Use PKCS#15 to perform the card management, it can be done using a simple
script as you outlined as it done once.
Then use PKCS#11 to use the keys and perform the encryption/decryption as
it is more standard API, and most likely you will be able to find a utility
that does exactly as you need, ref
nsplugins is not supported an more as far as I know.
On Sun, Nov 25, 2012 at 6:47 PM, Greg Troxel wrote:
> ner/plugins/opensc-signer.so
> lib/opensc-signer.la
>
> With 0.12.2, it fails because there is no trace of nsplugin/signer
> support. There's a Changelog entry from 2009 that indicates it
On Fri, Nov 23, 2012 at 4:21 PM, Ludovic Rousseau
wrote:
> 2012/11/23 Alon Bar-Lev :
>> You copied the repositories without tags. I fixed this for openct,
>> pkcs11-helper, but I guess you should check all repositories moved,
>> make sure we did not lose anything.
>
>
On Thu, Nov 22, 2012 at 11:49 AM, Alon Bar-Lev wrote:
> On Thu, Nov 22, 2012 at 11:42 AM, Ludovic Rousseau
> wrote:
>>
>> 2012/11/22 Alon Bar-Lev
>>>
>>> On Wed, Nov 21, 2012 at 4:52 PM, Ludovic Rousseau
>>> wrote:
>>> >
>>> >
On Thu, Nov 22, 2012 at 11:42 AM, Ludovic Rousseau
wrote:
>
> 2012/11/22 Alon Bar-Lev
>>
>> On Wed, Nov 21, 2012 at 4:52 PM, Ludovic Rousseau
>> wrote:
>> >
>> > Hello,
>> >
>> > 2012/11/17 Alon Bar-Lev :
>> > > On Sat, Nov
On Wed, Nov 21, 2012 at 4:52 PM, Ludovic Rousseau
wrote:
>
> Hello,
>
> 2012/11/17 Alon Bar-Lev :
> > On Sat, Nov 17, 2012 at 11:54 PM, Ludovic Rousseau
> >> I don't think I can give you admin access to only these 2 projects.
> >> I can add you as a member
On Sat, Nov 17, 2012 at 11:54 PM, Ludovic Rousseau
wrote:
> 2012/11/17 Alon Bar-Lev :
>> On Sat, Nov 17, 2012 at 9:26 PM, Ludovic Rousseau
>> wrote:
>>> 2012/11/17 Alon Bar-Lev :
>>>> On Sat, Nov 17, 2012 at 6:00 PM, Ludovic Rousseau
>>>> wrote:
On Sat, Nov 17, 2012 at 9:26 PM, Ludovic Rousseau
wrote:
> 2012/11/17 Alon Bar-Lev :
>> On Sat, Nov 17, 2012 at 6:00 PM, Ludovic Rousseau
>> wrote:
>>> 2012/11/16 Alon Bar-Lev
>>>>
>>>> On Wed, Nov 14, 2012 at 10:22 PM, Alon Bar-Lev
>>>
On Sat, Nov 17, 2012 at 6:00 PM, Ludovic Rousseau
wrote:
> 2012/11/16 Alon Bar-Lev
>>
>> On Wed, Nov 14, 2012 at 10:22 PM, Alon Bar-Lev
>> wrote:
>> > On Wed, Nov 14, 2012 at 10:20 PM, Ludovic Rousseau
>> > wrote:
>> >>
>> >>
>&
On Wed, Nov 14, 2012 at 10:22 PM, Alon Bar-Lev wrote:
> On Wed, Nov 14, 2012 at 10:20 PM, Ludovic Rousseau
> wrote:
>>
>>
>> 2012/11/14 Ludovic Rousseau
>>>
>>> I could not migrate:
>>> - pkcs11-help. Something fails in the authors names co
On Wed, Nov 14, 2012 at 10:20 PM, Ludovic Rousseau
wrote:
>
>
> 2012/11/14 Ludovic Rousseau
>>
>> I could not migrate:
>> - pkcs11-help. Something fails in the authors names conversion
>
>
> I forked the github repository of Alon. pkcs11-helper is now available under
> the OpenSC organization.
