= 6.
Best regards,
Andre Zepezauer
Index: libopensc/asn1.c
===
--- libopensc/asn1.c (revision 4390)
+++ libopensc/asn1.c (working copy)
@@ -1000,9 +1000,11 @@
case SC_ASN1_INTEGER:
case SC_ASN1_ENUMERATED:
if (parm != NULL)
+ {
CertificateSerialNumber there:
http://www.ietf.org/rfc/rfc5280.txt
Regards,
Andre Zepezauer
Index: libopensc/pkcs15-cert.c
===
--- libopensc/pkcs15-cert.c (revision 4403)
+++ libopensc/pkcs15-cert.c (working copy)
@@ -79,7 +79,7
Key Object; RSA 2048 bits
Usage: encrypt, verify, wrap
Best Regards,
Andre Zepezauer
On Thu, 2010-06-10 at 13:58 +0200, kerstin.ho...@uv.ruhr-uni-bochum.de
wrote:
> Hi,
>
> I am working on the SSO- and Signature-Framework at the Ruhr Universität. We
> recently tried to upgrad
Hello Douglas,
attached is a patch that is almost the same like yours. The only
difference is, that it still honours the max_virtual_slots property.
Consider it as untested too.
Regards,
Andre Zepezauer
On Mon, 2010-06-14 at 09:44 -0500, Douglas E. Engert wrote:
>
> On 6/12/2010 6
On Mon, 2010-06-14 at 13:09 -0500, Douglas E. Engert wrote:
>
> On 6/14/2010 12:46 PM, Andre Zepezauer wrote:
> > Hello Douglas,
> >
> > attached is a patch that is almost the same like yours. The only
> > difference is, that it still honours the max_virtual_slot
to pcscd. This could
also be the source for the differences between linux and windows.
Attached is a log file generated while executing some commands. For
unknown reason i can't reproduce the shown error. pcscd is 1.4.99 on
ubuntu 8.04.
Regards
Andre Zepezauer
# two pins for my token, thus tw
Dear all,
in the attached patch I have collected some pieces of code, which I
consider for obsolete sine r4113 (removal of split-key concept). This
patch is maintains only and as this may have a lower priority.
Kind Regards
Andre Zepezauer
Index: pkcs11/framework-pkcs15.c
Ludovic Rousseau wrote:
2010/6/24 Andre Zepezauer :
Dear all,
Hello,
in the attached patch I have collected some pieces of code, which I
consider for obsolete sine r4113 (removal of split-key concept). This
patch is maintains only and as this may have a lower priority.
Why
On Thu, 2010-06-24 at 14:47 +0300, Martin Paljak wrote:
> Hello,
>
> On Jun 24, 2010, at 12:47 , Andre Zepezauer wrote:
> > Ludovic Rousseau wrote:
> >> Why not just remove the lines if they are useless now?
> >>
> > Because it makes the process of rev
Dear Emanuele,
it would be nice, if you could provide some more information about the
card you are working on. What I'm interested in is: If there are keys on
the card which are usable for signing but not for decrypting or vice
versa (in context of pkcs11/15)? And if so, is the pkcs1 padding for
t
Dear Emanuele,
attached is the patch I had written about. It works if the following
three conditions a met:
1. If on the pkcs15 level a key is known as usable for signing and
decryption, it must be generated in a way that:
* the card can use it to perform PSO_DEC
* the card doesn'
Dear OpenSC developers,
in the interests of the users of OpenSC, it would be fair to apply the
following patch.
Kind Regards
Andre Zepezauer
Index: etc/opensc.conf.in
===
--- etc/opensc.conf.in (revision 4620)
+++ etc
On Sun, 2010-08-15 at 17:11 +0300, Martin Paljak wrote:
> On Aug 15, 2010, at 4:21 PM, Emanuele Pucciarelli wrote:
> > On Sun, Aug 15, 2010 at 13:45, Martin Paljak wrote:
> >> iso7816.c should not be taken as a final, static code, if there are checks
> >> missing from there, it is OK to improve i
On Mon, 2010-08-16 at 21:10 +0200, Emanuele Pucciarelli wrote:
> Hi Andre!
