MUSCLE Mac Support
Macintosh support is now included. Revised code is posted. Musclecard-1.5 is now out. To enable Macintosh mode: go into defines.h and instead of #define CPU_PC_UNIX make it CPU_MAC_OS. It will compile just fine under Code Warrior. I am working on porting the Xapp and should have that soon on Mac. What is coming Added reader support. Some support for CT-API compatible readers and the OKI pocket dock reader. Thanks Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE PAM support
I released a 1.6 version of musclecard. It comes with a directory allowing you to use PAM with your reader/card. It is a skeleton and just checks to see if the card returns a valid ATR but it will work with most services including login,chfn,passwd,etc. I also ifdef'd all of the printf. I you would still like to see that #define DEBUG in dbiiso.h I will probably work on a fairly secure PAM module soon but have fun in the meantime. RedHat users should have PAM preinstalled since version 3.XX. The module compiles as a shared object and must be placed in your /lib/security directory. View the README under the pam_modules directory. Thanks Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE GSM APDU
To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED] Subject: APDU for GSM Cards Date: Mon, 3 Aug 1998 20:29:23 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, perhaps someone can tell me, what commands for my APDU i have to use to read/write a telefon entry to/from a gsm simcard? I know that the structure is "CLA | INS | P1 | P2 | Lc | DataField | Le" but what = values i need for perhaps, to read the 10th entry of my simcard? Thanks in advance J=F6rg K=F6nig J=F6rg K=F6nig + Department of Computer Science + Univ. of Koblenz [EMAIL PROTECTED] http://www.uni-koblenz.de/~fritz *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE CT-API specs
I posted the specs for CT-API on the website under docs. Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Readers supported
Please let me know if you need any help in figuring out what commands to send to the CT_Data() function in order to check status, reset, etc. You can find the document on the MUSCLE web site for the Reflex reader. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Question - SLB and Fischer Smarty (sc reader in floppy drive)
Yes, I have seen the smarty. Unfortunately it works via battery and the battery runs out quite quickly. It would work great though if there was a power adaptor for it although that would be kind of ugly. Dave On Tue, 15 Sep 1998, you wrote: Dave, Have you worked with or seen the Smarty card reader from Fischer? I was wondering what you thought of it. Apparently it works with SLB and litronic software/cards -- at least on Win boxes. The Smarty SC reader apparently it fits in a standard floppy drive Everyone has a floppy drive. I very intrigued by this. -- Mike B. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Re: Xcard app libieee
libieee is not required in the Makefile fr Xcard in order to build. I probaly used some modified Makefile that I was using in another project. I'll remove the dependency this weekend. Thanks Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Resource Manager
Ok, I have released a sample base for a resource manager. The code calls the config file function to return key/value pairs from the config file called config.txt. This function returns the location of the reader CT-API library for the specified reader SLB_RF_60 (Schlumberger Reflex 60). The library is then dynamically loaded and some sample smartcard functions are applied using the CT-API provided by the dynamic library that is loaded. The library is then closed and the program exits. This is base code for a Resource manager. It just needs to be cleaned up and CT-BCS functions need to be implemented in an API that sits above all of this. Then we just need to make it static to all applications and lock handles and we have finished a very simple resource manager. Let me know what you think. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Code Page
I'm releasing some code which reads configuration files. This in particular comes with a config file. Why ? Right now it takes key/pair values ignoring comments (anything that starts with #). If I put in TOW_CD_EX for the Towitoko Chip Drive External the function will return ./towcdex.so. Basically the location that the CT-API shared object is at. It is very simple and comes with a test program. I'm going to set up the code page into 3 sections and make the above available tonight. The three sections will include: 1. Legacy Applications / Drivers - Please don't build anything new on this. 2. CT-API compliant reader drivers. Eventually I would like all of our drivers written to support the CT-API and CT-BCS so they will work seamlessly with the resource manager. 3. All resource manager code - This includes code snipplets that may be useful in implementation of the resource manager like the dynamic library and configfile stuff. It should be up by 8:00 EST. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Resource Manager
Now that the link is fixed I'll explain what we would have to do for the low levels on a resource manager. On the top level or the level that is what the Application uses we can write a PC/SC subset of commands for the Application to talk to. Unfortunately there are some kernel issues here if we want the resource manager to show up as a device like /dev/smartcard or whatever. I suppose you could have a static shared library which all the applications call also. Anyway, in this high level API there is a command which allows the Application to tell the Resource Manager which reader to utilize. So a command might be like this HandleIoInitialize ("Towitoko ChipDrive extern", PORT_COM2); This functions (which is bogus) would then grep a configuration file looking for the "Towitoko ChipDrive extern" configuration. It would then see what ports are available to it and if everything was OK, that file would also list the location of it's shared library. The shared library would then be loaded into memory which has it's appropriate CT-API commands with CT-BCS implemented underneith even if the reader was poorly designed to fit this spec we can always emulate in software. The above function would return a Handle known to the Resource Manager which would put a lock on that handle and the application could then speak freely to the smartcard. The resource manager should be flexible enough to handle readers with PIN pads, Displays, etc. such like the CT-BCS did. We can do this by adding entries into the configuration file. I suppose we will have just 1 file for all of the readers instead of splitting them up. That could be a mess. The Resource Manager is surprisingly pretty simple to do I'm just not quite so sure how I want all of the applications to be able to communicate with it. I will need some suggestions here. Questions ? Concerns ? Let me know. Thanks Dave -- ****** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Update
Hello, Here is an update on what is going on. Ok, I wrote a CT-API driver writer HOW-TO last night and posted it up on the site. It also includes skeleton code and has most everything else filled in. I also released a new version of the CT-API for Reflex 62/64 that is CT-BCS compliant. It currently doesn't support the PIN pad but that is an easy fix. For more information please review the ctapi-howto.html. You will notice that all new code will by default compile to shared libraries. This is so the new modules will work with the resource manager. I just finished an upper level API for the resource manager. Basically what I have done now handles: 1 Finds reader in config file returns library and dynamically loads it. 2. Sets up all the pointers to the function in that library. 3. Provides necessary reader/card functions. Basically you have a few functions. Nevermind, I'll just include the header file to this email. #ifndef ctbcs_h #define ctbcs_h #ifdef __cplusplus extern "C" { #endif /* * NAME: * ctbcs.h - Copyright (C) 1998 David Corcoran * [EMAIL PROTECTED] * * DESCRIPTION: * This calls the CT-BCS standard commands from the CT-API. * * AUTHOR: * David Corcoran, 9/18/98 * * LICENSE: See file LICENSE. * */ #include "defines.h" /* Dynamically loads the specified CT-API library */ int CTB_LoadCTLibrary ( char *pcConfigFile, // Config File Location. char *pcReader// Reader Id. ); /* Dynamically unloads the current CT-API library */ int CTB_CloseCTLibrary ( void ); /* Initializes the port which the CT resides */ int CTB_Init ( int iTerminal, // Terminal Number. int iPort // Port Number. ); int CTB_Close ( int iTerminal // Terminal Number. ); /* Resets the CT */ int CTB_ResetCT ( int iTerminal, // Terminal Number. unsigned char cUnit,// Slot Number. unsigned int *lr, // Length Atr. unsigned char *Atr // Atr. ); /* Powers the ICC and returns the Atr */ int CTB_RequestICC ( int iTerminal,// Terminal Number. unsigned char cUnit, // Slot Number. unsigned int *lr, // Length Atr. unsigned char *Atr // Returned Atr. ); /* Gets CT status such as Card in/out */ int CTB_GetStatus ( int iTerminal, // Terminal Number. int *iStatus// Status. ); /* Powers off the ICC and ejects if available */ int CTB_EjectICC ( int iTerminal // Terminal Number. ); /* The heart of the CT-API */ int CTB_Data ( unsigned int ctn, // Terminal Number. unsigned char *dad,// Destination. unsigned char *sad,// Source. unsigned int lc, // Length of Command. unsigned char *cmd, // Command. unsigned int *lr,// Length of Response. unsigned char *rsp // Response. ); / Some defines */ #define MAX_RDRID_SIZE (int)20 // Max reader id size. #define MAX_RDRNAME_SIZE (int)50 // Max reader name size. #define MAX_RDRLIB_SIZE(int)50// Max reader libname size. #define MAX_ATR_SIZE (int)50// Max ATR size. #define CTB_OK0 // Everything is OK. #define CTB_NOT_FOUND -201 // Reader Library not Found. #define CTB_FILE_ERROR -202 // Config File not Found. #define CTB_ERROR -203 // General Error. #define CTB_CARD_IN -210// Card Inserted. #define CTB_CARD_OUT -211 // Card Removed. #define CTB_CARD_NOPOWER -213// Card Not Powered. #ifdef __cplusplus } #endif #endif Enjoy, Dave -- ****** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look go
Re: MUSCLE Towitoko musclecard working!!!