>
On Tue, Sep 18, 2012 at 11:33 AM, Jean-Michel Pouré - GOOZE
wrote:
>
> Dear all,
>
> > wouldn't it be better to move the remaining parts of the project to
> > github ?
>
> Sorry if I did not catch this message before.
> I volunteer to take part in this project with the community.
>
> Migrating the
On Tue, Jun 12, 2012 at 5:49 PM, Ludovic Rousseau
wrote:
> > What else do we need?
> > Wiki, mailing list, file-server, ...
>
> Bug tracker
github already has bug tracker and wiki... :)
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
Hello Andreas,
GitHub is a great place... Already there, just need to migrate the wiki.
The question is where Gerrit will be (if is used).
And if there is a need to migrate the bugs as well... which may be difficult.
Alon.
On Mon, Jun 11, 2012 at 10:31 PM, Andreas Jellinghaus
wrote:
> Hi everyo
On Wed, May 30, 2012 at 12:36 PM, Nguyễn Hồng Quân wrote:
>
> Hello Alon,
>
> On Wed 30 May 2012 04:27:11 PM ICT, Alon Bar-Lev wrote:
> > Hello,
> >
> > I think you have some confusion of what is PKCS#11 Admin PIN.
> > The PKCS#11 Admin PIN is only usable to in
Hello,
I think you have some confusion of what is PKCS#11 Admin PIN.
The PKCS#11 Admin PIN is only usable to initialize a token, and
optionally unlock the user PIN.
It has no special privileges over the content of the card.
So you are prompted by firefox for the user PIN, which is OK.
Anyway, wh
On Sun, May 27, 2012 at 8:26 PM, Peter Stuge wrote:
> Alon Bar-Lev wrote:
>> Peter, quality is not absolute term.
>
> In computing I actually think it is; a high quality program does
> exactly what it is supposed to do and never anything else.
>
> Computers are very s
On Sun, May 27, 2012 at 7:38 PM, Peter Stuge wrote:
> Ludovic Rousseau wrote:
>> 2012/5/27 Jean-Michel Pouré - GOOZE :
>> > Sufficient privileges in GIThub should be granted to a group of people.
>> > Trust is enough to agree on commits. FOAS means "Free" and "Open".
>>
>> FOAS = ?
>
> I guess FOS
On Tue, May 1, 2012 at 5:20 PM, Ludovic Rousseau
wrote:
> OpenCT was maintained by Andreas Jellinghaus. Andreas has now left the
> smart card world for other opportunities.
> Do not expect a new release of OpenCT anytime soon.
There is no problem to release what we have... only minor changes were
On Thu, Apr 12, 2012 at 11:12 AM, Ludovic Rousseau
wrote:
> Le 11 avril 2012 16:43, Ludovic Rousseau a écrit
> :
>> Le 11 avril 2012 16:37, Douglas E. Engert a écrit :
>>>
>>>
>>> On 4/11/2012 8:16 AM, Frank Morgner wrote:
Adjusting the loader to determine the architecture and recognizing
Well,
I lost it, there are changes committed, the interface of gerrit is
very difficult for proper review.
I hope these are working.
Alon.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/
On Sat, Mar 24, 2012 at 1:19 PM, Ludovic Rousseau
wrote:
> Le 24 mars 2012 12:05, "Magosányi, Árpád" a écrit :
>> I guess you might want to discuss the pros and cons of removing libltdl
>> dependency.
>> There is a heap of changesets about it in gerrit.
>
> I do not remember why libltdl was neede
On Thu, Mar 22, 2012 at 12:03 AM, Peter Stuge wrote:
> Alon Bar-Lev wrote:
>> I will try again.
>
> Thanks! It really helps!
I am glad!
Well, let's agree we do not agree... :)
At no point in time I argue that the gerrit is not a good tool, I
argue the methodology.
Anyway, j
On Sun, Mar 18, 2012 at 2:17 AM, Peter Stuge wrote:
>
> Alon Bar-Lev wrote:
> > I think you are trying to make opensc something it is not.
