headers
Martin Paljak | 19 May 10:13
Favicon
Gravatar

OpenSC 0.12.1 released

OpenSC 0.12.1
=============

OpenSC 0.12.1 was released on 17.05.2011.

Packages with source and binaries can be downloaded from http://www.opensc-project.org/files/opensc
 - Source for Unix:            opensc-0.12.1.tar.gz
                               SHA1: 656524f2aef61cfeea60b7795ef5a942bcca6f30
 - Installer for OSX 10.6:     OpenSC-0.12.1-10.6.dmg
                               SHA1: e1b4dc13c9aba07b8c9dfc4dac1b83b9765d02ac
 - Installer for OSX 10.5:     OpenSC-0.12.1-10.5.dmg
                               SHA1: 203237a7bc251bb528810cceca0cbf416034b52c
 - Installer for x86 Windows:  OpenSC-0.12.1-win32.msi
                               SHA1: 4dd85a7c5cf74a4c0bea7f8dc6e7c1012eed1b24
 - Installer for x64 Windows:  OpenSC-0.12.1-win64.msi
                               SHA1: 10847c4fe4380d6f11e25d5e5d4491a7a39f34fe

- Most Important News -
 - Binary MSI installers for Windows x86 and x64 are now available.
  - MiniDriver is included in the build but not enabled. People interested in testing it with their
    cards are encouraged to consult the wiki and ask for guidance on opensc-devel mailing list.
 - New card driver:
  - IAS-ECC 1.0.1
 - Support for cards with multiple PKCS#15 applications

== OpenSC overview ==
OpenSC provides a set of libraries and utilities to work with smart cards.
Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications
such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Paljak | 27 Dec 19:52
Favicon
Gravatar

OpenSC 0.12.0 released

OpenSC 0.12.0
=============

OpenSC 0.12.0 was released on 23.12.2010.

Packages with source and binaries can be downloaded from http://www.opensc-project.org/files/opensc
 - Source for Linux:       opensc-0.12.0.tar.gz
                           SHA1: 1400da0732a4cbf9ff7f8296bf59c6e153207247
 - Installer for OSX 10.6: OpenSC-0.12.0-10.6.dmg
                           SHA1: dc3122c09d59f94216ff2b9365775f32d53e2749
 - Installer for OSX 10.5: OpenSC-0.12.0-10.5.dmg
                           SHA1: 373dcee2de7c63a61116d4d677a0e667e6c4a7d2
 - Installer for Windows:  OpenSC-0.12.0.win32.exe
                           SHA1: 9f2b7f9af3962307acf9baac79f89fa7b76c8c51

- Most Important News -
 - Binary installers for Windows (x86) and Mac OS X (10.5+) now available.
  - Windows installer will probably see changes in the next release, use with caution.
 - Support for several new cards added
  - Portugese eID
  - Italian eID, CNS
  - Westcos
  - CardOS version 4.4
 - Transparent software key generation has been removed from OpenSC
 - Linking against libopensc has been deprecated
 - This release fixes CVE-2010-4523, a security issue where specially crafted rogue smart cards can
   be used to execute arbitrary code.

- OpenSC Features - 
 - Support for generation, import and use of RSA keys up to 2048 bits.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 16 Feb 11:34
Picon

New OpenSC and OpenCT releases

New versions of OpenSC and OpenCT are released today,
with improvements for Rutoken S driver mostly.

New in OpenCT 0.6.20; 2010-02-16; Andreas Jellinghaus
* Modify Rutoken S binary interfaces by Aktiv Co.
* Makefiles fixed in doc/ directory
http://www.opensc-project.org/files/openct/openct-0.6.20.tar.gz

New in OpenSC 0.11.13; 2010-02-16; Andreas Jellinghaus
* Modify Rutoken S binary interfaces by Aktiv Co.
* Muscle driver fixed (acl reading issue)
* Many small fixes (e.g. mem leaks)
* Compiling with openssl 1.0.0-beta fixed
http://www.opensc-project.org/files/opensc/opensc-0.11.13.tar.gz

Please note that OpenSC is currently under developing for
a new 0.12.* release line. Thus only a few selected changes
have been backported into the OpenSC 0.11.13 maintenance release.
The majority of changes in the last few months is only available
in the svn trunk development repository until a new 0.12.*
release is available.