I just did a full test. Everything works GREAT Upload, Download, create file, everything. Good Job. Thanks Dave On Fri, 25 Sep 1998, you wrote: Hello everybody, Finally I made David's musclecard-1.6 and xcard-1.0 work with my Towitoko Chipdrive reader/writer. It has been hard for me but it did worthwhile :). I'm gonna work in debug some errors and after that I will begin with a CT-API driver that fits in the resource manager. The source is on ftp://apolonio.atos-ods.es/pub/musclecard/towitoko-19980925.tgz Thanks, Carlos *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE CTAPI test program
No, not yet. Are you up for it ? It would be really nice to have something that tells what is wrong with a person's CT-API library. Thanks Dave On Sun, 27 Sep 1998, you wrote: Have someone already writed a program to test a ctapi library? I mean a `complete' test. With : 1) CTAPI implementation 2) CTBCS check 3) ISO7816-4 commands -- Ciao Walter. C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE [Gregor gap@quasi-niere.org]
From: Gregor [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: Mozilla 4.03 [de] (WinNT; I) MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Re: MUSCLE serial.h ctapi.h question References: Pine.LNX.3.95.980928134912.20836B-10@radius Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Carlos Prados wrote: Would it be against OSI model if we put the IO parameters in a config file? I think this is better from a practical point of view than having two diferent shared libraries for two identical (except the IO initialization parameters) readers. I would say that these paramters should go into the serial.h .c because, what do you do if anybody only wants the lib for any purpose (maybe any kind of stand-alone application) and not the whole resource manager. He gets into deep trouble. But thats only by opinion. bye Gregor -- *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE PC/SC Compliant Readers
Attached below is the IFD_Handler Interface for PC/SC compatibility on the software level. A reader which utilizes these functions correctly should be able to communicate with the Linux PC/SC Resource Manager. A couple of things might change though - as I'm trying to figure out how Microsoft does their array implementation. You will notice some BYTE arrays passed around but with no idea of possible size. I suppose in these cases you always use the MAXIMUM_SIZE. Arrays of strings are supposedly handled like this: "ReaderA\0ReaderB\0ReaderC\0ReaderD\0\0" where the size of the array is calculated by traversing through until you reach the double NULL. Consider the function RESOURCEQUERY::GetGroupReaders( (char *) Groups, (char *) Readers); This function gets all the readers in the Groups passed in. I suppose you would do the following: Loop through Groups until double NULL counting the number of readers and their respective sizes adding it all up. Allocate this memory using new or malloc to the pointer Readers. Add each reader to Readers delimiting it with the \0 and ending it with a \0\0. This is how I'm currently doing this. /* / / File : IFD_Handler.h / Author : David Corcoran / Date : November 7, 1998 / Purpose: This provides reader specific low-level calls. /See http://www.smartcardsys.com for more information. / License: See file LICENSE / **/ #ifndef _IFD_Handler_h_ #define _IFD_Handler_h_ /* List of Data Structures available to IFD_Handler */ struct DEVICE_CAPABILITIES { STR Vendor_Name; // Tag 0x0100 STR IFD_Type; // Tag 0x0101 DWORD IFD_Version;// Tag 0x0102 STR IFD_Serial; // Tag 0x0103 DWORD IFD_Channel_ID; // Tag 0x0110 // Something missing from the Specification ?? DWORD Asynch_Supported; // Tag 0x0120 DWORD Default_Clock; // Tag 0x0121 DWORD Max_Clock; // Tag 0x0122 DWORD Default_Data_Rate; // Tag 0x0123 DWORD Max_Data_Rate; // Tag 0x0124 DWORD Max_IFSD; // Tag 0x0125 DWORD Synch_Supported;// Tag 0x0126 DWORD Power_Mgmt; // Tag 0x0131 DWORD Card_Auth_Devices; // Tag 0x0140 DWORD User_Auth_Device; // Tag 0x0142 DWORD Mechanics_Supported;// Tag 0x0150 DWORD Vendor_Features;// Tag 0x0180 - 0x01F0 User Defined. } Device; struct ICC_STATE { BYTE ICC_Presence;// Tag 0x0300 BYTE ICC_Interface_Status;// Tag 0x0301 BYTE ATR[32]; // Tag 0x0303 BYTE ICC_Type;// Tag 0x0304 } ICC; struct PROTOCOL_OPTIONS { DWORD Protocol_Type; // Tag 0x0201 DWORD Current_Clock; // Tag 0x0202 DWORD Current_F; // Tag 0x0203 DWORD Current_D; // Tag 0x0204 DWORD Current_N; // Tag 0x0205 DWORD Current_W; // Tag 0x0206 DWORD Current_IFSC; // Tag 0x0207 DWORD Current_IFSD; // Tag 0x0208 DWORD Current_BWT; // Tag 0x0209 DWORD Current_CWT; // Tag 0x020A DWORD Current_EBC; // Tag 0x020B } Protocol; /* List of Defines available to IFD_Handler */ #define IFD_POWER_UP500 #define IFD_POWER_DOWN 501 #define IFD_RESET 502 #define IFD_SUCCESS 0 #define IFD_ERROR_TAG 600 #define IFD_ERROR_SET_FAILURE 601 #define IFD_ERROR_VALUE_READ_ONLY 602 #define IFD_NEGOTIATE_PTS11 603 #define IFD_NEGOTIATE_PTS22 604 #define IFD_ERROR_PTS_FAILURE 605 #define IFD_ERROR_NOT_SUPPORTED 606 #define IFD_PROTOCOL_NOT_SUPPORTED 607 #define IFD_ERROR_POWER_ACTION 608 #define IFD_ERROR_SWALLOW 609 #define IFD_ERROR_EJECT 610 #define IFD_ERROR_CONFISCATE611 #define IFD_COMMUNICATION_ERROR 612 #define IFD_RESPONSE_TIMEOUT613 #define IFD_NOT_SUPPORTED 614 /* Extension of the Specification */ #define IFD_ICC_PRESENT 614 #define IFD_ICC_NOT_PRESENT 615 /* List of Defined Functions Available to IFD_Handler */ RESPONSECODE IFD_Get_Capabilities ( DWORD Tag, BYTE Value[] ); RESPONSECODE IFD_Set_Capabilities ( DWORD Tag, BYTE Value[] ); RESPONSECODE IFD_Set_Protocol_Parameters ( DWORD ProtocolType, BYTE SelectionFlags,
MUSCLE Re: PC/SC Compliant Readers
I'm sorry - I meant to say part 4 of the PC/SC documentation refers to hardware commands for making a base PC/SC compliant reader. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Suggestion: Use Linux, it is for IQ's higher than 95. Quote: If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE smartcard development under Linux
The MUSCLE PC/SC should be ready in about 2 weeks for Application development. I will be writing a quick ICCSP for a generic ISO-7816-4 card with no crypto services available. This will compile directly on the Resource Manager until the RPC stuff is finished which I'm guessing will be done by Christmas. In the meantime you could write your application on top of the current stuff that is available by talking through the function SCARDCOMM::Transmit() which allows you to send bare APDU's directly to the card. Since your application does not rely on a specific card this would be fine and the PC/SC Resource Manager would take care of reader dependencies. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
No Subject
Hello, Here is a rundown of the future of PC/SC: I will also be working on Xcard during this time. OK, PC/SC 3 will support the following: ( weeks 1 - 2) - Multiple Reader Support ( SLB, Towitoko, Litronic ) - Simultaneous Reader Support ( 2 or more ) - Shared/Exclusive Access Modes - Dynamic Application - ICCSP binding - Completely hidden dynamic library binding behind virtual interfaces - Ability for ICCSP class extensions besides ( FileAccess, CryptProv, etc) - One Application Include ( #include SCard.h ) - Hopefully PAM login under Linux using CHV Verification and serial numbers. - Support for Solaris will require byte swapping in about 5 places but shouldn't take long - A Finished FileAccess Class ( Create File ) PC/SC 4 will contain: ( weeks 2-3 ) - An almost finished ICCSP for Cryptoflex and Multiflex - Possibly support for the Open 16K Cyberflex PC/SC 5 will contain: ( weeks 3-5 weeks ) - RPC between the client and the resource manager. - Card/Reader Introduction by config file on daemon startup. PC/SC Beta 1a will contain: ( Hopefully released by March 7 ) - Bug Fixes from PC/SC 5. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Card In/Out SCARDTRACK
I'm going to make a quick release this weekend that supports the card in/out insertion as Microsoft specifies. It requires no threading. The function GetStatusChange just blocks until this event occurs using a simple select statement and then the function returns. I'm currently checking card status every 1/4 second and blocking until change occurs. It is fairly simple for now but will have to be changed in the future when multiple applications access the same resource manager. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory (765) 463-2455 http://www.cs.purdue.edu/homes/corcordt http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE PC/SC Release 4 Out
Hello Again, I released PC/SC release 4 on the web page. The main differences include: Support for Card In/Out Notification ( This works by calling a function SCARDTRACK.GetStatusChange. - This function will block until an event occurs ) Simple Create File for the ICCSP for Cryptoflex/Multiflex. Remember: You will have to add the correct ATR of the card you are planning on using in order for any of the applications to work. Once you become familiar with how everything is organized you can really write applications quickly. Next release will have some RPC implemented so you run the resource manager as a daemon and applications will connect to it as clients. Also, next month's Linux Journal will contain the article "Smartcards and Biometrics - Your Key to PKI" for those of you whom are interested. It will discuss the issues in deploying a corporate public key infrastructure/etc. Feel free to ask questions about anything. Thanks Dave ***** David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory (765) 463-2455 http://www.cs.purdue.edu/homes/corcordt http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Re: Part 3 Requirements for PC-Connected Interface Devices
n since I will be writing an IFD_Handler for the BioMouse fingerprint scanner. The Biometrics portion will have to be implemented as a separate library at this point. Any ideas Dave I hope it's okay to ask these questions on this list because I think they are interesting to everyone :) Hopefully this was everything... maybe I have some other questions later... thanks for your time, gerhard *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Card In/Out SCARDTRACK
I merely call the IFD_GetCapabilities function in the IFD_Handler to get the card status from SCARDTRACK. I'm currently using the Tag ICC_STATE. If you want to block at the driver level you might use the tag ICC_STATE_BLOCK or something. You would do this in the IFD_Handler's GetCapabilities function. That is the best I can come up with since there is really no function listed to do this. When your block finishes, the higher level block will see the change and return. There is probably a better way of doing this for readers that support interrupts. Thanks Dave On Mon, 18 Jan 1999, you wrote: The function GetStatusChange just blocks until this event occurs using a simple select statement and then the function returns. I'm currently checking card status every 1/4 second and blocking until change occurs. Is it possible to add an option to forward this "blocking call" to the smartcard readers' driver? I'm about to write a driver for the Intertex readers, and they can signal a status change by sending two characters over the serial line. I'm too new to this to tell the best implementation, but I guess a new (?) CT-API command will do. (CT_Data() probably needs to be reentrant then.) GetStatusChange() calls it: If supported, it waits for the reader and returns at status change. If "unknown command" is returned, there is no support from the reader, and you have to loop instead. Or a new CT_GetStatusChange() maybe? But this breaks backward compa- tibility with all of the current drivers. Thanks Morten Norman --- Looking for the best modem in the world? [EMAIL PROTECTED] Judge for yourself, but don't miss our candidates. http://www.intertex.se --- *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ****** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Bug Fixes in 5
Hello, Release 5a is posted due to a buffer overflow on library paths exceeding the maximum limit. Library paths may now be up to any size. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory (765) 463-2455 http://www.cs.purdue.edu/homes/corcordt http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE FAQ
Hello, My ISP is working on an archive today for the Mailing List so there should be a searchable FAQ soon. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE BIG Progress