>
> I am not trying to do a single thing beyond pointing out that there
> is alot of complaints and wasted time over no *actual* prob
Hello Peter,
I wrote this before, but I think I need to write again...
I think you are trying to make opensc something it is not.
The bureaucracy and lack of flexibility will inhibit contributions and
healthy *SMALL* community.
That's true that it may eventually lead to more stable implementation,
What do you mean not able to compile it?
https://www.opensc-project.org/engine_pkcs11
On Sat, Mar 10, 2012 at 8:33 AM, Dan Peterson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I am not able to compile it
> - --
> dan
>
>
> -BEGIN PGP SIGNATURE-
> Version: PGP Desktop 10.
Hello,
On Thu, Feb 16, 2012 at 11:53 PM, Douglas E. Engert wrote:
> The way forward is not necessarily more commiters, but a plan
> for the next release and some action.
Well, once there was maintainer for each subject, so if maintainer of
(in this case) ePass2003 decides to put a specific imple
On Thu, Dec 15, 2011 at 9:43 AM, Martin Paljak wrote:
> On 15/12/11 01:43, Alon Bar-Lev wrote:
>> Oh... I was so excited I missed some important issue.
>> When submitting a patchset it should be tested for build as atomic unit.
>> Currently the system tries to compile each
On Thu, Dec 15, 2011 at 1:41 AM, Alon Bar-Lev wrote:
> On Wed, Dec 14, 2011 at 8:41 PM, Martin Paljak
> wrote:
>> On 12/14/11 5:13 , Alon Bar-Lev wrote:
>>> This is great
>>>
>>> I succeed in login to gerrit using google account.
>>> Ho
On Wed, Dec 14, 2011 at 8:41 PM, Martin Paljak wrote:
> On 12/14/11 5:13 , Alon Bar-Lev wrote:
>> This is great
>>
>> I succeed in login to gerrit using google account.
>> How do I login to jenkins?
> Actually there is no similar SSO readily available for Jenkins
On Wed, Dec 14, 2011 at 5:13 PM, Alon Bar-Lev wrote:
>> No, you can use these URLs:
>>
>> https://www.opensc-project.org/autobuild/
>> https://www.opensc-project.org/codereview/
>>
>> To access Jenkins and Gerrit respectively.
>
> This is great
>
On Wed, Dec 14, 2011 at 4:49 PM, Peter Stuge wrote:
>
> Douglas E. Engert wrote:
> > >> Is it possible to use:
> > >> https://jenkins.opensc-project.org/ instead of
> > >> https://www.opensc-project.org:/
> > >
> > > https://www.opensc-project.org/autobuild/
> > >
> > >
> > >> https://gerrit.o
On Sat, Dec 10, 2011 at 10:39 AM, Peter Stuge wrote:
> Ludovic Rousseau wrote:
>> > Can you set up standard ports so it passes firewalls?
>> > First choice: http / https
>>
>> Same question but to pass web proxies. git and ssh ports are not
>> even available in some places.
>
> Note that Gerrit su
Signed-off-by: Alon Bar-Lev
---
configure.ac | 18 --
src/common/Makefile.am |1 -
src/common/libpkcs11.c |6
src/common/libscdl.c | 57 +--
src/libopensc/Makefile.am |5 +--
src/libopensc
Signed-off-by: Alon Bar-Lev
---
configure.ac |8
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4e01231..d871657 100644
--- a/configure.ac
+++ b/configure.ac
@@ -268,6 +268,14 @@ AC_CHECK_LIB(
)
if test "${WIN32}" =
Signed-off-by: Alon Bar-Lev
---
src/common/libscdl.c |9 ++---
src/common/libscdl.h |3 +++
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/common/libscdl.c b/src/common/libscdl.c
index e4746ab..b66dbd5 100644
--- a/src/common/libscdl.c
+++ b/src/common/libscdl.c
Untested, I don't have the environment, Martin, please test.