>
> Thanks for the remarks!
>
> > It works very well, right now. I have a modified cardos driver, which
> > uses both functions (signing and decipherment from iso7816.c) with keys
> > of 2048 bit. Seems to me, that there i
On Tue, 2010-08-17 at 02:08 +0200, Emanuele Pucciarelli wrote:
> On Tue, Aug 17, 2010 at 00:59, Andre Zepezauer > This particular card isn't important at all. But it shows, that the
> > select_file function doesn't work for an iso card. I had to write code,
> > to r
On Tue, 2010-08-17 at 16:02 +0200, Emanuele Pucciarelli wrote:
> On Tue, Aug 17, 2010 at 03:07, Andre Zepezauer
> wrote:
>
> > Cards which comply with chapter "9 Application-independent card
> > services" of 7816-4 must implement 1,2,4. The preferred values used
On Tue, 2010-08-17 at 10:08 +0300, Martin Paljak wrote:
> Helo,
>
> On Aug 17, 2010, at 1:59 AM, Andre Zepezauer wrote:
> > On Mon, 2010-08-16 at 21:10 +0200, Emanuele Pucciarelli wrote:
> >>> @martin: When you are interested in improving iso7816.c, then rewrite
> &g
Hello Martin,
according to your last post, here are my first suggestions for an
improvement:
1. Fix the SC_SEC_ENV_KEY_REF_ASYMMETRIC magic
See how this flag is used and where it is set!
2. Assign the value sc_security_env_t.algorithm_ref before calling
set_security_env. A lot of drivers co
Hello Martin,
On Fri, 2010-08-20 at 11:02 +0300, Martin Paljak wrote:
> Hello,
> On Aug 20, 2010, at 2:02 AM, Andre Zepezauer wrote:
> > 1. Fix the SC_SEC_ENV_KEY_REF_ASYMMETRIC magic
> > See how this flag is used and where it is set!
> I don't see it being set anywh
Hello,
attached is a patch which makes it possible to explicitly request
specific algorithms for the cryptographic operations. The advantage is,
that if the token provides sufficient information about itself, then the
driver is not required to do any guess work. Which in turn could result
in a mor
Hello Emanuele,
On Sat, 2010-08-21 at 01:27 +0200, Emanuele Pucciarelli wrote:
> On Tue, Aug 17, 2010 at 17:52, Andre Zepezauer
> wrote:
>
> [about improving SELECT FILE in iso7816.c]
>
> > It would be nice, if the driver could be configured in a way to support
> >
On Wed, 2010-08-25 at 10:55 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> > Question #1,
> >
> > Try pkcs11_inspect.
> > $ pkcs11_inspect
> > [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Instruction code not
> > supported or invalid
> > [open
On Thu, 2010-08-26 at 14:32 +0200, Andre Zepezauer wrote:
> On Wed, 2010-08-25 at 10:55 +0300, Martin Paljak wrote:
> > Hello,
> >
> > On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote:
> > > Question #1,
> > >
> > > Try pkcs11_inspect.
> &
On Tue, 2010-08-17 at 10:08 +0300, Martin Paljak wrote:
> Helo,
>
> On Aug 17, 2010, at 1:59 AM, Andre Zepezauer wrote:
> > On Mon, 2010-08-16 at 21:10 +0200, Emanuele Pucciarelli wrote:
> >>> @martin: When you are interested in improving iso7816.c, then rewrite
> &g
On Fri, 2010-08-27 at 11:12 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 26, 2010, at 6:34 PM, Andre Zepezauer wrote:
> > One application for the give_random() function is contained in the
> > attached patch. In short: C_SeedRandom() works fine with CardOS. Would
> >
cards as it's goal [5]. Changing this,
could be a good point to start to make opensc more interoperable with
well initialised pkcs15 cards.
Kind Regards
Andre Zepezauer
[1]http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15-sec.c#L86
[2]http://www.opensc-project.org/op
On Mon, 2010-08-30 at 12:40 +0300, Martin Paljak wrote:
> Hello,
>
> First, thank you for a constructive review.
>
> On Aug 30, 2010, at 1:54 AM, Andre Zepezauer wrote:
> > I had a look at the NEWS file to see which improvements it will bring to
> > us. After readi
On Mon, 2010-08-30 at 16:36 +0300, Martin Paljak wrote:
> Hello,
>
> On Aug 30, 2010, at 2:52 PM, Emanuele Pucciarelli wrote:
> >> The handful of drivers with insecure operations I was talking about, I
> >> got with the following command: grep -n OPENSSL libopensc/card-*.c
> >>
> >> But looking c
On Mon, 2010-08-30 at 17:50 +0200, Viktor TARASOV wrote:
> Hello,
>
>
> Andre Zepezauer wrote:
> > Hello,
> >
> > attached is a patch which makes it possible to explicitly request
> > specific algorithms for the cryptographic operations. The advantag
Hello all,
what do you think of dropping the possibility to initialise CardOS smart
cards in 0.11.14? The reason of doing so, is to stop the production of
more of these questionable split-key cards.
People who want to initialise CardOS are then forced to do this with
either 0.11.13 or 0.12.X. Hop
On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote:
> Aventra development wrote:
> >
> > The 1K key generation works nicely, but we are having a problem
> > generating a 2K key using OpenSC 0.11.13 and our own MyEID card.
> >
> > OpenSC correctly finds a new file id and creates the file, and
On Tue, 2010-08-31 at 18:40 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote:
> >
> >> Aventra development wrote:
> >>
> >>> The 1K key generation works nicely, but we are havi
On Tue, 2010-08-31 at 10:14 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > On Mon, 2010-08-30 at 17:50 +0200, Viktor TARASOV wrote:
> >
> >> Hello,
> >>
> >>
> >> Andre Zepezauer wrote:
> >>
> >>> Hell
On Tue, 2010-08-31 at 21:07 +0200, Ludovic Rousseau wrote:
> 2010/8/31 Peter Stuge :
> > Johannes Findeisen wrote:
> >> > I think it is important to pay attention to the original goal: to
> >> > run pcscd as a normal user instead of root.
> >>
> >> Yep, that's what I want too. But, when running pcs
On Tue, 2010-08-31 at 10:35 +0300, Martin Paljak wrote:
> Hello?
> On Aug 30, 2010, at 11:13 PM, Andre Zepezauer wrote:
>
> > Hello all,
> >
> > what do you think of dropping the possibility to initialise CardOS smart
> > cards in 0.11.14? The reason of doing
On Wed, 2010-09-01 at 00:52 +0200, Peter Stuge wrote:
> Andre, please try to trim your replies. Keep in mind that you only
> spend 1 * time trimming, while everyone who has to read spends n * time
> seraching for your actual reply.
>
>
> Andre Zepezauer wrote:
> > whe
Hello Toni,
by visiting the webshop of Aventra I have noticed, that there is a smart
card in microSD format in there portfolio. I have been looking for such
a device for a while, but haven't found a supplier so far. Are you able
to provide some more information on it. Most important to me is the
e
On Thu, 2010-09-02 at 12:21 +0200, Johannes Becker wrote:
> Hello,
>
> unfortunately I have to repeat my message about the TCOS2 card:
>
>
> When using opensc-0.12.0-svn-r4647 with our Uni Giessen Card (TCOS 2),
> firefox presents the certificate to use without asking the PIN.
I'm not absolutel
;
> Best Regards,
> Toni
>
>
> > -Original Message-
> > From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de]
> > Sent: 1. syyskuuta 2010 21:51
> > To: Aventra development
> > Cc: opensc-devel
> > Subject: MyEID microSD
> >
On Thu, 2010-09-02 at 17:05 +0300, Martin Paljak wrote:
> Hello,
>
> On Sep 2, 2010, at 4:44 PM, Andre Zepezauer wrote:
> > it's hard to imagine that the demand of these devices is still so
> > limited, because they fit nicely into every laptop/netbook with SD card
&
On Thu, 2010-09-02 at 18:20 +0300, Martin Paljak wrote:
> Helo,
> On Sep 2, 2010, at 6:01 PM, Andre Zepezauer wrote:
> > On Thu, 2010-09-02 at 17:05 +0300, Martin Paljak wrote:
> >> I believe the reason why smart cards exist is their common, agreed upon
> >> fo
On Thu, 2010-09-02 at 19:00 +0300, Martin Paljak wrote:
> On Sep 2, 2010, at 6:37 PM, Andre Zepezauer wrote:
> > And when this portable brakes, can I use the TPM (with keys on it) in a
> > replacement part?
>
> The situation is no different if your SD card breaks.
>
On Wed, 2010-09-01 at 10:41 +0400, Aleksey Samsonov wrote:
> Hello,
>
> Martin Paljak wrote:
> > On Aug 30, 2010, at 2:52 PM, Emanuele Pucciarelli wrote:
> >>> The handful of drivers with insecure operations I was talking about, I
> >>> got with the following command: grep -n OPENSSL libopensc/car
On Wed, 2010-09-01 at 04:55 +0400, Aleksey Samsonov wrote:
> Hello,
>
> Martin Paljak wrote:
> >> 2. The announcement of the GOST public key algorithm seems to me very
> >> optimistic. Because the current implementation isn't functional at all
> >> [1][2].
> > Good catch.
>
> The GOST public key
Hello,
first of all, I'm not interested in starting the discussion on insecure
default setting over again. The decision seems to be clear. But as an
inspiration for the future, this problem can be solved throughout
exploiting logical channels.
Regards
Andre
_
On Thu, 2010-09-02 at 21:31 +0300, Martin Paljak wrote:
> Hello,
>
> On Sep 2, 2010, at 9:16 PM, Andre Zepezauer wrote:
> > But as an inspiration for the future, this problem can be solved throughout
> > exploiting logical channels.
> Which problem? How?
1. If only one a
> > What is the output of pkcs11-tool -L ?
> > Does it include for your slot:
> > token flags: rng, readonly, ***login required***, PIN initialized,
> > token initialized ?
>
> Yes, there is the point. "login required" is not shown in version 0.12.
@Johannes:
Apply this patch locally, and eve
On Tue, 2010-09-14 at 11:28 +0200, jons...@terra.es wrote:
> Perhaps anyone can help me:
>
> Now that my DNIe has died [1] I'm trying to get dni code to be aware
> of this situation.
>
> ¿What's the standard way to tell libopensc that a card has been
> invalidated?, that is: the card is recognize
On Tue, 2010-09-14 at 14:38 +0200, jons...@terra.es wrote:
> [...]
>
> > > Not sure on other cards, but DNIe mark this situation by mean of
> > > change on ATR status code from 03 90 00 to
> > > 0F 65 81 (Memory error). Not sure what to do if detected this
> > > situation:
>
> > 1. When data stru
On Tue, 2010-09-14 at 16:04 +0200, jons...@terra.es wrote:
> [...].
