internal_transmit: called > [pkcs15-init] apdu.c:184:sc_apdu_log: > Incoming APDU data [2 bytes] = > 6A 82 j. ( File not found ) > [...] Card does not support the requested operation > > If I have an emulation layer, this call will not fail... I want to know if I > am in right way or I must to change anything. > > Thank you everybody. > > > > > > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