Signed-off-by: Alon Bar-Lev
---
src/common/Makefile.mak |2 +-
src/pkcs11/Makefile.mak |2 +-
src/tools/Makefile.mak |2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/common/Makefile.mak
Signed-off-by: Alon Bar-Lev
---
src/common/Makefile.am |3 +--
src/libopensc/Makefile.am|1 +
src/libopensc/ctx.c |1 +
src/libopensc/internal.h |1 -
src/libopensc/pkcs15-syn.c |1 +
src/libopensc/pkcs15.c |1 +
src/libopensc/reader
ne
on Gentoo tree at least that uses ltdl.
I tested building on Linux, mingw64.
Untested MSVC, martin, you have the environment, right?
Signed-off-by: Alon Bar-Lev
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-projec
Can you set up standard ports so it passes firewalls?
First choice: http / https
Second choice: git/ssh
On Thu, Dec 8, 2011 at 9:32 PM, Martin Paljak wrote:
> Hello,
>
> Here is an overview of updates to opensc-project.org plumbing and Git.
>
> * Jenkins (build master) has been moved to opensc-pr
On Thu, Nov 10, 2011 at 5:12 PM, weizhong qiang wrote:
>
> On Nov 10, 2011, at 3:40 PM, Alon Bar-Lev wrote:
>
>> On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang
>> wrote:
>>> As I mentioned that I need to use EEC credential to generate a proxy
>>> creden
On Thu, Nov 10, 2011 at 4:06 PM, weizhong qiang wrote:
> As I mentioned that I need to use EEC credential to generate a proxy
> credential (process is the same as you use CA credential to generate a EEC
> credential).
> The the generation step, I need to use X509_sign (int X509_sign(X509 *x,
> EVP
On Thu, Nov 10, 2011 at 3:10 PM, weizhong qiang wrote:
> hi Alon,
> Sorry that I make you be confused.
>
> On Nov 10, 2011, at 1:20 PM, Alon Bar-Lev wrote:
>
>> On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang
>> wrote:
>>>> OpenSSL is fully compatible wit
On Thu, Nov 10, 2011 at 2:08 PM, weizhong qiang wrote:
>> OpenSSL is fully compatible with this approach, having RSA object that
>> can be used for crypto operation without actually having the private
>> key. This is done via the concept of "engine" which delegate the
>> crypto calls to the hardwa
On Wed, Nov 9, 2011 at 7:39 PM, Viktor Tarasov wrote:
> Hello,
>
> I would like to 'touch' the PKCS#11 module of OpenSC and looking for your
> opinions/suggestions about:
> - removing of 'pkcs15init' framework;
> - configurable support of the multi on-card applications and multi-pins;
> - removin
t 10:02 AM, weizhong qiang
wrote:
> hi Alon,
>
> On Nov 10, 2011, at 8:24 AM, Alon Bar-Lev wrote:
>
> Hello,
>
> You can't.
> pkcs11-helper targets developers who want to use smartcards without
> overhead of the actual card management.
> Well behaved smartcards shoul
Hello,
You can't.
pkcs11-helper targets developers who want to use smartcards without
overhead of the actual card management.
Well behaved smartcards should not allow export of private key.
Why do you need the private key anyway?
Alon.
On Thu, Nov 10, 2011 at 3:27 AM, weizhong qiang wrote:
> h
:
> Hello Gents,
>
> just enquiring for a feedback. did you find something out on this
> issue? Seems something was brocken in never OpenSC / OpenVPN...
>
> Rgds, PR
>
> On Mon, 3 Oct 2011 15:09:28 +0200, Alon Bar-Lev
> wrote:
>> Martin,
>> I need your help here..
ject Flags : [0x2], modifiable
> Authority : no
> Path : 3f0050154545
> ID : 45
> Encoded serial : 02 01 02
>
>
> C:\Program Files\OpenVPN\share\openvpn-win32\config>
>
>
> On Fri, 30 Sep 2011 18:45:31 +0300
ks twice for the
> PIN, for the second and following connection attempts (I aborded here
> not to loose start of log because of buffer limitations) it asks only
> once...