Hello, Just wanted to keep everyone up to date. I have had HUGE progress in the last 2 weeks ! I will attach some sample configuration files for PC/SC Unix etc. I am attaching a simple C program to begin communication with the reader and establish card communication. Here is a list of the current 'new' features: .. PC/SC Resource Manager runs as it's own process now under an account which does NOT have to be root but must have some hardware priveledges. Using Mico CORBA compiled with SSL the client (Application) connects to the Resource Manager using a secure encrypted channel. I created a simple lexical configuration file reader. Upon execution of the PC/SC server - the config files specified at the command line are opened and reader/card information is read from them and stored in it's database. The application has really NO CLUE that it is talking to CORBA. It has to initialize two variables CORBA::orb and CORBA::boa at the beginning of it's main. Otherwise it creates objects of type ResourceDB and ResourceQuery, etc like it would normally. Those 'local' classes just forward requests to the CORBA PC/SC server. The server may run in local or wide area mode. Basically it can accept either connections from the localhost or from other sources. Support for new readers/cards will be done using RedHat Package Manager (RPM). Simply rpm -i GDStarCOS.rpm would be all one would need to do to install new card or reader support. The application does not have to know what card it is talking to for using basic functionality ( Select, Create, DIR, etc ) This is all done dynamically. The application does not have to know what it is talking to unless it supports extended functionality in which it can create generic classes for. I have tested it with up to 4 applications running simultaneously. The server is not yet threading but it seems to time share well with multiple applications. I will probably work on threading the server this summer. I'm planning on a release in the next 2 weeks. Unfortunately, I'm taking a Compilers course now and it is taking up quite a bit of my time so I have been working extra hard to make Beta Release date of March 6 since my studies will become more intense as the semester progresses. After the Beta release I will probably focus my time on the Formatting Utility for PC/SC Unix and some card/reader support. Please email me if you have any questions or if you would like a chart/flow-diagram on how everything ties together. ( I will probably spend an ample amount of time with documenting this in March ) The following is a sample program which connects to the reader and attaches the card in that reader: /* Test PC/SC utilization program - David Corcoran */ #include SCard.h /* PC/SC Header File */ #include stdio.h CORBA::ORB_var orb; /* This is all it has to know about CORBA */ CORBA::BOA_var boa; int main(int argc, char **argv) { SCARDTRACK *strack; RESOURCEMANAGER *rmgr; SCARD *scard = 0; /* Initializes the CORBA runtime services, connects to server */ rmgr = new RESOURCEMANAGER(); rmgr-EstablishContext( argc, argv ); /* Create the objects like you normally would */ scard = new SCARD( rmgr ); strack = new SCARDTRACK( rmgr ); scard-AttachByIFD("Towitoko ChipDrive", 0x00); scard-Detach(); return 0; } Here is an example reader configuration file and card configuration file. # PC/SC Reader Config File # Schlumberger Reflex 62/64 FRIENDLYNAME"Schlumberger Reflex 62" DEVICENAME SLB_RF_60 LIBPATH /root/source/pcsc/src/resmgr/modules/slb_rf60/slb_rf60.so CHANNELID 0x0103F8 # Towitoko ChipDrive FRIENDLYNAME"Towitoko ChipDrive" DEVICENAME TOW_CD_EX LIBPATH /root/source/pcsc/src/resmgr/modules/tow_chpdv/.libs/libctapi-towitoko.so CHANNELID 0x0102F8 # PC/SC Card Config File # Schlumberger Cryptoflex 4K Mask 06 FRIENDLYNAME"Schlumberger Cryptoflex 4K M2" DEVICENAME SLB_CRYPTO_4K-M2 ATRVALUE3BE240204906 ATRMASK 06 LIBPATH /root/source/pcsc/src/iccsp/slb_crypto4k/libslb_crypto4k.so # Schlumberger Cyberflex 4K Mask 10 FRIENDLYNAME"Schlumberger Cyberflex PRE 4K" DEVICENAME SLB_CYBER_PRE_4K ATRVALUE3B3215004910 ATRMASK 10 LIBPATH /root/source/pcsc/src/iccsp/slb_cyber4k/libslb_cyber4k.so In PC/SC reader/cards are identified by the Friendly ID string. The user may create their own friendly ID which maps over to the original if wanted. Let me know if you have any questions... I'll keep you up to date on it's release date. I'm expecting in the next couple of weeks. Thanks Dave ***** David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Comp
MUSCLE Towitoko Charger
I put a program under documents on the site to charge up the Towitoko readers by asserting RTS and DTR. The program is under the documents section of the site. ( I need to re-section it a bit ). Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Version 0.0.9 Out
Hello, This is probably a bit premature but I release a pre 0.0.9 on the web site that contains the following: Single run daemon. CORBA IPC communication, can be compiled with SSL Automatic card/reader database insertions Improved config files/etc. Crypto library support will be coming soon using SSLeay. The remaining versions will look very similar to this one except with bug fixes etc. This version requires mico-2.2.4 for IPC communications. you must compile Mico with ./configure --disable-mini-stl so it does not try to use the Mico STL. Future, stable, releases will also be available in RPM, and other binary packages. The README is fairly short since I was in a rush to release but feel free to send me an email and I'll try to help you out. I will be selectively adding more reader support over the next few weeks for those manufacturers that have given me technical reader documentation. Feel free to email me with questions. Thanks Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE pcsc version 0.0.9 feedback
Hello, Thanks for the update on the README. I'm pretty busy getting autoconf and libtool running for PC/SC to make install easy. Mico is an implementation of the CORBA specification. Feasibly, I should be able to plug in any CORBA implementation into my code and run the IDL's and it should work : ) since it is a so called standard. PCMCIA drivers can be implemented in any way. The reader drivers are not CORBA objects. The Resource Manager is and it dynamically loads IFD drivers written in C depending on the calling reader. Good news, the SCM SwapSmart PCMCIA reader should be supported within the next couple of weeks, including support for the BioMouse Plus smartcard reader and the Todos Argos Mini for PC/SC. Right now I'm working with autoconf/etc and with CORBA oneway functions to prevent an application from deadlocking the server on Card Insertion/Removal notifications. I suspect a new release by the end of next week. I'll keep you up to date. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Bouncer
Here is a bounced message from Eduardo DeCastro [EMAIL PROTECTED] Here is another take at the application issue: I totally agree with Morten that this is clearly a quesiton of a technology looking for a champion, and with Denis that the picture will change dramatically when broadband becomes comonplace. My take, though, is that security -specifically, corporate network access- will be the field where all this starts happening, at least in the US. There are a number of compelling reasons for this. Installed reader base is a biggie. Almost nobody has a reader attached to their computer, and Metcalf's teaches us that the value of any "network" is proportional to the square of the number of people affiliated to that network. The old no users - so no apps-so no users. Until that changes, even superior technology and great ideas (micropayments, digital cash, next-gen loyalty programs, web "portal" cards, etc.) have a heck on an uphill struggle. Counter-intuitive, yes, but look at stuff like QWERTY, magstripes, and good ol' windows. All of them inferior, all of them wildly popular. There is some good research on the topic (network externalities, path-dependent stochastic proceses, etc,). The upside, though, is that when it rains, it *pours* -look at the net or Linux. The deal, then, is to make a succesful app. you have to look for pools, or communities, of users that are willing to roll out the technology *as a group*, because the benefits the group obtains from the technology outweights the cost complexity of rolling it out. That is where corporate network access comes in. They provide exactly this type of "pool" of users who would obtain sufficient benefits from the technology to justify rolling it out, even in the absence of everybody else having card-enbled systems. The concept is pretty simple; issue everybody who needs access to your network a cryptographic smartcard that contains an x-509 cert. Then tie that on the back end to a directory-based (LDAP) authentication mechanism and, presto!, you have a heck of a valuable system. Friendly to the end user, vastly simplified network admin, no more forgotten passwords, no more dictionary cracks, and it enables you to do lots of other useful stuff (VPNs, digital document signing, whatnot). As an added plus, this makes the number of card-enabled systems out there grow. Eventually you'll get a critical mass of enabled machines out there that will allow other kinds of card-specific apps to become commonplace. The concept of card and directory-based network logons has been public knowledge for a while, and the commercialization push is being led by -sigh- Microsoft, who have made it a central feature of NT 5. Still, a number of other players (entrust, verisign, the card manufacturers, a slew of ISVs) are active in this area, and there is definitivelly a role for the Linux community to play here. After all, Msoft is not the only game in town (entrust in particular is really solid), and in any case there's plenty of people who want to access corporate networks using something other than a windows box. Some usefull apps can be written here. One really good idea would be a Linux app. that essentially mimics the NT 5 smartcard logon, so people could use their smartcard linux box to log in. That would definitively be a valuable thing to do with the cards. Same thing could be done for other challenge-response based authentications, VPN protocols, etc. Any one of those would be a good thing for both the linux community and the smartcard world (card reader manufacturers, ISVs, etc). All of this would definitively need to be based on a cryptographic card (Schlumberger's Cryptoflex and upcoming Cyberflex Access would be good choices). I am not aware of anybody working on it at this time. Take it easy, Eduardo. [EMAIL PROTECTED] -Original Message- From: Morten Norman [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Monday, March 01, 1999 11:36 AM Subject: MUSCLE applications? I'm just curious... Are there any people writing PC/SC smartcard *applications* for Linux yet? My experience from smartcard development, so far, is that some big actor(s) decides to use the technology. Then they launch "it all": application + reader + smartcard + infrastructure (card issuing, contracts etc.). PC/SC and multivendor projects are changing things, but rather slow. Thus I'm very curious to see how things are going to develop the "Linux way", where things more or less grows step-by-step, but fast (if they are accepted). Are there any potential killer applications for Linux in the pipeline? Will we mainly port or adopt things from other platforms, or make new applications targeted to be accepted by individuals or small groups? Morten *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment)
MUSCLE Bounced mail
Great! I think we are *really* on to something here - a truly useful Linux/smartcard app. At the moment, we are doing some work with smartcard authentication at UT, but for now it is restricted to NT 5 (build 1974). I sure would like to get my Linux box into that loop be 1 step ahead for the "stampede" Dennis talks about ;^). Is there anyone working on card-based PAMs at this time? Regards, Eduardo [EMAIL PROTECTED] -Original Message- From: Morten Norman [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, March 03, 1999 11:50 AM Subject: Re: MUSCLE applications? (was: Re: Bouncer) snip Single sign-on on Linux would be a valuable application. The market for this application is huge especially when the migration from NT to Linux becomes a stampede. Dennis Wier This gives some hope! There already is a demonstration PAM (Pluggable Authentication Modules) application in MUSCLE! I guess someone will extend it when it's "application time". My experience of PAM is almost nil, but as I understand, most Linuxes already uses it. It's just that it asks for a password in the default setup. Was it plug'n play they called it? :-) /Morten *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE applications?
