Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-22 Thread Larner, Russell
eter Stuge Sent: Thursday, May 17, 2007 3:47 PM To: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] PIV patch for OpenSC and SCA Hey, Please explain the motivation for this caching scheme, and please outline how it works. On Thu, May 17, 2007 at 02:40:21PM -0500, Douglas E.

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-18 Thread Jean-Pierre Szikora
Larner, Russell a écrit : > > My company has been working with the PIV functionality in OpenSC and > SCA, and we needed to add a couple of features: > > - Individual PIV card serial number calculation (to enable correct > cert caching in SCA) > > This was fairly complex, due to issues in the PIV sp

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-18 Thread Martin Paljak
On 17.05.2007, at 18:04, Larner, Russell wrote: > SCA changes: ... > Note that these changes have only been tested on the Macintosh. > I’ve attached the patches: libopensc.patch is against OpenSC, and > OpenSC.Tokend.patch is against SCA. Looks reasonable. Do you have a a binary (ppc only is

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Martin Paljak
On 17.05.2007, at 23:12, Larner, Russell wrote: > None of my test cases included writing certificates to the card on the > Macintosh, however I could see there might be problems with the > certificate cache. If you're in the mood of hacking you could generate the tokend UUID by hashing the num

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Douglas E. Engert
OK, I have taken the RSA patch, and added most of the minor changes to what I had been working on: to use 2048, 1024 and 3072 bit keys, allow for creating the 9A, 9C and 9D keys and having the sc_pkcs15emu and framework determine the modulus_length from the cert if the objects indicate it is = 0.

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Larner, Russell
ight be the best option and would avoid adding the manufacturer-specific code. -Rusty -Original Message- From: Douglas E. Engert [mailto:[EMAIL PROTECTED] Sent: Thursday, May 17, 2007 3:40 PM To: Larner, Russell Cc: Thomas Harning Jr.; opensc-devel@lists.opensc-project.org Subject: Re: [opensc-d

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Peter Stuge
Hey, Please explain the motivation for this caching scheme, and please outline how it works. On Thu, May 17, 2007 at 02:40:21PM -0500, Douglas E. Engert wrote: > I really don't like adding card manufacture specific code to get > the serial number of the card to what should be generic PIV code.

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Douglas E. Engert
PROTECTED] > Sent: Thursday, May 17, 2007 2:02 PM > To: Larner, Russell > Cc: Thomas Harning Jr.; opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] PIV patch for OpenSC and SCA > > > > Larner, Russell wrote: >> I was wondering about that - we only have Obe

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Larner, Russell
t; -Original Message- > From: Thomas Harning Jr. [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 17, 2007 12:34 PM > To: Larner, Russell > Cc: opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] PIV patch for OpenSC and SCA > > On Thu, 2007-05-17

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Douglas E. Engert
ing Jr. [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 17, 2007 12:34 PM > To: Larner, Russell > Cc: opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] PIV patch for OpenSC and SCA > > On Thu, 2007-05-17 at 11:04 -0400, Larner, Russell wrote: >> This w

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Larner, Russell
Sent: Thursday, May 17, 2007 11:37 AM To: Larner, Russell Cc: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] PIV patch for OpenSC and SCA Larner, Russell wrote: > My company has been working with the PIV functionality in OpenSC and > SCA, and we needed to add a coupl

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Larner, Russell
c: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] PIV patch for OpenSC and SCA On Thu, 2007-05-17 at 11:04 -0400, Larner, Russell wrote: > This was fairly complex, due to issues in the PIV specifications. See > the new comments in piv_get_serial_nr for more details. It is need

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Thomas Harning Jr.
On Thu, 2007-05-17 at 11:04 -0400, Larner, Russell wrote: > This was fairly complex, due to issues in the PIV specifications. See > the new comments in piv_get_serial_nr for more details. It is needed > in SCA since the serial number is used to cache certificates. (I.E. > the Macintosh Keychain

Re: [opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Douglas E. Engert
Larner, Russell wrote: > My company has been working with the PIV functionality in OpenSC and > SCA, and we needed to add a couple of features: > > - Individual PIV card serial number calculation (to enable correct cert > caching in SCA) > > This was fairly complex, due to issues in the PIV

[opensc-devel] PIV patch for OpenSC and SCA

2007-05-17 Thread Larner, Russell
My company has been working with the PIV functionality in OpenSC and SCA, and we needed to add a couple of features: - Individual PIV card serial number calculation (to enable correct cert caching in SCA) This was fairly complex, due to issues in the PIV specifications. See the new comments in