On Tue, 2010-04-20 at 21:44 +0200, Ludovic Rousseau wrote:
> The PIN is blocked?
When several applications share access to the card, somehow the PIN is
blocked. I am not asked to enter PIN. It simply gets locked as if a loop
was blocking the card. Will give you more information soon.
--
Hi,
I've discovered that there is no support for certificate loading based
on label in engine_pkcs11.
Here's the patch against current trunk (r128) fixing it. Hope that
would be helpful.
--
With Respect,
Yuriy.
engine_pkcs11-cert-label.diff
Description: Binary data
Hello,
Now this is a really neat idea.
For actual implementation there are people even on this list that have done it
before and probably could help:
https://www.privacyfoundation.de/wiki/GPFCryptoStick
For what it's worth, I'd suggest to call it USB-HSM (as "normal" HSM-s would
usually be P
On Apr 21, 2010, at 09:54 , Peter Stuge wrote:
>> to emulate PKCS #11 directly is horrendous if the entire spec is to
>> be followed but could turn out to be a no-brainer if you only need
>> to enumerate keys, open, sign and close.
>
> I think more is needed, but the legwork is finished in SoftHSM
Martin Paljak wrote:
> I would still use an actual crypto IC for key operations,
If you need multiple MCUs the scheme will be costly. I think
there is plenty of "lebensraum" between passwords written down on
Post-It notes and EAL5++ certified eID cards.
Here is a candidate for the "wündercard"
Anders Rundgren wrote:
> There is no such thing as talking directly to USB if you want your
> stuff to run in an ordinary computer
Hm - what do you mean?
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-proj
Peter Stuge wrote:
> Anders Rundgren wrote:
>> There is no such thing as talking directly to USB if you want your
>> stuff to run in an ordinary computer
>
> Hm - what do you mean?
I took it for granted (maybe incorrect) that the operating
system, libusb, or whatever is running the show assumes t
Anders Rundgren wrote:
> >> There is no such thing as talking directly to USB if you want
> >> your stuff to run in an ordinary computer
> >
> > Hm - what do you mean?
>
> I took it for granted (maybe incorrect) that the operating
> system, libusb, or whatever is running the show assumes that
> a
Jean-Michel Pouré - GOOZE wrote:
When several applications share access to the card, somehow the PIN is
blocked.
I don't think that's what you mean. "PIN is blocked" is a precise term used
by smart card people, it means the card is no longer usable because it has
detected an attempted intrus
On Wed, 2010-04-21 at 07:48 -0400, Jim Rees wrote:
>
> I don't think that's what you mean. "PIN is blocked" is a precise
> term used
> by smart card people, it means the card is no longer usable because it
> has
> detected an attempted intrusion and shut itself down. I think what
> you mean
> is
Rolling your own USB device classes isn't completely
without issues as this bright young man describes it:
http://fourwalledcubicle.com/blog/archives/561
Anders
Peter Stuge wrote:
> Anders Rundgren wrote:
There is no such thing as talking directly to USB if you want
your stuff to run i
Jean-Michel Pouré - GOOZE wrote:
I had to unlock the card using PUK code. But you are right, some of my
applications cannot access the card.
Sorry I misunderstood. I guess I don't know what's going on without more
information.
___
opensc-devel mail
On Wed, 2010-04-21 at 09:22 -0400, Jim Rees wrote:
> Sorry I misunderstood. I guess I don't know what's going on without
> more
> information.
This is the third time this happens. Next time, I will open a bug and
provide full log. My applications are locked trying to access the card
and my card g
Anders Rundgren wrote:
> Is my assumption that the amount of PKCS #11 needed for doing
> TLS-client-cert auth or S/MIME is close to nothing?
>
> I also guess that the CryptAPI support needed for AD login
> with a certificate is very small, right?
It could be zero if you have the right card. Win
Douglas E. Engert wrote:
>>
>> I'm asking because Peter's idea to emulate PKCS #11 directly
>> is horrendous if the entire spec is to be followed but could
>> turn out to be a no-brainer if you only need to enumerate keys,
>> open, sign and close.
>
> That sounds too optimistic. You don't want yo
Dear friends,
Some of you may be interested by this HOWTO:
http://www.gooze.eu/smartcard-cutting-instructions
Can you confirm that the mesures are correct? I guess yes, but just in
case, I would like to be sure.
I am ordering a machine and need a mold. Therefore I would appreciate
your feedback.
Hi,
I would like to start a new OpenSC sub-project, forked from the current
trunk,
that should be an experimental branch for the implementation of
SecureMessaging, MultiApplication,
combined ACLs, etc.
At the beginning this sub-project should support the cards natively
compatibles with PKCS#15
I'm in need of a command line utility that can do https fetches given a url,
like wget, but use pkcs11 for the crypto ops, so I can store the client
cert/key on a smart card. Firefox will do this but it's overkill and I need
something scriptable. Any suggestions?