>
> > Supposed that the attached log file is complete, then the card fails
> on
> > receiving the first APDU. In this case the card provides only it's
> ATR
> > and nothing more. This makes it less useful and thus I would prefer
>
On Wed, 2010-09-15 at 11:43 -0500, Douglas E. Engert wrote:
>
> On 9/15/2010 6:30 AM, Martin Paljak wrote:
> > Hello,
> > On Sep 15, 2010, at 12:12 PM, Viktor TARASOV wrote:
> >>> Not yet! I had to replace line 122 of iso7816.c
> assert(count<= card->max_recv_size);
> >>> by
> assert(cou
Hello Viktor,
there are two distinct properties of CardOS, which I belief you have
mixed. On key generation time one has to decide:
1. if the key can be used with sign or decipher (but not both)
2. the padding algorithm the card performs when executing a security
operation with the generated k
On Thu, 2010-09-16 at 19:21 +0200, Viktor TARASOV wrote:
> Hello Andre,
>
> Andre Zepezauer wrote:
> > Hello Viktor,
> >
> > there are two distinct properties of CardOS, which I belief you have
> > mixed. On key generation time one has to decide:
> >
>
Hello Viktor,
> > Besides the sigh_with_decipher hack there is another problem which
> > arises when on card pkcs15 structure states only one operation per key.
> >
> It's the subject of the next enhancement.
> I suggest something like
> http://www.opensc-project.org/opensc/browser/branches/vta
On Tue, 2010-08-31 at 10:14 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > On Mon, 2010-08-30 at 17:50 +0200, Viktor TARASOV wrote:
> >
> >> Hello,
> >>
> >>
> >> Andre Zepezauer wrote:
> >>
> >>> Hell
Hello Viktor,
> Andre Zepezauer wrote:
> >>> Besides the sigh_with_decipher hack there is another problem which
> >>> arises when on card pkcs15 structure states only one operation per key.
> >>>
> >>>
> >> It's t
On Fri, 2010-09-17 at 10:02 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > On Tue, 2010-08-31 at 10:14 +0200, Viktor TARASOV wrote:
> >
> >> Andre Zepezauer wrote:
> >>
> >>> On Mon, 2010-08-30 at 17:50 +0200, Viktor TARA
On Fri, 2010-09-17 at 10:20 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > Hello Viktor,
> >
> >
> >> Andre Zepezauer wrote:
> >>
> >>>>> Besides the sigh_with_decipher hack there is another problem which
> >>>
y beginning of opensc
with more and more additions of attributes [6]
5. OpenSC source code is almost uncommented, therefore over complex data
structures should be avoided
Kind Regards
Andre Zepezauer
[1] http://www.opensc-project.org/opensc/changeset/2872#file1
[2]
http://www.opensc-project.or
Hello,
today I had to configure a host with pam_pkcs11. Doing that, I was
forced to edit the files in /etc/pam.d/ to get the debug messages of
pam_pkcs11. The corresponding option in the configuration file doesn't
have any effects. The attached patch fixes this unexpected behaviour.
Regards
Andre
On Mon, 2010-09-20 at 22:16 +0200, Jean-Michel Pouré - GOOZE wrote:
> Le lundi 20 septembre 2010 à 13:41 +, webmas...@opensc-project.org a
> écrit :
> > update remote-card-access reader
>
> This is an interesting topic. Do you mean it could possible to have
> access from one smartcard to remot
Hello Ludovic,
> 2010/9/20 Andre Zepezauer :
> > Hello,
> >
> > today I had to configure a host with pam_pkcs11. Doing that, I was
> > forced to edit the files in /etc/pam.d/ to get the debug messages of
> > pam_pkcs11. The corresponding option in the config
On Wed, 2010-09-22 at 09:20 +0200, Ludovic Rousseau wrote:
> 2010/5/10 Andre Zepezauer :
> > There is another issue with the output of debug messages. It is that the
> > users pin will be log by default. This can only be disabled at
> > compilation time. I assume that ther
On Wed, 2010-09-15 at 19:33 +0200, Andre Zepezauer wrote:
> On Wed, 2010-09-15 at 11:43 -0500, Douglas E. Engert wrote:
> >
> > On 9/15/2010 6:30 AM, Martin Paljak wrote:
> > > Hello,
> > > On Sep 15, 2010, at 12:12 PM, Viktor TARASOV wrote:
> > >>>
t.