>
> On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev
> wrote:
>> This is strange.
>> The signature
:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset
> return rv=0-'CKR_OK', *p_slot=1
> Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Calling pin_prompt hook for
> 'OpenSC Card (xxx yyy)'
> Wed Sep 28 17:51:25 2011 us=796000 ERROR: could not not read OpenSC
> Card
2011 UDPv4 link remote: 217.253.136.195:1194
> Enter OpenSC Card (Patrick Reeb) token Password:
> Wed Sep 28 16:04:07 2011 PKCS#11: Cannot perform signature
> 6:'CKR_FUNCTION_FAILE
> D'
> Wed Sep 28 16:04:07 2011 TLS_ERROR: BIO read tls_read_plaintext error:
> error:
Use build-011
On Wed, Sep 28, 2011 at 1:39 PM, wrote:
>
> Hi All,
>
> any clue what is wrong?! :(
>
> Rgds
>
> On Sun, 25 Sep 2011 18:38:39 +0200, wrote:
> > Hello All,
> >
> > Currently I am having troubles to get the latest build (32bit) of
> > prebuild OpenVPN/OpenSC/OpenSSL to work alltogeth
2 on this server.
>
> Regards,
>
> On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev
> wrote:
>> Use build-011
>>
>> On Wed, Sep 28, 2011 at 1:39 PM, wrote:
>>>
>>> Hi All,
>>>
>>> any clue what is wrong?! :(
>>>
>>
Hello,
pkcs11-helper-1.09 is available.
Fixed issue introduced in 1.08 related to OpenSSL engine signature.
ChangeLog
2011-08-16 - Version 1.09
* Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target.
* Fixup OpenSSL engine's rsa_priv_enc to use RSA size output buffer.
__
Thanks for your report and testing!
2011/8/16 Jonatan Åkerlind :
> On fre, 2011-08-12 at 23:20 +0300, Alon Bar-Lev wrote:
>> Jonatan,
>> Can you please try the attached patch and see if it helps?
>> Thanks!
> ...
>>
>> seems to work fine, will continue test
So Stef,
How do you want to proceed?
On Thu, Aug 4, 2011 at 7:58 PM, Alon Bar-Lev wrote:
> 2011/8/4 Jean-Michel Pouré - GOOZE :
>> Le lundi 01 août 2011 à 14:11 +0200, Stef Walter a écrit :
>>> * Initializing modules via p11-kit so that refcounting, and
>>> pInitAr
There had been always unified API: PKCS#11.
Well, at Microsoft environment there was CryptoAPI Provider.
The good about the CryptoAPI is that it allowed enough flexibility so
that, for example, you could have created a generic CryptoAPI provider
on-top of PKCS#11.
In the MiniDriver, Microsoft adva
Jonatan,
Can you please try the attached patch and see if it helps?
Thanks!
On Thu, Aug 11, 2011 at 11:20 AM, Alon Bar-Lev wrote:
>
> Martin,
>
> The openssl engine is called with 0x24 buffer size and expect it to be
> encrypted by private key with same length.
>
> Prot
Martin,
The openssl engine is called with 0x24 buffer size and expect it to be
encrypted by private key with same length.
Prototype:
---
static
int
__pkcs11h_openssl_enc (
IN int flen,
IN const unsigned char *from,
OUT unsigned char *to,
IN OUT RSA *rsa,
IN
2011/8/4 Jean-Michel Pouré - GOOZE :
> Le lundi 01 août 2011 à 14:11 +0200, Stef Walter a écrit :
>> * Initializing modules via p11-kit so that refcounting, and
>> pInitArgs stuff works if more than one app/library in the
>> same process uses a PKCS#11 module.
>>
>> * Safe forking (pkcs11-h
Hello Stef,
I think that each project is targeting a different set of problems.
I am fully opened for discussion, but this is how I see things:
pkcs11-helper targets developers who like to introduce PKCS#11 into
their application, especially for smartcard. It allows to minimize the
user interact
Right.
But you forgot to free the memory.
I've applied similar solution at r201.