Hello, I have a few killer PKI related apps in mind but have to finish PC/SC first. It is in it's final stages. Thanks Dave On Mon, 01 Mar 1999, Morten Norman wrote: I'm just curious... Are there any people writing PC/SC smartcard *applications* for Linux yet? My experience from smartcard development, so far, is that some big actor(s) decides to use the technology. Then they launch "it all": application + reader + smartcard + infrastructure (card issuing, contracts etc.). PC/SC and multivendor projects are changing things, but rather slow. Thus I'm very curious to see how things are going to develop the "Linux way", where things more or less grows step-by-step, but fast (if they are accepted). Are there any potential killer applications for Linux in the pipeline? Will we mainly port or adopt things from other platforms, or make new applications targeted to be accepted by individuals or small groups? Morten *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ****** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Bounced Mail SSH
Keith Henrickson [EMAIL PROTECTED] writes: I use SSH all the time to access a couple of secure systems that are accessable ONLY by SSH, and so I would find an SSH client that had been modified to fit on a smartcard to be very useful. As far as I understand it, the ssh client is *not* modified. Instead, the ISO7xxx filesystem on the card is mounted into the standard directory tree (say, under /var/smartcard), with a link from your ~home/.ssh/identity to /var/smartcard. ssh then accesses information on the smartcard transparently, with an independent PIN-entry "popup" on the controlling tty. This means your ssh key is not stored on the usual filesystem (and is not cached, either), but root can still steal it by reading from the smartcard or by patching the userspace daemon that asks for your passphrase. You can´t have the RSA calculation done on the smartcard, either (thus preventing yourkey from leaving the card) Regards, -- Jan Iven Rechenzentrum, Universitaet des Saarlandes Tel. ++49 +681 302-3623 Fax. ++49 +681 302-4462 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE PCSC 0.98
Hello, PC/SC version 0.98 is available on the site or through anonymous FTP at: 198.216.116.245 in pub/muscle/pcsc This version has the following 'new' features: Easy install using autoconf Todos Argos Reader drivers Intertex Modem/Smartcard reader drivers Updated readme's Working test applications - you will not have to hardcode the reader name anymore Bug Fixes Sample skeleton application for writing your own. Next Release List: Next release will be Beta which will fix the server deadlock problem when trying to probe card insertion/removals ( Right now you have to restart the server if you are doing this ) Support for Cyberflex ( Java ) cards Improved File Path class which will recognize any delimeter /\: etc. SCM PCMCIA Reader support and more . Requirements: gcc/g++ with newer STL mico2.2.4 with libmico2.2.4 in LD_LIBRARY_PATH and mico-c++ and mico-ld in PATH This is the last release to include the reader drivers with it. They will be separated from the source tree and distributed separately from now on. The site will undergo some reconstruction with a totally pcsc page which will have a current drivers list and the current source including rpms. Please feel free to ask questions. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Suggestions
Hello, Thanks for all the suggestions, I will work on them this next week. I will be distributing PC/SC in source ( tar.gz ) format all the time but I will probably be offering RPMS in future releases as an alternative ( way future releases ) I'm shooting for a release date of sometime next weekend which should support the Cyberflex Access 16K Java Card. I'm writing a plugin support for the ICCSP's so that files can be given long filenames for cards which support and a file streaming mechanism for allowing pluggable compression modules. Sorry about the make problem on the slb_crypto4k stuff. Next release will be distributing that separately from the 'actual' resource manager. Feel free to send more comments and suggestions. There is a CVS set up now for anyone that is interested. Again thanks for all the great suggestions. Thanks ! Dave -- ** David Corcoran Internet Security/Smartcards Work:School: 205 Industrial Blvd 2252 US Highway 52 West Apt C4 Sugar Land, TX 77478 West Lafayette, IN 47906 Quotes: If it's a hobby for us and a job for you, then why are you doing such a shoddy job (Microsoft) ? ~ Linus Torvalds If you can't make it work, at least make it look good. ~ Bill Gates ** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: Make missing libtool in MUSCLE PCSC 0.98
Hello Carlos and Everyone, There is only one library in pcsc that needs the mico-ld which is the /src/resmgr-local/libpcsc.so. All the others can use lib-tool. If you look at mico-ld it is merely a wrapper around g++. All it does is a shell script which calls g++ with a few comm line parms. My guess is that you could just add those comm line parms to the Makefile.in CXXFLAGS for that particular Makefile.in in /src/resmgr-local. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE RE: ISO From Gregor
Here is Gregor's bounced response: Taral wrote: Okay... I've searched like crazy, but I cannot find the full text of ISO 7816 anywhere... :( Anyone happen to know somewhere where that kind of thing is? Hi, take a look at http://www.fh-augsburg.de/~bossekr/iso7816_4.html Hope this will help a little bit bye gregor *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE RE: Smartcards and Browsers
BOUNCE Non-member submission from [Remo Tabanelli Martin Sigbjorn wrote: I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** You need PKCS#11 software for netscape and a CSP (cryptographic service provider) software (that can be mapped on top of the pkcs#11 layer or not) for IE CSP is the proprietary cryptoApi from MS The first problem that you probabli will encounter is that (because PKCS#11 exactly as the CSP) is merely an API the so called cryptoky (the software interface) will hide the lower layers of the sotware (such as the card reader driver, the smartcard driver ...and so on) you have to deal with some complexity in writing ONLY ONE PKCS#11 (or CSP) interface instead than multiple interfaces (one for each couple... combination of card and reader). You can probably find a card manufacturer (such as schlumberger) that can give you the entire "chain" (pkcs#11+pc/sc+rader+card) ... but there is a bad new (a good new for the manufacturer on the other side) .. and the bad new is that all the layers are a "monolitic bloc" making impossible for you to use the sofware for other devices (other cards and readers). The absence of real standards of interoperability (standard that you may use to read the card Y on the reader Z and the same card Y on the reader X using the same high level interface) is the biggest obstacle to the diffusion of "real world" applications using smartcards. This is also the reason why initiatives and effords like MUSCLE make a lot of sense. Remo Tabanelli *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New PC/SC
Hello, I put a pre-release of PC/SC release 0.99 on the web site under the software/middleware section. Special thanks to Carlos Prados for helping with the new autoconf ; ) I haven't done alot of testing with this release but you can use the Cyberflex Access 16K Service Provider with this release ( It supports most file capabilities ). This release has the following CHANGES: Changes to the original pcsc-0.98 package: - Every Makefile.in is generated from it's corresponding Makefile.am by running "reconf" script. Makefile.am stores a very-high level definition of the rules to perform while building files on every directory. - All options shown in configure --help are now active: by default make install will copy all necesary files to /usr/local/pcsc. You can chage this default behaviour with --prefix, --bindir, --libdir, etc. configure options. After installing the package you can delete the sources if you want. - All libraries are now built with libtool: * client-side: libpcsc.so * server-side: libpcsc-resmgr.so, libpcsc-comm.so, libpcsc-comm_impl.so CORBA client-side objects are stored in libpcsc-comm.so and server-side implemntations are stored in libpcsc-comm_impl.so. libpcsc.so includes CORBA client-side objects. This way applications still only have to dinamicaly link libpcsc.so. - Changed directory structure of all CORBA stuff: * public CORBA headers: include/pcsc-comm/*_CORBA.h * private CORBA implementation headers: src/pcsc-comm/*_CORBA_impl.h * client-side CORBA objects: src/pcsc-comm/*_CORBA.cpp * server-side CORBA implementations : src/pcsc-comm/*_CORBA_impl.cpp * idl files: idl/pcsc-comm Changed #include directives in all sources to search header files in include/ and include/pcsc-comm - Removed modules/* and iccsp/* directories. Users have to download the separate reader/card drivers and point to them using the reader.conf and card.conf - New FilePath class which is much more stable, allows delimeters of /, \, or :. - Cleaned up Service Provider code and began Service Provider Skeleton. - As always, fixed more bugs. Send mail if you have any questions. Thanks Dave ***** David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE TEST - ARCHIVE
TESTING FOR THE NEW ARCHIVE. * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Archive
Hello, I finally set up an archive for the mailing list. It started from about 4 days ago but is under the mailing list portion of the site. I'll try to search through my filters and get last years mails out soon also. I will make the archives searchable and in a more readable format this summer. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New C style API
); LONG SCardConnect( SCARDCONTEXT hContext, LPCSTR szReader, DWORD dwShareMode, DWORD dwPreferredProtocols, LPSCARDHANDLE phCard, LPDWORD pdwActiveProtocol ); LONG SCardReconnect( SCARDHANDLE hCard, DWORD dwShareMode, DWORD dwPreferredProtocols, DWORD dwInitialization, LPDWORD pdwActiveProtocol ); LONG SCardDisconnect( SCARDHANDLE hCard, DWORD dwDisposition ); LONG SCardBeginTransaction( SCARDHANDLE hCard ); LONG SCardEndTransaction( SCARDHANDLE hCard, DWORD dwDisposition ); LONG SCardCancelTransaction( SCARDHANDLE hCard ); LONG SCardState( SCARDHANDLE hCard, LPDWORD pdwState, LPDWORD pdwProtocol, LPBYTE pbAtr, LPDWORD pcbAtrLen ); LONG SCardStatus( SCARDHANDLE hCard, LPSTR szReaderName, LPDWORD pcchReaderLen, LPDWORD pdwState, LPDWORD pdwProtocol, LPBYTE pbAtr, LPDWORD pcbAtrLen ); LONG SCardTransmit( SCARDHANDLE hCard, LPCSCARD_IO_REQUEST pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, LPSCARD_IO_REQUEST pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength ); LONG SCardControl( SCARDHANDLE hCard, DWORD dwControlCode, LPCVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned ); LONG SCardGetAttrib( SCARDHANDLE hCard, DWORD dwAttrId, LPBYTE pbAttr, LPDWORD pcbAttrLen ); LONG SCardSetAttrib( SCARDHANDLE hCard, DWORD dwAttrId, LPCBYTE pbAttr, DWORD cbAttrLen ); * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE CT-API test utility ?
Hello, As of now - no real test application exists though it exists on my list of things to do. Basically you need to test the following: CT_Init() Does it open the specified port ? CT_Data() : Put a Card in - does the CTBCS command return the correct card status ? Remove the card - does it return the correct card status ? Power Up - Does the CTBCS command for power up work ? Reset the Card - Does it return a valid ATR. ( Here is where I have been laxed. I always return an ATR no matter how the Reset is called in the CTBCS. There are several options you can specify - some which don't send back the ATR. I ignore this ) Send 3 types of commands using CT_Data(): Case 1: only 5 bytes, no return Case 2: send 5 bytes plus more such as write Binary, Create, or Select. Case 3: send 5 bytes which returns more than the 2 status bytes ( Read Binary ) Power Down - send the CTBCS for Power Down of the reader/card. CT_close() - does it close the port ? These are the basics. If these work than my IFD_Handler wrapper for CT-API will work. The IFD_Handler will be changing a bit soon. Currently I keep track of the sharing there which is not good. I've implemented a Reader Factory which keeps track of sharing and will soon use Unix authentication to keep track of user priveledges such as if user corcoran verifies a CHV and then tries to use it at a later date that is OK. If user bob decides to use the reader shortly after user corcoran the reader will be reset to not allow bob to have access to those same CHV's. It will be an abstracted layer so porting to the Macintosh won't be such a pain. I hope to make a new release towards the end of this week with a C style API that is identical to Microsoft's. I'm including it in the next email. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE SSH - PC/SC
Hello, I have ssh2 working with PC/SC now. It generates keys and stores them on the cards and the agent reads them off the card also. I have tried 3 cards as of now: The Multiflex, Cryptoflex, and Cyberflex Access 16k and all seem to work successfully. I'll try to release it, the new C - API, and the new version of PC/SC this weekend along with the Multiflex ICCSP and a few new utilities. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New PC/SC
Hello, A new version of PC/SC is available with some new apps and a C api. SSH is also there under applications and a Multiflex SSP along with revised SSP's for Cryptoflex and Cyberflex Access. I will go into more depth later this weekend. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE KDE quick hack.
