On Sun, 10 Jan 2010 20:49:55 +0100, Crypto Stick wrote:
> Using reader with a card: Gemplus GemPC Twin 00 00
> [opensc-explorer] iso7816.c:99:iso7816_check_sw: Wrong parameter(s) P1-P2
> [opensc-explorer] iso7816.c:464:iso7816_select_file: returning with:
> Incorrect parameters in APDU
You need to
Hello,
To clarify my knowledge, I would like to contribute some user
documentation on the wiki. The subject of transferring an RSA key pair
to a smartcard seems interesting.
Here are some newbee questions before I go on:
* I would like to add a page with dummy certificates on the wiki. One
root
Hello Jean-Michel,
On 11.01.2010, at 15:52, Jean-Michel Pouré wrote:
> * I would like to add a page with dummy certificates on the wiki. One
> root CA, one secondary CAs and several certs. So that users only have to
> download them to test command lines. Would you favor that ?
For pure test purpose
On 11.01.2010, at 15:52, Jean-Michel Pouré wrote:
> For example, I tried:
> pkcs15-init -S foobar.pkcs12 -f PKCS12 --auth-id 01 --pin
> --insecure --passphrase "XX"
>
> but it failed with error messages.
>
> Importing 1 certificates:
> 0: /C=FR/L=Paris/O=Foobar organisation/CN=Foobar
Martin Paljak wrote:
> for generic educational purposes I would suggest making
> YetAnotherSelfSignedSnakeOilOpenSSLCAGenerationGuide which the
> user could just copy-paste.
I made one of those some time ago for BincIMAP and while the wiki it
lived at is now offline I have mirrored the archived we
On 11.01.2010, at 16:30, Peter Stuge wrote:
> Martin Paljak wrote:
>> for generic educational purposes I would suggest making
>> YetAnotherSelfSignedSnakeOilOpenSSLCAGenerationGuide which the
>> user could just copy-paste.
>
> I made one of those some time ago for BincIMAP and while the wiki it
Le lundi 11 janvier 2010 à 16:17 +0200, Martin Paljak a écrit :
> Definitely not. You might find glitches and shortcomings with
> pkcs11-tool but that would just benefit OpenSC as we could see the
> problems and fix them.
Sorry to insist, but from a user point of view, what is the difference
betwe
On 11.01.2010, at 17:28, Eric wrote:
> > Why don't you want to generate the keys on the card? Under normal
> > circumstances that's the thing smart cards are for.
>
> I've got limited experience with PKI policies, but what about key escrow? Or
> the poor man's version, creating a backup copy of
Martin Paljak wrote:
> > Of course, if your card is damaged, lost or stolen, your
> > certification should be revoked by the CA and reissued with a new
> > certification. But you still need the old key to decrypt old data
> > to re-encrypt with the new key, right?
>
> Correct.
If encryption code
On 11.01.2010, at 17:28, Jean-Michel Pouré wrote:
> Le lundi 11 janvier 2010 à 16:17 +0200, Martin Paljak a écrit :
>> Definitely not. You might find glitches and shortcomings with
>> pkcs11-tool but that would just benefit OpenSC as we could see the
>> problems and fix them.
>
> Sorry to insist,
Le lundi 11 janvier 2010 à 16:53 +0100, Peter Stuge a écrit :
> > > Of course, if your card is damaged, lost or stolen, your
> > > certification should be revoked by the CA and reissued with a new
> > > certification. But you still need the old key to decrypt old data
> > > to re-encrypt with the n
On Mon, 11 Jan 2010 22:17:09 +0800, Martin Paljak
wrote:
Is pkcs15-init fully working? Or is it a Feitian card issue or me not
fully understanding what is possible to do?
pkcs15-init is fully working. The failing assert comes from entersafe
(feitian) driver code.
Thank you for reporting th
Am Montag 11 Januar 2010 14:52:04 schrieb Jean-Michel Pouré:
> * I would like to add a page with dummy certificates on the wiki. One
> root CA, one secondary CAs and several certs. So that users only have to
> download them to test command lines. Would you favor that ?
src/test/regression contains
13 matches
Mail list logo