On Fri, Jun 17, 2011 at 2:55 PM, Jonathan Giannuzzi
wrote:
> Hello,
> When using libp11 to wrap around the AET SafeSign PKCS#11 library, C_GetInfo
> fails with CKR_MUTEX_BAD. This is because an empty CK_C_INITIALIZE_
OK.
I think we have all facts.
Thanks.
On Thu, Jun 16, 2011 at 1:14 PM, Martin Paljak wrote:
>
> Hello,
>
> On Wed, Jun 15, 2011 at 14:28, Alon Bar-Lev wrote:
> > On Wed, Jun 15, 2011 at 2:05 PM, Martin Paljak
> > wrote:
> >> Given that in practice,
On Wed, Jun 15, 2011 at 2:05 PM, Martin Paljak wrote:
> Given that in practice, CKA_ALWAYS_AUTHENTICATE is almost exclusively used
> with nonrepudiation signature keys and the fact that the usual creation of
> such keys through PKCS#11 is not a common operation, it sounds like a useful
> signal
On Wed, Jun 15, 2011 at 12:14 PM, Viktor Tarasov
wrote:
> Douglas proposed to associate the CKA_ALWAYS_AUTHENTICATE together with
> CKA_SIGN attributes on the PKCS#11 side,
> with the 'nonRepudiation' flags on the PKCS#15 side.
> Imho, it's legitimate solution -- 'ALWAYS_AUTHENTICATE' is quite c
On Tue, Jun 14, 2011 at 5:15 PM, Viktor Tarasov
wrote:
> So, if no objections,
> in the framework-pkcs15 I will set the 'nonRepudiation' PKCS#15 flag, if the
> key 'create-object' template contains the CKA_ALWAYS_AUTHENTICATE and CKA_SIGN
> attributes. Thus there is no more need of the vendor spe
On Mon, Jun 13, 2011 at 6:56 PM, Viktor Tarasov
wrote:
> It's going about defining the OpenSC vendor specific attribute.
> In complete accordance with the PKCS#11.
> Vendor defined CKA_ attribute fits the PKCS#11 specification.
I don't like adding vendor specific CKA_ attributes into opensc
On Sun, Jun 12, 2011 at 6:29 AM, Douglas E. Engert wrote:
> The application should not depend on the flags in PKCS#15, but only depend on
> the certificate or other signed objects that can be read from the card and
> the ability
> of the card to do the crypto.
Right.
Only authenticated fields (s
Yes.
Most [usable] providers support this.
Although there are different issues to solve in your case, such as
calling twice to C_Initialize, not calling C_Finalize if C_Initialize
returned with already initialized.
Also, some implementations will treat authentication state same for
all sessions,
On Thu, Jun 9, 2011 at 10:33 AM, Martin Paljak wrote:
>
> On Jun 8, 2011, at 21:12 , Alon Bar-Lev wrote:
>
>> On Wed, Jun 8, 2011 at 2:18 PM, Martin Paljak
>> wrote:
>>>> Trac sends emails about new tickets, can you convert that into RSS?
>>> RSS has *
On Wed, Jun 8, 2011 at 2:18 PM, Martin Paljak wrote:
>> Trac sends emails about new tickets, can you convert that into RSS?
> RSS has *always* been available from Trac timelines and other pages, most
> browsers these days display a RSS button that reveals this. Cutting off
> things from opensc-c
On Sat, May 28, 2011 at 11:47 PM, Viktor Tarasov
wrote:
> Le 28/05/2011 22:17, Alon Bar-Lev a écrit :
>>
>> This is only for MSC build, not for mingw.
>> But as this project is going to MSC release anyway...
>
> I'm looking to have this static module in MSI.
> D
This is only for MSC build, not for mingw.
But as this project is going to MSC release anyway...
On Sat, May 28, 2011 at 11:07 PM, Viktor Tarasov
wrote:
>
> Hello,
>
> I would like to link statically the PKCS#11 module for Windows,
> or at least to include the static version of this module into t
On Thu, May 19, 2011 at 1:22 PM, Martin Paljak wrote:
> Hello,
>
> On Mon, May 9, 2011 at 23:22, Alon Bar-Lev wrote:
>> This had been raised long ago.