Hey, I've got a quick KDE hack that you can use to enable a common desktop on KDE. Basically it stores your kde profile and desktop preferences zipped on the smartcard. I'll release a new version of smart_tx tomorrow that will create the file if it is not there. Basically all you have to do is the following: gzip ~/.kderc tar -cvf ~/Desktop gzip ~/Desktop.tar ./smart_tx .kderc.gz /3f00/00dd ./smart_tx Desktop.tar.gz /3f00/00db This will transfer the files to your smartcard And add this to your startkde script under /opt/kde/bin #!/bin/sh # # DEFAULT KDE STARTUP SCRIPT ( KDE-1.1 ) # # initialize the configuration first. /homes/corcordt/sources/pcsc/test/smart_rx /3F00/00db /tmp/Desktop.tar.gz /homes/corcordt/sources/pcsc/test/smart_rx /3F00/00dd /tmp/.kderc.gz gunzip /tmp/Desktop.tar.gz gunzip /tmp/.kderc.gz mv -f /tmp/.kderc ~/ rm -rf ~/Desktop tar -xvf /tmp/Desktop.tar ~/ rm -f /tmp/Desktop.tar Make sure the Resource Manager is running and you have a rudimentary common desktop on any kde machine with this script. Of course you could make it alot better but this is quick : ) Sorry about the 3 posts to the list - majordomo was sick. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE GPKCS-11
Here is a mirror for GPKCS11 http://sunsite.doc.ic.ac.uk/gnu/MORE_GNU/alpha-releases/gnu/ though the developer said it does not have the latest release. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE BOUNCE sclinux@drizzle.com: Josef Hartmann egonle@gmx.de] (fwd)
Message-ID: [EMAIL PROTECTED] Date: Fri, 16 Apr 1999 23:57:54 +0200 From: Josef Hartmann [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: Mozilla 4.5 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: drive specifications?? Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hi, I am still not pretty much familiar with smartcards. Now I had a look at the towitoko chipdrive extern. But what do the protocols I²C,2-wire,3-wire,T=0,T=1 mean?? Which card frequenzy is useable? What about 8MHz cards? Thanks JH *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Need help w/reflex 60 smartcard
I put the source for mico2.2.4 on the website under the resource manager download. It seems that mico2.2.6 is having some installation problems. I'll see what needs to be done and put it under the FAQ. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE BOUNCE Alex alexmail@spider.pilosoft.com]
From: Mailbox for Alex [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: MUSCLE SIM cards outside Europe? In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII AFAIK, no cellular phone system other than GSM uses smartcards for SIM storage. There are however some GSM providers (bellsouth in southwest, and OmniPoint in northeast), but GSM coverage is still spotty. Neither CDMA nor TDMA uses smartcards, nor will CDMA v2 use them. -alex On Thu, 22 Apr 1999, Morten Norman wrote: Need an update here, since my last experience of AMPS/DAMPS etc. is *old*. In Europe, GSM is very common. Thus the GSM SIM is a *very* widespread T=0 smartcard... (SIM = Subscriber Identity Module. I get it from the cellular operator, and can use it in *any* GSM phone. It also stores my short numbers and SMS data.) But how common are SIM cards in other countries? Are there AMPS/DAMPS etc. cellulars using smartcards, or are they still "locked" to the subscriber? If the SIMs are common everywhere, it may be worth using them as "poor mans smartcards" since they are easy to get. They more or less have a 7816-4 filesystem for numbers etc, and PIN protection. Thanks Morten Norman *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE BOUNCE kincses zoli kincses@ludens.elte.hu] (fwd)
From: kincses zoli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Subject: Re: MUSCLE Bounced mail hi, accessable ONLY by SSH, and so I would find an SSH client that had ^^^ been modified to fit on a smartcard to be very useful. ^ i read it three times...because i know how hard it was to do it for DOS (one programmer student did it at ELTE Univ.), and there is a little bit more memory, than in today's smart cards... maybe i know it wrong!? zoli *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE BOUNCE Gregor A. Panstruga gregor@panstruga.de
From: "Gregor A. Panstruga" [EMAIL PROTECTED] X-Mailer: Mozilla 3.01 (X11; I; HP-UX B.10.10 9000/710) MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: gregor's ct-api-page Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit hi folx, to all who had problems getting to http://drb1.insel.de/~gap/ct-api/ it's online again. sorry gregor *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Litronic Argus 210 and Cyberflex Access
Hi, Your problem is probably in card.conf. The reader activated fine but it either couldn't match a card in card.conf or could not find the library for that card. Look at the ATR returned by pcscserver and match it with the ATR in card.conf. Make sure everything is working correctly there. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE BOUNCE Chris Neumann cneumann@mfr.de] (fwd)
From: Chris Neumann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ct-api example Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i hi i've played around with the ct-api from carlos prados, but i didn't manage to read or write (raw data) from/to a 2048 KBit memory card. has anyone a sample-code which does that? thanx chris *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
No Subject
Hi, I'm going to have to postpone the new release of PC/SC until next week. I need to put an interpretation layer in the SSP for file access priveledges when creating files. Some cards use different hex values to signify different access priveledges and since some of the new test programs with the new PC/SC require the creation of files I need to finish this. If you are currently at CardTech stop by booth 1242 and I can show the new version but I've only done the interpretation on the Cryptoflex SSP. I'll change the others this weekend. Basically I don't want people that have Cyberflex or other cards to create files that have outrageous acces conditions and find out that there are files they can't delete easily. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Mac Support
Hi, I was looking into writing a PC/SC to OCF interoperability layer so that applications could talk using a C PC/SC like API which would JNI over to the OCF framework. This would be a quick hack for Macintosh users and all applications developed for Linux or Windows could quickly be ported to Macintosh and vice-versa. Any thoughts Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Mac Support
Hi, Most 'smart' readers should work on the Macintosh that used the serial interface that I provided. Readers that rely on line states will have some issues but not too terrible. What I was looking to do was place a C PCSC API ( Doug Barlow's SCard API ) that sits on top of OCF so that C based applications written for Unix or windows could easily be ported to the Macintosh. There is really not too much to interface. OCF requires the user to identify the card that is in use but PC/SC tries to take care of that itself - this does not always work so you can also specify which card you want to use in PC/SC. PC/SC tries to use the ATR as an identifying factor though this is not always accurate since many cards allow you to change the ATR etc. Due to poor ISO standards, this leaves the card management up to the user which human factors should tell us that is wrong. PC/SC does give you the options to use either method of connection though. If any of you will be attending the Linux Expo this next week please let me know. The MUSCLE site will probably be distributing OCF code and information soon. I would like to focus the site on 'Open Source Smartcard Initiatives'. I will discuss some future plans to interoperate PC/SC and OCF so we can cover a wide array of platforms using either an OCF Java interface or a C based PC/SC like interface. I should hopefully be distributing code for a couple of 'new' smartcard readers also. Thanks Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE newbie here :-)
Hi, Wow, it has been a while since I have looked at the ct skeleton. You might check the IO_initialize function and see if it is setting the baud rate in the structure. I think it just returns whatever the structure is set to. Chances are, most likely, the baud rate actually is being set correctly. I will be releasing a new PC/SC this week. Sorry about the delay. I have been moving and have had to reload my Linux machine because I filled it up to quickly and don't have much HD space. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE new release
Hi, I put the new release out on the linuxnet site. It now includes the readerfactory which keeps a better maintenance of reader connections and will allow better handling of multiple connections. Also changes to all the card and reader drivers. I added drivers for the BioMouse Plus Fingerprint reader that work with PC/SC on the smartcard side and a whole lot more. I should have thorough documentation out by next week. Thanks alot, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE mismatch in transmit_to_icc
Hi, The new release .108 of the resource manager will require the new drivers: 1.5 drivers. ( I really need to seek some help in naming/numbering conventions ) The 1.5 drivers have the correct transmit_to_icc mapping and work with the ReaderFactory. I uploaded everything yesterday.. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE OpenCard bridge for Linux PC/SC
Hi, Actually that would be pretty easy. All that is required is a mapping using JNI to the IFD Handler interface. That is basically what was done under Windows. As long as the reader had an IFD Handler interface then it would fit into the infrastructure, so pcmcia would not be an issue. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE XCard
Hi, I will be releasing the first release of XCard for PC/SC tomorrow. I have currently tested it with the following: Readers: Towitoko ChipDrive Gemplus GCR-410 Schlumberger Reflex 62/72 Cards: Schlumberger Cryptoflex I will be doing more testing but will get an early release out tomorrow for people to play around with. Feasibly, all of the PC/SC supported readers should work and cards as well. Also, I will be releasing a version for Windows 95/98 later on in July. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE XCard Released
Hello, I released version 0.0.1 of XCard for PC/SC on the web site along with a new *actual* screenshot of a file transfer. This will require the download of PC/SC version 0.8.1 which includes a new function in the winscardapi.h that is used in XCard. PC/SC 0.8.1 is also released on the site. This is version 0.0.1 so I can't promise that it works really well. I will be working on it though over the next few weeks so please email suggestions/etc. XCard require qt 1.44 or higher libraries. New releases will have drag and drop support with KDE and capabilities for Java enabled cards. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Re: CTAPI Baud
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Gregor A. Panstruga" [EMAIL PROTECTED]] [EMAIL PROTECTED] wrote: Hello, I am trying to find in the CT-API protocol a way to change the baudrate between the PC and the smartcard reader. I need at least to be able to choose between two values for this baudrate (9600 and an other higher baudrate). If you have any idea of protocol (part of CT-API or not), thanks for your help. Francois hi, version 0.9 of the ct-api is fixed to 9600 baud. version 1.0 allows all common baud-rates. you can find the specs at: http://www.tkt.gmd.de/SICA/ then click on standard/rfs then click on mct hope this will help *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE new pcsc-lite
Hi, I released a new pcsc-lite that fixes the getstatuschange, listreaders, and fills in the other functions. The documentation is fixed also. Please send all errors and concerns to me and I'll fix them ASAP. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 2252 US Highway 52 WestDepartment of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-2455 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE I2C Cards
Hi, I'm proposing an API with pcsc-lite that will support I2C memory cards. Unfortunately, Microsoft (M$) will not release the API definitions for PCSC 2 yet so we have to come up with something in the meantime. Can anyone please send me suggested API calls for pcsc-lite that you would like to see: For example you might need: SCardI2cWrite( DWORD dwType, DWORD dwStartAddr, DWORD dwLength, BYTE pbData ); SCardI2cRead( DWORD dwType, DWORD dwStartAddr, DWORD dwLength, BYTE* pbData ); SCardI2cPIN( DWORD dwType, DWORD dwLength, BYTE pbPin ); I will be releasing memory card support in the next version of pcsc-lite. Later versions of lite will then include RPC for multi application support. Thanks, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 1008 Cherry Lane Department of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-0096 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New PC/SC Soon
Hi, Sometime next week I will be releasing a new version of PC/SC Lite with a few more fixes and support for T=1 and automatic Protocol Negotiation. I wrote a small library for parsing ATR's so the Status function now returns the correct size of the ATR instead of MAX_ATR_SIZE. I also abstracted the SCard interface below to eventually have support for multiple card slots in the same terminal. The new pcsc-lite requires that the T=1 handling be supported in the reader's IFD_Handler itself. This is not hard and in the Transmit function you receive the structure SCARD_IO_HEADER with Protocol as one of it's members. This will determine whether or not to send T=0 or T=1. I have generic libraries that do some of the block processing that can fit into the IFD_Handler with little work. I thought setting up the blocks at a higher level such as in SCard and then sending the entire structure to the IFDHandler but many existing drivers prepend header information that the firmware recognizes (smart reader) to be T=0/T=1. For this and other reasons - I will leave the T=1 processing up to the driver itself. Although I'm adding alot of new features to pcsc-lite such as RPC, T=1, etc - the library size is still small ( usually under 20k ) Please send any suggestions if you have any. Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE PC/SC not concurrent??