Therefore my question is: Do you think it could be worthwhile to take
some efforts on standardising on *one* single definition of pkcs11.h?
And given the case it would be worthwhile, how to start such an effort?
Kind Regards
Andre Zepezauer
___
On Thu, 2010-09-23 at 14:19 +0200, Umberto Rustichelli aka Ubi wrote:
>
> Dear all, I have been digging a bit into the OpenSC and OpenSSL code
> because I have a doubt.
>
> Using keys on smart cards via the OpenSC engine, I am almost sure that
> by producing a PKCS7 the signature is of type "sh
On Thu, 2010-09-23 at 15:50 +0200, Andre Zepezauer wrote:
> On Thu, 2010-09-23 at 14:19 +0200, Umberto Rustichelli aka Ubi wrote:
> >
> > Dear all, I have been digging a bit into the OpenSC and OpenSSL code
> > because I have a doubt.
> >
> > Using keys on sma
On Thu, 2010-09-23 at 16:46 +0300, Martin Paljak wrote:
> Hello,
>
> On Sep 23, 2010, at 1:59 AM, Andre Zepezauer wrote:
> > The meaning of max_recv_size is still unknown to me. Could someone
> > explain it to me, please. Btw, one of these changes has broken 2048b
> >
On Fri, 2010-09-24 at 09:40 +0200, Umberto Rustichelli aka Ubi wrote:
> Andre Zepezauer wrote:
> > On Thu, 2010-09-23 at 15:50 +0200, Andre Zepezauer wrote:
> >
> >> On Thu, 2010-09-23 at 14:19 +0200, Umberto Rustichelli aka Ubi wrote:
> >>
> >>
On Thu, 2010-09-23 at 00:59 +0200, Andre Zepezauer wrote:
> On Wed, 2010-09-15 at 19:33 +0200, Andre Zepezauer wrote:
> > On Wed, 2010-09-15 at 11:43 -0500, Douglas E. Engert wrote:
> > >
> > > On 9/15/2010 6:30 AM, Martin Paljak wrote:
> > > > Hello,
>
On Sun, 2010-09-26 at 09:22 +0300, Martin Paljak wrote:
> Hello,
> On Sun, Sep 26, 2010 at 08:47, Andre Zepezauer
> wrote:
> > With the current trunk 2048b keys on CardOS are working again. Therefore
> > the max_*_size patches work for me. But I have two suggestions:
>
On Mon, 2010-09-27 at 14:19 +0300, Martin Paljak wrote:
> Hello,
> On Sep 26, 2010, at 2:55 PM, Andre Zepezauer wrote:
>
> > On Sun, 2010-09-26 at 09:22 +0300, Martin Paljak wrote:
> >> Hello,
> >> On Sun, Sep 26, 2010 at 08:47, Andre Zepezauer
> >> wrot
Hello Martin,
automatically detecting the value of max_recv_size is an option too. The
following snippet of code can manage this. But it depends on the
capabilities of the "get_challenge" operation. For CardOS it could be
enabled, because it results in a value of 300 for CardOS 4.3b with
Omnikey r
opinion about renaming the TokenInfo related flags to something
like SC_TOKENINFO_FLAGS.
Kind Regards
Andre Zepezauer
Index: src/tools/pkcs15-crypt.c
===
--- src/tools/pkcs15-crypt.c (revision 4777)
+++ src/tools/pkcs15-crypt.c (working
On Tue, 2010-09-28 at 10:08 +0200, Viktor TARASOV wrote:
> Andre Zepezauer wrote:
> > Dear OpenSC developers,
> >
> > the patch I proposed is mostly complete. The total count of lines is
> > huge, but individual changes are trivial. An exception to this is the
> >
Hello Martin,
personally I would like to keep this patch specific to the separation of
attributes from (public) TokenInfo and (internal) sc_pkcs15_card
structure. Fixing the use of tokeninfo->version is another task and
therefore I would suggest a separate patch for that one.
The matter of renami
OpenSSL, then the
missing functionality of pkcs15-cert.c should be determined and
corresponding tickets should be created.
Kind Regards
Andre Zepezauer
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman
On Wed, 2010-09-29 at 13:35 -0500, Douglas E. Engert wrote:
>
> On 9/29/2010 9:51 AM, Andre Zepezauer wrote:
> > Hello Douglas,
> >
> > in my opinion the usage of OpenSSL in libopensc.so should be removed
> > altogether. If cryptography is needed by some cards (i.e.
On Wed, 2010-09-29 at 16:25 -0500, Douglas E. Engert wrote:
>
> On 9/29/2010 3:05 PM, Andre Zepezauer wrote:
> > On Wed, 2010-09-29 at 13:35 -0500, Douglas E. Engert wrote:
> >>
> >> On 9/29/2010 9:51 AM, Andre Zepezauer wrote:
> >>> Hello Douglas,
>
On Tue, 2010-09-28 at 15:47 +0300, Martin Paljak wrote:
> Hello,
> On Sep 28, 2010, at 3:30 PM, Andre Zepezauer wrote:
> > personally I would like to keep this patch specific to the separation of
> > attributes from (public) TokenInfo and (internal) sc_pkcs15_card
> > stru
On Thu, 2010-09-30 at 10:59 -0500, Douglas E. Engert wrote:
>
> On 9/30/2010 3:56 AM, Martin Paljak wrote:
> > Hello,
> > On Sep 27, 2010, at 11:58 PM, Douglas E. Engert wrote:
> >
> >> There has been a effort to be able to build OpenSC without the use
> >> of OpenSSL. Yet there is newer code that
ors do it,
but I don't know why.
Kind Regards
Andre Zepezauer
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
On Wed, 2010-10-06 at 13:08 -0500, Douglas E. Engert wrote:
>
> On 10/6/2010 12:11 PM, Andre Zepezauer wrote:
> > Hello Douglas,
> >
> >> One of the operations I need for the PIV card is to get the public
> >> key from the certificate, as pubkey needs to be emu
On Wed, 2010-10-06 at 23:12 +0300, Martin Paljak wrote:
> Hello,
>
> On Oct 6, 2010, at 7:10 PM, Douglas E. Engert wrote:
> > PROPOSAL:
> >
> > I would like to do the following to cleanup some of the duplication:
> >
> > Replace sc_pkcs15_pubkey_from_cert with non OpenSSL code, that would
> > us
cryptographic security devices. The others are only useful for storing
of data objects.
[1]
http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/card-westcos.c#L1141
Kind Regards
Andre Zepezauer
___
opensc-devel mailing list
opensc-devel
On Thu, 2010-10-07 at 09:06 -0500, Douglas E. Engert wrote:
>
> On 10/6/2010 9:15 PM, Andre Zepezauer wrote:
> > On Wed, 2010-10-06 at 23:12 +0300, Martin Paljak wrote:
> >> Hello,
> >>
> >> On Oct 6, 2010, at 7:10 PM, Douglas E. Engert wrote:
> >&g
On Thu, 2010-10-07 at 16:25 -0500, Douglas E. Engert wrote:
>
> On 10/7/2010 2:30 PM, Andre Zepezauer wrote:
> > On Thu, 2010-10-07 at 09:06 -0500, Douglas E. Engert wrote:
> >>
> >> On 10/6/2010 9:15 PM, Andre Zepezauer wrote:
> >>> On Wed, 2010
* allocate enough memory to fit http-request
* check if complete message was transmitted
Regards
Andre Zepezauer
Index: common/uri.c
===
--- common/uri.c (revision 456)
+++ common/uri.c (working copy)
@@ -387,6 +387,7 @@
if (sock == -1
Hello Ludovic,
currently the mapper modules are unloaded only on authentication
failure. This patch let them unload on success too.