>> Create a proxy PKCS#11 that uses another PKCS#11.
> p11-kit might be the right tool for this kind of things?
Hi,
This will break many of people's usages.
Until now it was assumed that if --module is not specified the opensc
provider is loaded.
And as pkcs11-tool is part of opensc, I know many who did not specify this.
I know that something was broken recently with finding the default
module, however, do you r
lot by slot
> description (or better the token by token description) is the safest way to
> locate the proper container where crypto material is held.
>
> Giulio.
>
>
>
> Il 10/05/2011 14.38, Alon Bar-Lev ha scritto:
>>
>> On Tue, May 10, 2011 at 1:18 PM, Giul
Use this[1] to build using cross compiler.
[1] https://www.opensc-project.org/build
On Tue, May 10, 2011 at 10:36 AM, Giuliano Bertoletti wrote:
>
> Hello,
>
> unfortunatelly I'm still fighting with the compiler to rebuild the
> engine_pkcs11 library (under Windows / Mingw or Visual C++).
> Once
On Tue, May 10, 2011 at 1:18 PM, Giuliano Bertoletti wrote:
> I pointed out the slot_id matter instead because it is just wrong to start
> from the assumption that the user knows it and it won't change between
> multiple executions.
Same for index.
Sorry, I still cannot see your point.
Had you ar
2011/5/9 Jean-Michel Pouré - GOOZE :
> Dear Alon,
>
> Could you comment the alternative, where OpenSC would behave as a
> client-server application pooling access requests from applications and
> locking the card in exclusive mode, i.e. work as a proxy.
>
> Kind regards,
Hi,
This had been raised l
This is a matter of interpretation.
Either is not constant and user is not suppose to know of.
Apart of the special case of having a single slot, so you expect 0 I presume.
You can check which slot is what simply by using:
pkcs11-tool --list-slots --module /usr/lib/pkcs11/
On Mon, May 9, 2011
On Sat, May 7, 2011 at 10:57 PM, Peter Stuge wrote:
> Alon Bar-Lev wrote:
>> However, there are some advanced cards that can generate
>> authentication token, so you can actually authenticate once using
>> PIN get authentication token out of the card (many can be available
&
1. Firefox behaves correctly, it opens long living session with crypto
token, in order to reduce the number of times user is prompted for
passphrase.
2. Firefox monitors slots, to be able to detect new certificate
availability so it can prompt the user for one if requested. It is
true that it can
r/2008-July/002561.html
http://www.opensc-project.org/mailman/private/opensc-internal/2008-June/000335.html
Discussion with Nils 5/2008, a prototype option, we agreed this is
fundemental problem of the project, but neither had resources to
actually solve it.
Regards,
Alon Bar-Lev.
)
with the PKCS#11 forwarding features built-in.
Just a though... but any implementation will do.
[1]
http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg01733.html
On Tue, Apr 26, 2011 at 3:44 PM, NdK wrote:
> Il 26/04/2011 11:28, Alon Bar-Lev ha scritto:
>
>>> Since
On Tue, Apr 26, 2011 at 1:23 PM, Peter Stuge wrote:
> Alon Bar-Lev wrote:
>> it would be better to emulate some standard interface, such as
>> serial over USB.
>
> Absolutely not.
I would not dismiss this entirely...
>> Serial over USB has the advantage to w
On Tue, Apr 26, 2011 at 11:45 AM, NdK wrote:
>> I was thinking microcontroller size, but if you're using a more
>> powerful USB device hardware that can run Linux then it could be
>> realized pretty quickly using softhsm.
> Since speed is quite critical, I was thinking to use something like G20
>
Applied.
Thanks.
On Mon, Apr 25, 2011 at 12:39 PM, jons...@terra.es wrote:
> Seems that "make maintainer-clean" forgets to delete
> "trunk/MacOSX/Makefile.in" file
>
> This patch does the work:
> --- ../trunk/MacOSX/Makefile.am 2011-04-21 11:33:09.0 +0200
> +++ mine/MacOSX/Makefile.am
Although I am in favor of improving openct, I agree with Martin in this case.