Hi, The IEEE is correct. Currently PC/SC does not provide card abstraction that allows the use of Multi-application cards. It provides a generic interface that allows the manufacturer to implement their own proprietary class to do multi-applications on cards. Supposedly PC/SC 2.0 will fix this. PC/SC does allow multiple applications to access the same device simultaneously though. The above paragraph discusses multi-application cards and this one discusses multiple applications running on the machine accessing the card simultaneously. The PC/SC full version using CORBA allowed multiple applications to access the card/reader simultaneously. PC/SC lite does not currently but will soon ( within 1 month using RPC to lighten it up a bit - and if I get time I might also release one that uses shared memory to lighten it up even more ) I think the confusion is between multiple applications on the machine which does work and multiple applications on the card which doesn't work. Hope this clears it up. Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New Release
Hello, PCSC Lite 0.2.4 has been released. Here is a list of changes: T=1 support added for IFD_Handlers that support it ( 1 coming soon ) Automatic type selection by ATR processing. Basically the resource manager can tell what protocols the card supports and try to send a PTS to negotiate the requested protocol ATR size problem has been fixed. It is no longer MAX_ATR_SIZE. I have decoded it. Another abstraction layer to support readers with multiple card slots. What is coming in the next release pcsc-lite-0.3.0 ? This will probably be available early next month. It will include multiple application support using RPC and will support 2 and 3 wire memory cards I will probably be licensing the pcsc-lite under the LGPL so that application writers may choose to distribute source to their applications. Please let me know your feelings about this. Please let me know if you have any suggestions or problems. Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Gemplus GCR410 documentation
Hi Guido, I would suggest using the pcsc-lite interface on top of the Gemplus GCR-410 driver. It will abstract the reader dependencies and give you a well documented API for transmitting APDU's to the card. The pcsc-lite is quite small ( 20K ) and will allow you some freedom if you need it. The GCR-410 performs well with the pcsc-lite. Please let me know if you have any questions. Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Re:
Hi, The new version does not have to use sockets at all. It can be the following: Single driver, 1 application multi drivers ,1 application multi drivers, multi applications using RPC multi drivers, multi applications using Unix Domain Sockets (local) Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE PCMCIA smart card readers
Hi, The Intertex PCMCIA reader looks like a serial port to the machine so the Linux IX driver will work with BOTH the serial and pcmcia versions of the intertex reader. This is actually a great design because the drivers are much more easily portable across different operating systems. Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Multi terminals
Hi, I'm proposing a small modification to the IFD_Handler in that I will add a function called IFD_Set_Reader_Slot( DWORD ) which will allow you to set the particular slot on a multi slot terminal. Basically the reader.conf file will include a new field called READERLUN which will be a logical unit number. So you will create a new FRIENDLYNAME for each slot in the terminal and if there is an entry where READERLUN 0 such as 1 it will call IFD_Set_Reader_Slot() in the Connect() function. I will soon release documentation on the latest IFD_Handler API specification. Best Regards, Dave David Corcoran 1008 Cherry Lane West Lafayette, IN 47906 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Power Up Failed
Hi, Yes you are right. PC/SC looks for a valid ISO-7816-3/4 card inserted into the reader. You are trying to use an unsupported memory card at the moment. I can give you suggestions as to which cards to use if you want to send me a personal email. Best Regards, Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 1008 Cherry Lane Department of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-0096 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE T=1 Problem
Hi everyone. I was curious if anyone could look at the following and tell me what the problem is. I'm sending 3 consecutive T=1 commands. The first command always works but any after that do not. For example: IBM T=1 Card Command 1: Select File - 00 00 07 00 a4 00 00 02 00 07 - 00 00 10 63 0c 03 e8 00 07 00 00 00 ff ff 11 01 00 90 00 13 Command 2: Write Binary - 00 00 07 00 d6 00 00 02 00 00 - 00 92 00 92 No matter what the first command always work and the second comes back with 00 92 00 92. This could only be an error R block but why ? Is there something I need to do to close the first command ? Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096317-514-4797 If you can't make it work - at least make it look good. ~ Bill Gates, M$ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE New Software
This is correct. The resource manager is now included with pcsc-lite. I removed pcsc-full because it was very large and hard to maintain and I didn't write it in a modular fashion so it could be broken apart depending on what features were wanted. Lite compiles in about 10 seconds compared to 20 minutes on pcsc-full. Of course pcsc-lite will talk to the same drivers. The biggest difference now is that pcsc-lite is 99.9% compatible with the Microsoft API whereas the full version was no where near that. I will be adding card abstraction to pcsc-lite over my upcoming break in one week so there should be a few new releases before Y2K. Regards, Dave Hi, I see that the middleware software section only lists the pcsc-lite version 0.4.0, does that mean that the resource manager is now included in the pcsc-lite distribution? What and where is pcsc-full? Thanx David Corcoran wrote: Hello, I released some new software on the site. pcsc-lite-0.4.0 is released with stable RPC, support for multiple slots on the same terminal, allows connections to multiple simultaneous readers and resource managers. I fixed the SCardStatus function so all the functions are now compliant to the Microsoft API. I abstracted the ifd layer for easy porting to other platforms such as Macintosh. I also released a new driver for the Todos Argos Mini and a new driver for the Schlumberger Reflex 62. All new drivers will not include autoconf anymore. A new fully working release of the Litronic driver will be made soon in the next couple of days. I also released SKAM again - it is a script based GUI smartcard formatter for use with Qt (KDE). It works fully with the latest pcsc-lite. As always, please send questions/comments. I will be releasing smartcard plugins for the Macintosh later this month. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906 http://www.linuxnet.com 765-463-0096317-514-4797 If you can't make it work - at least make it look good. ~ Bill Gates, M$ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** -- ~~ Alwyn Schoeman Systems Engineer Prism Secure Solutions *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096317-514-4797 If you can't make it work - at least make it look good. ~ Bill Gates, M$ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE [Chris Zimman chris@supernova.underpass.com]
I've written I2C support into Carlos' driver. It seems to work fine, but there is still some stuff I'm trying to figure out. One is how the Win32 driver figures out the size of the I2C card and pagemode, etc. I was sniffing the serial port while Smartcard Explorer was running, it seems to be sending some commands that aren't listed in the doc. I've written to Towitoko regarding this, but as of yet, received no response. If anyone wants the updated code, let me know. --Chris On Tue, 14 Dec 1999, Michael Renzmann wrote: Hi. Is there anybody here successful using Linux driver with Towitoko ChipDrive Micro Reader? Yes, but I wrote them myself ;) I baught one of this SmartCard reader from Autostart Singapore. It came with an example memory card, [...] But when I try with Linux driver written by Carlos Prados, the CT-API version 1.6.3, it error when try to reset and get ATR response from card. Other functions like activate, deactivate, set LED (even though this reader has no LED), and card detect work fine. That is one problem I had in the beginning, too. The answer to your question is simple. Carlos driver does only support one of five different mainstream protocol types, T=0. T=0 is used for processor cards, like GSM-SIM-Cards for mobile telefones. T=0 is one of two asynchronous protocols, the other is called T=1. Apart from this protocol family there is those of the synchronous protocols, which are used for memory cards. It consists of three members: 2-wire, 3-wire and I2C. I would guess that you have tried to use the memory card that was delivered with the reader with Carlos routines. That would be the same failure I made some months ago. This won¥t work. You would need a driver that supports the protocol that the card speaks that you want to use. To determine which protocol a card speaks you can take the "smartcard explorer" from the Towitoko CD. For the i2c-protocol there is another library written by the "Towitoko Driver Project". For more information on that you should have a look at http://www.penguinteam.org/towitoko. Matthias Bruestle wrote a library that supports every Chipdrive family reader beside others and can handle synchronous protocols iirc. But I couldn¥t find the right URL. He is reading this list, maybe he tells you :) I wrote my own lib that implements only T=1. There has been one release only yet and it had a lot of bugs. I didn¥t had the time to finish work on the next version, especially on the documentation. Hope that helps a bit. cu, Mike *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ******* David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096317-514-4797 If you can't make it work - at least make it look good. ~ Bill Gates, M$ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Drivers
Hello, I updated the drivers portion of the web site. I cleaned up the following: Gemplus 410 driver for PC/SC Litronic Argus 210 for PC/SC - this was cleaned up by James Rose, the problems with long commands have been fixed. Todos Argos Mini for PC/SC Schlumberger Reflex 62 for PC/SC Towitoko ChipDriver for PC/SC I will be updating the others soon (next week). These have all been tested with pcsc-lite-0.4.0. I also noted some *new* drivers that will be available soon. I will be working heavily on pcsc-lite in the next 3 weeks (I have vacation) so please let me know what problems you have or what you would like to see in the next release. Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096317-514-4797 If you can't make it work - at least make it look good. ~ Bill Gates, M$ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Timeout
Hello, I added a function to the library called: SCardSetTimeout( SCARDCONTEXT hContext, DWORD dwTimeout ); This function sets the RPC timeout value. I noticed I needed a bit more time with the Siemens SieCrypt card - almost 40 seconds to read 30 bytes ! Calling this function before a transmit will keep RPC from timing out. It will be included in the next release. Also, does anyone know of a good way in RPC at the server to determine whether the client is still alive or not. I have a function called SCardCollectZombies on the server side that looks through all the open contexts periodically but I would like to Disconnect all readers that have a dead client. Let me know if you have any suggestions. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096317-514-4797 If you can't make it work - at least make it look good. ~ Bill Gates, M$ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE RPC State sort of solved
Hello, I'm going to make a new release of pcsc-lite this week. This one will do a better job of maintaining state when a client dies unexpectedly. The current problem with 0.4.0 is when a client calls SCardConnect() and then SIGINT's or dies unexpectedly the connection is still retained on the server. Since there is no clean way in RPC to determine whether or not a client is alive or not without opening a socket on the client and threading it (BAD) I have noticed a few things. When an RPC call comes in at the server it passes a svc_req structure which holds port information, file descriptors/etc. For each connection that comes in it gets a unique file descriptor associated with it. When a connection dies the operating system recycles the file descriptor. So ( this is a bit ugly ) I am looking to see one of 2 things: 1) If the current file descriptor matches one on the client connections stack then the connection on the stack must have died and resources can be cleaned up by calling SCardDisconnect() etc. This works when connections die in a serial manner. 2) Otherwise use the function fstat to determine whether a file descriptor is valid or not. This is helpful when 2 or more connections die at the same time or multiple connections die unexpectedly before another tries to establish. Please let me know if this sounds discusting to you. It seems to work and make the server much more robust and able to handle many more unforseen circumstances. This will be released with the built in Timeout function and the Makefile that will work for BSD later this week. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE SSP's for pcsc-lite