Please give these new releases a try. If you encounter any
problem with the new versions, please let us know. Thanks!

Regards, Andreas
Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 7 Jan 12:23
Picon

New OpenCT and Engine_PKCS#11 releases

OpenCT 0.6.19 was released with these changes:
* update on udev rules. Please now use udev instead of hal,
  as distributions are deprecating hal in favor for udev.
* Thanks to Daniel Kahn Gillmor for testing on debian.

http://www.opensc-project.org/files/openct/openct-0.6.19.tar.gz

Engine_PKCS#11 0.1.8 was released with these changes:
* Fix problem causing slot_n parsing returning not certs or keys 
  by Camille Moncelier
* Fix missing declaration of set_init_args symbol
  by Arfrever Frehtes Taifersar Arahesis

http://www.opensc-project.org/files/engine_pkcs11/engine_pkcs11-0.1.8.tar.gz

To help ubuntu and debian with moving from hal setup to udev setup
and to fix known problems/bugs I created some experimental debian
packages. These are awailable at

http://www.opensc-project.org/debian/

Note: I compiled them on ubuntu and only looked at the result, but
didn't find time for real testing so far. So please beware.

Please test them (maybe recompile them yourself if they don't
work out of the box or you need 32bit packages), and let me know
if they work for you.

Regards, Andreas
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 18 Dec 15:28
Picon

OpenSC 0.11.12 released, fixing an important regression

OpenSC 0.11.12 Release Announcement
===================================

On 2009-12-18 OpenSC 0.11.12 was released, providing compatibility
with an ASN.1 Integer encoding issue in older OpenSC releases.

The problem
-----------

OpenSC 0.11.4 and earlier did not encode integers properly in ASN.1 structures
including the on-card format for directory files. This issue was was fixed
in OpenSC 0.11.5.  However in december 2009 it was discovered, that as a 
result some cards initialized with OpenSC 0.11.4 and earlier will not properly 
work with OpenSC 0.11.5 and later.

So far texting showed only problems with "Starcos" cards. The integers
keyReference and pinReference are read as negative numbers, instead
of the positive number (value+256) they should represent.

PKCS#15 dictates that both values need to be positive Integers if
specified in the directory files on the card. Thus code can automatically
detect the wrong (negative) values and fix the issue by adding 256.

In OpenSC 0.11.12 such code was implmeneted and successfully tested.
Starcos cards initialized with OpenSC 0.11.4 and earlier can now be used
with OpenSC 0.11.12 and later. Cards initialized with OpenSC 0.11.5 and later
continue to work fine.

Changes to the code were implemented to keep the ABI compatible with
earlier versions, so that applications using the internal OpenSC API
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 26 Oct 21:06
Picon

OpenSC 0.11.11 released today

OpenSC 0.11.11 released today updated the "myeid" driver and fixes
compiling issues with OpenSSL 0.9.7 and 1.0.0.

http://www.opensc-project.org/files/opensc/opensc-0.11.11.tar.gz

Development is now focused on a new 0.12.* branch of OpenSC.

Regards, Andreas
Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 20 Oct 15:01
Picon

New Libp11 0.2.7, Engine_pkcs11 0.1.7 and OpenSC 0.11.10 released today

Libp11 0.2.7 released today fixes a small bug: If C_Initialize
returns CKR_CRYPTOKI_ALREADY_INITIALIZED, that is ok and is not
ignored. That way applications like wpa_supplicant can unload and
reload pkcs11 modules without issues.

http://www.opensc-project.org/files/libp11/libp11-0.2.7.tar.gz

Engine_pkcs11 0.1.7 released today fixes a small bug with pin handling
(overwriting too many bytes before freeing the memory).

http://www.opensc-project.org/files/engine_pkcs11/engine_pkcs11-0.1.7.tar.gz

OpenSC 0.11.10 released today now includes a new driver "westcos" and a
new driver "myeid" for Aventras MyEid cards (currently only cards initialized
with their software are supported). Also GOST algorithm support was added
for Rutoken cards and a few small bugs were fixed.

http://www.opensc-project.org/files/opensc/opensc-0.11.10.tar.gz

Unless we find a major issues with the opensc release, this might be the last
0.11.* release, as we are already working on the new 0.12 branch with many
improvements and code cleanups (but also with some ABI and API changes).