The most CCID compliant library we have is libccid, first work out the
problem with libccid.
It may be that openct's CCID implementation works for you as it much
simpler and use smaller set of features.
On Mon, Apr 25, 2
Should be same as opensc just openct.
On 4/22/11, Stef Walter wrote:
> Hi guys,
>
> Is there an openct git repository somewhere? I couldn't find it at the
> 'Subversion Repository' page [1] I'm fiddling with my Broadcom 5880
> smart card reader, and want to whip up a small patch.
>
> Cheers,
>
>
On Thu, Mar 31, 2011 at 1:34 PM, Martin Paljak wrote:
> > 2- In building process an strip error found:
> > -
> > i686-pc-mingw32-strip: unable to copy file
> > '/home/jantonio/work/dnie/opendnie/opensc-opendnie/trunk/win32/build/image/opensc/lib/engines/gosteay32.dll';
> > reason: Permis
To be able to built it using a cross compiler.
Submitted to upstream several times.
2011/3/8 Jean-Michel Pouré - GOOZE :
> Le vendredi 04 mars 2011 à 21:02 +, webmas...@opensc-project.org a
> écrit :
>> trunk/patches/openvpn-001-windows.patch
>
> Sorry to ask a silly question, but what is this
OK.
Released.
Please test, there was a change in the usage of openssl engine.
On Wed, Feb 23, 2011 at 1:45 PM, Jan Just Keijser wrote:
> Alon Bar-Lev wrote:
>>
>> Today?
>>
>>
>
> Wow - that is far quicker than I expected. Again, many thanks for such a
> quick
Today?
On Wed, Feb 23, 2011 at 1:32 PM, Jan Just Keijser wrote:
> Alon Bar-Lev wrote:
>>
>> OK.
>> Thanks.
>> I added similar solution.
>>
>>
>
> Excellent, thanks. Any idea when the next version of pkcs11-helper is
> released?
>
> cheers,
&g
OK.
Thanks.
I added similar solution.
On Wed, Feb 23, 2011 at 12:41 PM, Jan Just Keijser wrote:
>
> hi all,
>
> there's an OpenVPN bug report that is traced back to an issue with
> pkcs11h_logout; it seems that if you call this function before
> initializing the pkcs11 libs then it segfaults. I'v
2011/1/14 Douglas E. Engert :
> If the license issues can not be addressed, then maybe cardmod
> could be built as a separate package by the user.
On perfect world, it would have been possible to write cardmod that
uses PKCS#11 interface, to enable any PKCS#11 provider to be used by
CryptoAPI.
Th
At build script there is a comment:
# Disable until we solve license issue
# if [ -n "${BUILD_FOR_WINDOWS}" ]; then
# extra_opensc="${extra_opensc} --enable-cardmod"
# fi
I have modified cardmod.h to meet mingw, but was remove at revision
101 due to license issue.
2011/
On Tue, Oct 5, 2010 at 7:12 PM, Martin Paljak wrote:
> Personally I don't mind simplicity in build files. 99% of people run binaries
> or packages, 99% of people who don't run binary packages on Linux know what
> they are doing. Or won't mind downloading an extra few packages or not having
> th
Martin,
Waiting for your decision.
On Mon, Sep 27, 2010 at 1:34 PM, Alon Bar-Lev wrote:
> On Mon, Sep 27, 2010 at 1:07 PM, Martin Paljak wrote:
>>>>> But... the only dependency we require is xsltproc, so maybe we can
>>>>> rethink this... Provided you agr
On Mon, Sep 27, 2010 at 1:07 PM, Martin Paljak wrote:
But... the only dependency we require is xsltproc, so maybe we can
rethink this... Provided you agree that building the package with
--enable-doc or --enable-man requires xsltproc available on build
machine, we can remove al
1 - 100 of 644 matches
Mail list logo