Hello, I have written a card abstraction layer that sits on top of pcsc-lite. It is a separate package so I can keep the whole project as modular as possible. It makes calls on the libpcsclite that comes with pcsc-lite. Right now I have abstracted the basic file operations (SSP) in C style functions. The following is the API used. Please submit API suggestions for Java type cards if you have any ideas such as SCardLoadApplet etc. I will have a SSP supporting the following functions by next week. I will pre-release this week with one that will open, read, and write to files. So a basic smartcard transaction includes the following: SCARDCONTEXT hContext; SCARDCHANNEL sChannel; SCardEstablishContext( SCARD_SCOPE_SYSTEM, 0, 0, hContext ); SCardAttachByIFD( hContext, "Reader Name", sChannel ); // Then do some card commands SCardChangeDir( sChannel, SC_TYPE_RELATIVE, "/3F00/00AB" ); SCardReleaseContext( hContext ); It is really easy. Basically the SCardAttachByIFD function will call connect and store the handle in the SCARDCHANNEL structure. It then calls SCardStatus to get the ATR and it's state and size. After that it looks for a matching card in the /etc/card.conf file and load the appropriate library for that card. It all happens in the background. This package will be called pcsc-lite-ssp-0.1.0 and will require pcsc-lite. The card abstraction library is under 10k and with the pcsclite library both are still under 20k and closer to 10k when stripped. Here is the API LONG SCardAttachByIFD( SCARDCONTEXT, LPSTR, PSCARDCHANNEL ); LONG SCardGetCurrentDir( PSCARDCHANNEL, LPSTR* ); LONG SCardChangeDir( PSCARDCHANNEL, DWORD, LPCSTR ); LONG SCardCreate( PSCARDCHANNEL, DWORD, LPCSTR, TLV_TABLE, DWORD, PUCHAR, DWORD ); LONG SCardInvalidate( PSCARDCHANNEL, LPCSTR, DWORD ); LONG SCardRehabilitate( PSCARDCHANNEL, LPCSTR, DWORD ); LONG SCardGetProperties( PSCARDCHANNEL, DWORD, LPCSTR, DWORD, LPTLV_TABLE* ); LONG SCardSetProperties( PSCARDCHANNEL, DWORD, LPCSTR, DWORD, LPTLV_TABLE ); LONG SCardOpen( PSCARDCHANNEL, DWORD, LPCSTR, SCARDFILE* ); LONG SCardClose( PSCARDCHANNEL, SCARDFILE ); LONG SCardRead( PSCARDCHANNEL, SCARDFILE, DWORD, PUCHAR, DWORD* ); LONG SCardWrite( PSCARDCHANNEL, SCARDFILE, DWORD, PUCHAR, DWORD ); LONG SCardSeek( PSCARDCHANNEL, SCARDFILE, DWORD, DWORD ); The SSP driver basically is all the function above except instead of SCard it is ISFA* so SCardOpen calls IFSAOpen through the dynamic library loading interface. This is all done for you when you call SCard****. Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE SSP Lite Released
Hello, I released a primitive SSP Lite under the Middleware section. I also released pcsc-lite-0.4.9. There were really no changes to pcsc-lite but I had to rearrange the objects in the Makefile so it would provide all the necessary functions to ssp-lite. So you will need to download the new pcsc-lite-0.4.9 to use ssp-lite-0.1.0. I also provided an example SSP for the Cyberflex Access card and a test program. The SSP is not finished. Basically I wrote the: SCardGetDirectory SCardChangeDirectory SCardOpen SCardClose SCardRead SCardWrite SCardSeek The example test program will open the file /3f00/ and then attempt to read 10 bytes and then seek 2 bytes and read again. So here is a pictoral describing what is happenning: SSP-Lite -- PCSC Lite -- IFD Driver or SSP-Lite --- PCSC Lite Client RPC PCSC Lite Server PCSC Lite -- IFD Driver if you are using RPC. If someone is interested in finishing the SSP for the Cyberflex Access let me know. We can work together to create an Applet Loader API. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Example PAM module
Hello, I put an example PAM module under the applications portion of the web site. It just checks to see if a card is in the reader but it is a skeleton for writing your own PAM authentication. It will work with any of the recent pcsc-lite distrobutions but you might have to add in the rpc/Makefile the flag -Bsymbolic to ld and then add -lc and -ldl to the ld line since it will be dynamically loaded. (pcsc-lite-0.5.0 will have this already done but I didn't want to make a new release for such a small fix) Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE JaPCSC Done
Hello, The Java wrappers to PC/SC Lite are now 100% finished and available under middleware on the web site. Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE OCF - PCSC
Hello, Just wanted to let you know that the layer between OCF and PCSC Lite is almost done. I have tested it with several readers. Basically this means if your reader is supported under PCSC Lite then it is now supported under OCF and will work with most multi-application cards. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE MS2000/Others
Hi, A couple of things: First I will be releasing a new version of pcsc-lite this week (maybe today) This will have the fixes needed to use the OCF-PC/SC library that I will release hopefully this weekend. (I'm working on IBM to Open Source it - we will see) This will then give you a Java API which abstracts all the multi-application stuff and crypto stuff so you will be able to jump right in and begin programming for multi-application cards. The PCSC Lite API will always remain the same ( I may add functions but the others won't change ) so you can still use all your old applications with new releases. This version will fix some protocol negotiation problems/etc. Also, I am curious if there is a smartcard reader manufacturer out there that has drivers for Windows 2000. I'm preferably looking for a drive-bay reader but I suppose any will do. The University here asked me to do a talk and demo for about 26 workstations to show Win2000 GINA to some incoming students. Hope everything is going well. Please let me know if you have any questions or suggestions. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New Driver
Hi, I released a driver for the American Biometrics CardDrive http://www.abio.com under the reader drivers section. The SCM and Schlumberger Reflex 72 drivers should be up by early next week. Also, the ASE driver should be up next week. I will be performing reader benchmarks on all of the 20+ readers. I will give the results on a per request basis. Also, if you would like your reader left out of the race please let me know. Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New PC/SC
Hi, I released a new version of pcsc-lite (0.5.5) It provides support for up to 256 card slots in the same reader terminal. This is done by listing them in the /etc/reader.conf with different FRIENDLYNAMES but with the same information. Each slot on the reader will then be given a logical unit number and the context between slots will be changed between each command. I have tested it with the ASE 2 slot smartcard reader. I also uploaded under drivers/testers part of the site a little C program that attempts to get the Plug and Play information from a reader. It is pretty simple but kind of interesting. I will probably create an installer sometime that will use this information to install reader drivers. Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE SSP for Cyberflex
Hello, I have not done any more work to the reference SSP for the Cyberflex Access so any cryptographic work done on it would be great. You might see what they guys from University of Michigan are doing - I know they were interested in Access SSP. Some of the crypto functions may require a significant increase in the WWT on the reader. If you let me know what reader you are using I can see if this will be a problem and fix it before it exists. Dave Hi all, I had a look at SSP-Lite, and found it a bit incomplete. As I'm really needing RSA-Authentication, and RSA-Signing services with SLB-Cyberflex, I'm completing it by myself. Is there any "work-in-progress"-version more recent than the one on the Linuxnet Web-Site ?? Tommaso Cucinotta [EMAIL PROTECTED] Dipartimento di Ingegneria Informatica Facolta' di Ingegneria Universita' di Pisa Italy *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: R: MUSCLE SSP for Cyberflex
Hello, I tried to answer the questions in between On Wed, 9 Feb 2000, kefren wrote: David wrote: Some of the crypto functions may require a significant increase in the WWT on the reader. If you let me know what reader you are using I can see if this will be a problem and fix it before it exists. Could you please explain me what "WWT" stands for, because I don't understand what the problem is. However, I'm using a Towitoko's CHIPDRIVE. WWT is working waiting time. This is the time it takes for the card to respond. On some crypto functions this might take along time causing a timeout. By adjusting the WWT you can avoid this. Just 'cause you could help me, I'm having troubles to let RSA work on the Card, and I'd be very happy if anyone could take a look at this URL: http://smartie.austin.apc.slb.com/forums/cybaccmisc/62.html#1 where I reported the problem. Furthermore, I need some elucidations about the transition from the old pcsc-src-0.8.9's C++ structure to the new pcsc's C structure. . Where has it ended the RESOURCEMANAGER class ? . Didn't you want to be compliant with PCSC/Winscard API ? . It provides separate classes for SCard, CryptKey, etc.., doesn't it ? (however, maybe I lost some important messages from you mailing-list, and misinterpreted the overall problem). The pcsc-lite uses C function calls. The reason for this is that most programs under Unix use C instead of C++ and this makes the calling conventions much easier. The Microsoft class definitions for the service providers are completely different than what is implemented under Windows. The IS_FileAccess is just a list of C functions that I defined which are very similar to those under Windows but use C instead. I would suggest using these and creating your own functions. Also, if you are looking to do crypto now you could use OCF which is in Java - I have written a layer that interfaces between OCF and pcsc-lite for Linux. You can use the crypto under OCF if you want. If you define the C functions let me know and I will document them. I don't suggest using pcsc-0.8.9 since I will no longer distribute it. It is way too bulky and non portable. A related me-uderstanding problem: what do they mean the prefixes IS_FileAccess, etc.. which I find on some (don't remember which one) card-driver ? BTW, the REAL problem, here, is: if I go on and write some code (I'm thinking to modify slb_cfaccess as a starting point), shoud I use . this-scard-hContext-Transmit(...) OR . SCardTransmit(hContext, ...) ? I would use the SCardTransmit. Download pcsc-lite from the web site and take a look at the API document under docs directory. It is pretty easy to use. Thank you very much, Tommaso. Tommaso Cucinotta [EMAIL PROTECTED] Dipartimento di Ingegneria dell'Informazione Facolta' di Ingegneria Universita' di Pisa Italy *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
No Subject
Hello, I have been out of town for about a week and haven't had a chance to respond to some of the emails. If you have a question that I have not yet answered please email me directly at: [EMAIL PROTECTED] Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE PCSC Test Suite
Hello, I will be releasing an application this next week that will allow you to use the 6 cards in the PC/SC test suite and issue the commands Microsoft uses in their tests to test if a reader works in compliance with PC/SC. It will send about 10-20 commands to each cards which include the following: Bull Schlumberger Ammi GnD IBM T=1 Seimens T=1 I agree with the list that the drivers should be of better quality and by releasing this ( It is already done I just have to clean it up ) this will also make them better. I will be releasing the driver for the ACS Cybermouse soon and it will be one of the first to pass all the tests. I will also make sure that any future drivers I will release will run these tests on and provide some way on the web site to notify the results of each driver. Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE OCF shim released
Hello, I released the OCF-PC/SC shim layer for Linux on: http://www.linuxnet.com/middleware This requires a new released pcsc-lite package 0.5.2 which is found at the same location. I'm releasing in library form which was compiled using gcc-2.9.1.66(egcs-1.1.2) until I can get a source arrangement from the OpenCard group. I have tested it with all the demo applications in OCF like GetCardID and others but will need your help in fixing any problems that might (will) exist. This will allow OpenCard(OCF) to talk to any of the PC/SC readers on the web site which include: Schlumberger, Gemplus, Towitoko, Intertex, Todos, ACS, Litronic, SCM, De La Rue, American Biometrics, and others. They work in the same way as do PC/SC readers work under Windows and OCF communicates to them in a similar fashion. pcsc-lite-0.5.2 has changes including: better protocol negotiation and support in the Makefile for other Unix platforms such as BSD. I know I'm missing something here but if you have any questions, ideas, or just want to chat please email me. Best Regards, Dave David Corcoran Purdue University 1008 Cherry LaneMUSCLE Smartcard Developers West Lafayette, IN 47906http://www.linuxnet.com 765-463-0096765-427-5147 cellular *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Projects..