Regards
Andre
Index: pam_pkcs11/pam_pkcs11.c
===
--- pam_pkcs11/pam_pkcs11.c (revision 464)
+++
other words, build a wrapper around
libccid with an api compatible with libpcsclite. Not an easy task, I
know.
Kind Regards
Andre Zepezauer
On Fri, 2010-10-22 at 12:25 +0100, Mr Dash Four wrote:
> Is it possible to have a stripped-down and slimmed version of
> pkcs11-tool (or a similar,
On Sat, 2010-10-23 at 05:37 +0200, Peter Stuge wrote:
> Andre Zepezauer wrote:
> > In other words, build a wrapper around libccid with an api
> > compatible with libpcsclite.
>
> Then I think it would be a better idea to make a p11 provider
> directly on top of libcci
=
0 CCID Compatible slot0: card present
$/usr/bin/openct-tool atr
Detected CCID Compatible
Card present, status changed
ATR: 3b f2 18 00 02 c1 0a 31 fe 58 c8 08 74
$/usr/bin/pkcs11-tool -L
Available slots:
Slot 0 (0x1): CCID Compatible
Hello Ludovic,
On Tue, 2010-10-19 at 16:53 +0200, Ludovic Rousseau wrote:
> 2010/10/19 Andre Zepezauer :
> > Hello Ludovic,
> >
> > currently the mapper modules are unloaded only on authentication
> > failure. This patch let them unload on success too.
>
> Fixe
Hello,
On Tue, 2010-10-26 at 01:05 +0100, Mr Dash Four wrote:
> Is it possible to have an option (say, "--display-no-prompt" or "-nd"
> for short) where pkcs11-tool does NOT display any kind of user prompt,
> like "Please enter User PIN:"?
>
> The reason I am asking this is because if I want to
31 30 31 37 30 36 33 36 32 36 |..20101017063626|
0040 5a|Z|
It would be nice, if someone could confirm or reject that issue.
[1] http://www.opensc-project.org/opensc/changeset/2466/
Kind Regards
Andre Zepezauer
On Tue, 2010-10-26 at 12:10 +0100, Mr Dash Four wrote:
> >> In other words, when I execute this:
> >>
> >> /bin/plymouth ask-for-password --prompt "Enter your PIN" --command
> >> "/usr/bin/pkcs11-tool -lry data --slot 2 --application-id 12" |
> >> /sbin/cryptsetup luksOpen /dev/xxx --key-file=-
>
On Tue, 2010-10-26 at 08:54 -0500, Douglas E. Engert wrote:
>
> On 10/25/2010 11:19 PM, Andre Zepezauer wrote:
> > Hello,
> >
> > anyone with good knowledge of ASN.1 out there? The point is, that in my
> > opinion the current encoding of TokenInfo.lastUpdate is wrong
.c line 665
* you could remove line 756 in pkcs15.c but I assume that something
will fail, because encoding of all other objects is wrong too
Kind Regards
Andre Zepezauer
Index: tools/pkcs15-tool.c
===
--- tools/pkcs15-tool
Hello,
the attached patch fixes #220. Now the login function does what its name
promises. If user-login is not desired, then simply don't call login()!
(remove pkcs11/framework-pkcs15.c#L792, for testing the patch)
Regards
Andre
Index: tools/pkcs11-tool.c
===
Hello Martin,
On Tue, 2010-10-05 at 18:04 +0300, Martin Paljak wrote:
> Hello
> On Thu, Sep 30, 2010 at 18:07, Douglas E. Engert wrote:
>
> > With OpenSSL-1.0.0a pkcs11-tool -M shows:
> >
> > Supported mechanisms:
> > RSA-PKCS-KEY-PAIR-GEN, keySize={1024,3072}, keypairgen
>
> >
> > Without O
1 - 100 of 251 matches
Mail list logo