_
On 04/21/2010 10:01 PM, Jim Rees wrote:
> I'm in need of a command line utility that can do https fetches given a url,
> like wget, but use pkcs11 for the crypto ops, so I can store the client
> cert/key on a smart card. Firefox will do this but it's overkill and I need
> something scriptable. An
Am Mittwoch 21 April 2010 16:38:24 schrieb webmas...@opensc-project.org:
> Revision: 4264
> Author: jps
> Date: 2010-04-21 14:38:23 + (Wed, 21 Apr 2010)
wow, great! chears for jps!
does anyone know a source where I can buy a cardos 4.4 card? :)
also: once the startkey is changed from 0
Am Mittwoch 21 April 2010 21:01:51 schrieb Jim Rees:
> I'm in need of a command line utility that can do https fetches given a
> url, like wget, but use pkcs11 for the crypto ops, so I can store the
> client cert/key on a smart card. Firefox will do this but it's overkill
> and I need something
I think it is a great idea to implement these things!
forking a project is easy (every "cp -r ..." is a fork from my point of view),
but merging can be hard, depending on the tools you use.
thus my advice:
a) stay in opensc svn, but simply do
svn cp https:///svn/opensc/trunk \
Am Mittwoch 21 April 2010 08:34:29 schrieb Peter Stuge:
> Again, what part of the PC system would be authenticated by the token?
> Basically; what purpose does the authentication serve for the token?
for example I would like to put my openssh known_hosts on a smart phone,
so it is current with all
hmm. if we had only one engine doing both rsa and gost, the
problem would be gone, without this "hack" required in opensc?
my point of view:
if so: I think that is the solution! please drop the stuff
from opensc, and work in that direction.
engine_pkcs11.c is bsd3 / openssl license, and libp11
is
Hi Andreas,
Andreas Jellinghaus wrote:
> hmm. if we had only one engine doing both rsa and gost, the
> problem would be gone, without this "hack" required in opensc?
>
> my point of view:
> if so: I think that is the solution! please drop the stuff
> from opensc, and work in that direction.
>
> en
On 04/21/2010 02:25 PM, Jan Just Keijser wrote:
> Hi Andreas,
>
>
>> or send patches for libp11/engine_pkcs11 to handle gost.
>> (no idea how much work that would be - I'm quite clueless
>> over there. also gost engine might be much better than the
>> simple and hacky engine_pkcs11).
>>
>> but m
Robert Relyea wrote:
> On 04/21/2010 02:25 PM, Jan Just Keijser wrote:
>
>> Hi Andreas,
>>
>>
>>
>>> or send patches for libp11/engine_pkcs11 to handle gost.
>>> (no idea how much work that would be - I'm quite clueless
>>> over there. also gost engine might be much better than the
>>> s
Jean-Michel Pouré - GOOZE wrote:
> http://www.gooze.eu/smartcard-cutting-instructions
>
> Can you confirm that the mesures are correct? I guess yes, but just
> in case, I would like to be sure.
>
> I am ordering a machine and need a mold. Therefore I would
> appreciate your feedback.
>
> If you
On Apr 22, 2010, at 00:25 , Jan Just Keijser wrote:
> Hi Andreas,
>
> Andreas Jellinghaus wrote:
>> hmm. if we had only one engine doing both rsa and gost, the
>> problem would be gone, without this "hack" required in opensc?
>>
>> my point of view:
>> if so: I think that is the solution! please
Andreas Jellinghaus wrote:
> b) use git/hg/bazar with svn bridge to import current opensc repository
>and all future changes to it, and develop in git/hg/bazaar. you can
>publish your codebase on one of the popular hosts (github, launchpad,
>the mercurial hub whose name I don't remember
On Apr 21, 2010, at 22:01 , Jim Rees wrote:
> I'm in need of a command line utility that can do https fetches given a url,
> like wget, but use pkcs11 for the crypto ops, so I can store the client
> cert/key on a smart card. Firefox will do this but it's overkill and I need
> something scriptable.
Hello,
On Apr 21, 2010, at 20:25 , Viktor TARASOV wrote:
> I would like to start a new OpenSC sub-project, forked from the current
> trunk,
> that should be an experimental branch for the implementation of
> SecureMessaging, MultiApplication,
> combined ACLs, etc.
>
> At the beginning this sub-
Anders Rundgren wrote:
> Rolling your own USB device classes isn't completely
> without issues as this bright young man describes it:
>
> http://fourwalledcubicle.com/blog/archives/561
Right, when a USB interface becomes widely adopted it certainly
does make sense to have it standardized.
On the
On Apr 22, 2010, at 08:46 , Peter Stuge wrote:
> Andreas Jellinghaus wrote:
>> b) use git/hg/bazar with svn bridge to import current opensc repository
>> and all future changes to it, and develop in git/hg/bazaar. you can
>> publish your codebase on one of the popular hosts (github, launchpad,
Martin Paljak wrote:
> > I'm happy to help set up git hosting on opensc-project.org.
>
> The nature of git does not need a central git repository.
But releases do, so there's usually a single repo someplace that is
a little bit more official than everything else.
> If git would be to used, I'd
35 matches
Mail list logo