Hello, I thought I also might mention the Secure File System based on smartcard authentication at http://www.securefilesystem.org as a related project. This project is being done by Storage Technologies and University of Minnesota. Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Towitoko ChipDrive Extern
The replied message is below. I need to change Axel's source mail address in majordomo From: Axel Heider [EMAIL PROTECTED] Organization: Towitoko AG X-Mailer: Mozilla 4.6 [de]C-CCK-MCD QXW0321e (Win98; I) X-Accept-Language: de,en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Re: MUSCLE Towitoko ChipDrive Extern References: [EMAIL PROTECTED] [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi Carlos, these flags are only for internal use in the CHIPDRIVE's controller but don't mean anything to the PC. I don't know what the 4th bit value means, but it would be good to know this from somebody at Towitoko. -- With best regards Axel Heider Towitoko AG Haidgraben 2 85521 Ottobrunn Tel: +49-89-66683-0 Fax: +49-89-66683-222 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Bull PC/SC Test Card
Hello, The following command came from IFD_TEST.EXE on Windows. Does anyone know what the following command does on the Bull PC/SC test card ? bc c4 00 bc a0 00 00 These are only 3 and 4 byte commands. Any clues On the IBM card test there are these commands a4 a4 00 a4 a4 00 00 b6 42 00 40 On the Schlumberger there is 00 d6 00 00 - Is this a special case of update binary ? Any clues what each of these command is supposed to do and how PC/SC is supposed to handle them since they are under 5 bytes ? Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE More new stuff
Hello, First of all thank you all for the help that you have given me over the past year - I really appreciate it. I placed a version of XCard for the Cyberflex Access card and PC/SC on the web site under applications and a link to the Schlumberger Cyberflex Linux kit that has everything. I uploaded a new version of the Intertex driver also both for serial and pcmcia. Note: I have been using a 3 digit revision number for quite a while but some of the drivers are still using the 2 digit. Basically I'm doing Final.Beta.Release now so the old Intertex release was 1.7 meaning Beta 1 release 7 but the new one is 0.2.0 which is Beta 2 - it looks smaller but I'm again going to the 3 digit release. Also, I'm working on a project now which will involve a secure PAM login using RSA public key cryptography so I will be releasing that in about a month. I hope you all have a great day. Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Bull PC/SC Test Card
Hi, After looking through the winscard portion of pcsc-lite I realized that I was just passing a suggested return size to the IFD_HANDLER. When the Transmit function returns in the IFD_HANDLER PC/SC actually returns back to the application whatever receive length that the IFD_HANDLER gets from the card. So, it if there are issues in 4 byte commands or Case 4 commands this is probably in the IFD_HANDLER for a particular driver. My guess is that if there are problems with Case 4 APDU's then it is probably that the IFD HANDLER is using the suggested receive size from pcsc instead of calculating it's own return length. So the way it should work is that the IFD Handler should be adding the extra 0x00 on Case 1 commands for T=0 and it should be handling the Case 4 commands. I won't have to make any changes to pcsc-lite since it just passes a suggested length to receive but then uses whatever is received from the IFD HANDLER. I'm going to work on a better IFD HANDLER skeleton and post it on the site next week that will take care of this. Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New PC/SC Ideas
Hello, I'm just finishing up a new version of pcsc-lite. This one works differently though. When you start the server it connects automatically to the readers and threads off a process to monitor card status. Status requests from the application ask this thread for status instead of the reader. Now you can run simultaneous GetStatusChange functions, transmits and everything else you want. I wrapped a mutex around all reader functions so you can share transmit/status requests. Also, I have fixed Begin/End transaction so they will block until another application quits. Since the libraries aren't loaded/unloaded as much the memory leaks are almost none. I should have a release out next week. I will probably end up using this one for good but I'm taking suggestions. Dave * David Corcoran Internet Security/Smartcards Home: Purdue University 1008 Cherry Lane Department of Computer Science West Lafayette, IN 47906 CERIAS/COAST Laboratory Home: (765) 463-0096 Cell: (317) 514-4797 http://www.linuxnet.com * *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE New PCSC Released
Hello, I released a developer release of pcsc-lite on linuxnet.com. The version is 0.6.0 and it (by default) will do startup allocation of a reader listed in /etc/reader.conf and will spawn off an insertion/removal thread. You can also do the runtime allocation method of pcsc-lite by getting rid of the -DPCSCLITE_STATIC_ALLOCATION=1 definition in the Makefiles. This will cause it to run the old way. 0.6.0 also has simple mutex locks around the readers so separate processes can call getstatuschanges on the readers. The next version of pcsc-lite will include a insertion/removal notification thread but it will be allocated at runtime and destroyed when not in use. Right now if you are using the runtime allocation both getstatuschanges will poll intermitedly. If you are using the startup allocation only one process polls the reader. I agree with most of you that it is annoying when PC/SC under Windows steals the serial port. For that reason I am allowing you to run pcscserver in either way. Eventually I will make this a config file option instead of a recompilation. Please send any bug fixes/etc to me. Best Regards, Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Problem with Parameters in CT-API Interface
Hello, I agree with this and am very sorry. When I first started doing this about 2 years ago I was just learning and I actually used a different CT-API spec to write the interface. If anyone has a correct CT-API skeleton that I can use - I'll put it on the web site so that anything new can be taken care of. Also, the SCR 110 driver won't quite work with the Reflex 72. There is a bit of confusion about model numbers here but I won't go into it. I am working on the 72 code though and will put it back on the web soon. Schlumberger asked me to remove it because there were some problems with a couple of cards. I didn't write the original driver but I just recently got the source code and will be looking at it. In the meantime I will send a copy of the old version of the driver if you have to have it now and if you email me but please do not ask Schlumberger to help you if you have any problems with it. Also, right now the pcsc resource manager can either load the readers on demand or at startup. On demand currently has an event thread which helps notify of card insertion and removal. Plus it is much quicker since the reader and card are powered up already and may only need to be reset. I may load the libraries on startup and then start an event thread on connection so that the events are only notified if there is a connection to the reader. This would help stop port hijacking and still allow event notification and automatic reset of cards when inserted. It would also help stop memory leaks from loading/unloading the library many times. Try the following: main() { while (1) { void *v = dlopen("/usr/lib/libm.so"); dlclose( v ); } Many libraries will leak like a sieve if opened and closed repeatedly so I'm trying to just open the libraries once. Please send me any problems/etc with pcsc-lite-0.6.0 to my address: [EMAIL PROTECTED] if you have any and I'll try to get it fixed. Best Regards, Dave Hi all I encountered a severe problem with the current CT-API interface used in MUSCLE. The skeleton defines the interface to be int CT_init(unsigned int Ctn, unsigned int pn) int CT_data(unsigned int ctn, unsigned char *dad, unsigned char *sad, unsigned int lc, unsigned char *cmd, unsigned int *lr, unsigned char *rsp) and int CT_close(unsigned int Ctn) whereas the original CT-API specification defines char CT_init(unsigned short Ctn, unsigned short pn) char CT_data(unsigned short ctn, unsigned char *dad, unsigned char *sad, unsigned short lc, unsigned char *cmd, unsigned short *lr, unsigned char *rsp) and char CT_close(unsigned int Ctn) Most of the type conversions are handled automatically by the compiler, but the problem comes up with the lr parameter in CT_data. Usually the compiler will warn about the size conflict if the program declares a variable unsigned short rlen; CT_data(.., rlen,...) but if it goes undetected it may have severe results, because it overwrites data objects on the stack located beside the rlen variable (As happend in my case and which cause a fairly long debugging session). I know that this is an ugly problem, but I would still recommend to change the interface declaration to archive cross platform compatibility and avoid hard to find errors as the one above. Any comments ? -- Andreas Schwier Tel. +49 171 8334920 CardContact Software System Consulting http://www.cardcontact.de *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***