If you find any issue with these releases, please let us know using our
bug tracker (wiki registration required), mailing lists opensc-devel or
opensc-user (mailing list subscription required) or simply contact
bugs <at> opensc-project.org.

Thanks.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 25 Sep 10:14
Picon

new OpenCT release 0.6.18

A new version of OpenCT has been released: 0.6.18.

You can download the source code from here:
        http://www.opensc-project.org/files/openct/openct-0.6.18.tar.gz

Changes:
New in 0.6.18; 2009-09-25; Andreas Jellinghaus
* USB code for BSD fixed by Emmanuel Dreyfus
* Add support for Rutoken S by  Aktiv Co. / Aleksey Samsonov

Plus some fixes to Info.plist (for users combining openct with pcsc-lite).

Regards, Andreas
Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 29 Jul 09:27
Picon

OpenSC 0.11.9 and OpenCT 0.6.17 released

Today we released new versions of OpenSC and OpenCT:

New in OpenCT 0.6.17, 2009-07-29; Andreas Jellinghaus
* add support for Rutoken ECP (ccid driver)
* small bugfixes

New in OpenSC 0.11.9; 2009-07-29; Andreas Jellinghaus
* New rutoken_ecp driver by  Aktiv Co. / Aleksey Samsonov
* Allow more keys/certificates/files etc. with entersafe tokens
* Updates pkcs11.h from scute fixing warnings
* Small fixes in rutoken driver
* Major update for piv driver with increased compatibility

Please see the changelog for more detailed information.

You will find these new versions as usualy on our website:

http://www.opensc-project.org/files/openct/openct-0.6.17.tar.gz
http://www.opensc-project.org/files/opensc/opensc-0.11.9.tar.gz

Thanks to everyone who contributed to these new releseases with
bug reports, patches, new code, cleanups, testing and help on
the mailing list.

Regards, Andreas
Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 8 May 08:37
Picon

OpenSC 0.11.8 released with security update

OpenSC 0.11.8 was released yesterday with a security update.

The security problem in short: you need a combination of
1.) a tool that startes a key generation with public exponent set to 1
    (an invalid value that causes an insecure rsa key)
2.) a PKCS#11 module that accepts that this public exponent and forwards
    it to the card
3.) a card that accepts the public exponent and generates the rsa key.

OpenSC is insecure because due to a code bug in pkcs11-tool it had
the wrong public exponent. But OpenSC PKCS#11 module is secure, it
ignores the public exponent. So only if you generate your keys with
pkcs11-tool from OpenSC 0.11.7 (which very few people do), and only if
you used it with sone other vendors PKCS#11 module, and only if the
card accepted the bogus value too, then your rsa key is unsecure.

you can easily verify keys by looking at the rsa public key or a
certificate or certificate request, for example the openssl command
line tools can print the content in plain text. public Exponent = 1
is bad (3 and higher are accepted values, 65537 or higher is suggested
by the NIST). 

Here is the full security advisory. No CVE included, as I was not able
to get one from distributions, vendor-sec or mitre.

OpenSC Security Advisory [07-May-2009]
======================================

pkcs11-tool generates RSA keys with publicExponent 1 instead of 65537
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Jellinghaus | 4 May 14:36
Picon

new OpenCT release 0.6.16

a new version of OpenCT has been released: 0.6.16.

You can download the source code from here:
	http://www.opensc-project.org/files/openct/openct-0.6.16.tar.gz

Experimental 64bit binaries for debian/ubuntu are here:
	http://www.opensc-project.org/debian/openct/

These should solve the problems reported by debian and ubuntu users,
please report if they do. Source code for building 32bit binaries
(orig.tar.gz, diff.gz, dsc) is also available at that location.

Changes:
New in 0.6.16, 2009-05-04; Andreas Jellinghaus
* For ccid, etoken* drivers remove polling loop, review the force_poll
  configuration option, this reduces power consumption and CPU load.
* Fix some issues caused by newer udev version.
* Handle T1 abort better.
* Some build system fixes.
* Some minor fixes.
* Re-add api documentation (pre-generated), like we used to.

However some small issues in the build system remain.

I hope this new version works better for you.

If you switch to this new version, please make sure to migrate
to hald setup. Some people prefer to use udev, but we can't
really support it, so hald is the recommended way to go.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane