Anders Rundgren | 29 Jun 07:34 2015
Picon

Smart Card to Web interface

Hi Card-lovers,

The following is NOT a Smart Card to Web interface but a scheme for communicating
between native applications and Web-pages, where such an application for example
could be something related to smart cards like a signature plugin:

     https://github.com/cyberphone/web2native-bridge

The system is a fairly mature prototype running on Chrome/Chromium desktop browsers.

The purpose of the prototype is for concept verification and getting input on the design
of the API etc.  The latter is very important so you are extremely welcome testing :-)

Cheers,
Anders

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
Jean-Marc | 21 Jun 14:25 2015
Picon

Belpic - new v1.7 applet

hi,

I made some tests with new eid belgian cards.
Unfortunately, it is not possible to access certs on new cards.
I checked a bit on eid doc' and the new cards have a new applet version v1.7.

Any idea if this new applet will be implemented in openSC too ?

Regards,

Jean-Marc <jean-marc <at> 6jf.be>
------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Hammer, Tim | 16 Jun 23:49 2015
Picon

"how-to" guide for "external" card drivers?

I have been unable to locate any documentation describing how to create an “external” card driver that is loaded by a directive in the conf file. The “New card driver” example and description seems to be only for a “built-in” driver.

 

Can someone please help me with a better search string or a pointer to such a document?

 

Thanks!

--

.Tim

Tim D. Hammer
Software Developer
Global Business & Services Group
Xerox Corporation
M/S 0207-02Z
800 Phillips Road
Webster, NY 14580

Phone: 585/427-1684
Fax:
      585/422-7532
Mail:
     Tim.Hammer <at> xerox.com

 

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
latac | 10 Jun 10:31 2015
Picon

Troubles with a Gemalto USB token

Hello

I have troubles with a Gemalto USB token. It is listed as supported
on OpenSC wiki, but OpenSC is unable to use it.

Here is what happens:
$ opensc-tool -n
Using reader with a card: Gemalto USB Shell Token V2 (3F91D002) 00 00
Unsupported card

Here is the configuration:
  USB token "Gemalto USB Shell Token V2 (3F91D002)"

PCSC-lite version:
  pcsc-lite version 1.8.10.
  Copyright (C) 1999-2002 by David Corcoran <corcoran <at> linuxnet.com>.
  Copyright (C) 2001-2011 by Ludovic Rousseau <ludovic.rousseau <at> free.fr>.
  Copyright (C) 2003-2004 by Damien Sauveron <sauveron <at> labri.fr>.
  Report bugs to <muscle <at> lists.musclecard.com>.
  Enabled features: Linux x86_64-pc-linux-gnu serial usb libudev
usbdropdir=/usr/lib/pcsc/drivers ipcdir=/var/run/pcscd
configdir=/etc/reader.conf.d

CCID version:
  CCID 1.4.15

OpenSC version:
  opensc 0.13.0 [gcc  4.8.2]
  Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)

OS version:
  Ubuntu 14.04 LTS
  Linux virtual-ubuntu 3.16.0-36-generic #48~14.04.1-Ubuntu SMP Wed Apr 15
13:11:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

And attached is the pcscd log. 
log.txt <http://opensc.1086184.n5.nabble.com/file/n15367/log.txt>  

--
View this message in context: http://opensc.1086184.n5.nabble.com/Troubles-with-a-Gemalto-USB-token-tp15367.html
Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
J.Witvliet | 3 Jun 16:41 2015
Picon

Re: Google's secure micro-SD

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren.net <at> gmail.com] 
Sent: vrijdag 29 mei 2015 21:26
To: OpenSC
Subject: [Opensc-devel] Google's secure micro-SD

http://www.cnet.com/news/googles-project-vault-is-a-security-chip-disguised-as-an-micro-sd-card/

This is a pretty strange thing since both ARM and Intel offer built-in security solutions in the CPU itself.

Anders

-----Original Message-----

Most interesting part is that their storage range from 8GB till 64GB.
Question remain how secure their "secure solution" is.
Is it just "A system on a chip", or does it really uses a crypto co-processor, like they do at smartcard_hsm?

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit
bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te
verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband
houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this
message was sent to you by mistake, you are requested to inform the sender and delete the message. The State
accepts no liability for damage of any kind resulting from the risks inherent in the electronic
transmission of messages.

------------------------------------------------------------------------------
Dirk-Willem van Gulik | 2 Jun 17:32 2015

Preventing malformed ODFs causing segfaults.

We seem to be a bit trusting of the cruft which can be on a card; found I needed below to stop naughty cards
from causing segfaults (and hence locking subsequent users out of their desktops (a bit of fragility
outside OpenSC)).

Just wondering - is this sort of thing common (and should I scan most of the code for this) — or have i found a
rare case ?

Dw.

https://github.com/OpenSC/OpenSC/commit/1061b5ded0edbc6a1f2cb4fd599b7c950ffe18ff

src/libopensc/dir.c
 <at>  <at>  -149,6 +149,10  <at>  <at>  int sc_enum_apps(sc_card_t *card)
 	r = sc_select_file(card, &path, &card->ef_dir);
 	LOG_TEST_RET(ctx, r, "Cannot select EF.DIR file");

+	if (card->ef_dir == NULL) {
+		LOG_TEST_RET(ctx, SC_ERROR_INVALID_CARD, "EF(DIR) nonexistant.");
+	}
+
 	if (card->ef_dir->type != SC_FILE_TYPE_WORKING_EF) {
 		sc_file_free(card->ef_dir);
 		card->ef_dir = NULL;

src/libopensc/pkcs15.c
 <at>  <at>  -1044,6 +1044,10  <at>  <at>  sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid)
 			sc_log(ctx, "Cannot make absolute path to EF(ODF); error:%i", err);
 			goto end;
 		}
+		if (p15card->file_odf == NULL) {
+			sc_log(ctx, "After making absolute path to EF(ODF) still no odf.");
+			goto end;
+		}
 		sc_log(ctx, "absolute path to EF(ODF) %s", sc_print_path(&tmppath));
 		err = sc_select_file(card, &tmppath, &p15card->file_odf);
 	}
 <at>  <at>  -1059,6 +1063,8  <at>  <at>  sc_pkcs15_bind_internal(struct sc_pkcs15_card *p15card, struct sc_aid *aid)
 		goto end;
 	}

+	assert(p15card->file_odf);
+
 	len = p15card->file_odf->size;
 	if (!len) {
 		sc_log(ctx, "EF(ODF) is empty”);

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Anders Rundgren | 29 May 21:25 2015
Picon

Google's secure micro-SD

http://www.cnet.com/news/googles-project-vault-is-a-security-chip-disguised-as-an-micro-sd-card/

This is a pretty strange thing since both ARM and Intel offer built-in security solutions in the CPU itself.

Anders

------------------------------------------------------------------------------
Dirk-Willem van Gulik | 27 May 09:13 2015

Fwd: [Bug 2240] Secure PIN entry for smartcards through the keypad on the reader (patch)

For those caring about PIN pad readers and OpenSSH; one less patch to apply once ssh 6.9 makes it into the various distributions.

Dw.

Begin forwarded message:

Subject: [Bug 2240] Secure PIN entry for smartcards through the keypad on the reader (patch)
Date: 27 May 2015 07:44:08 CEST

https://bugzilla.mindrot.org/show_bug.cgi?id=2240

Damien Miller <djm <at> mindrot.org> changed:

          What    |Removed                     |Added
----------------------------------------------------------------------------
        Resolution|---                         |FIXED
            Status|NEW                         |RESOLVED

--- Comment #5 from Damien Miller <djm <at> mindrot.org> ---
This has been committed and will be in openssh-6.9. The final patch is:

https://anongit.mindrot.org/openssh.git/patch/?id=a71ba58adf34e599f30cdda6e9b93ae6e3937eea

--
You are receiving this mail because:
You reported the bug.


From a71ba58adf34e599f30cdda6e9b93ae6e3937eea Mon Sep 17 00:00:00 2001 From: "djm <at> openbsd.org" <djm <at> openbsd.org> Date: Wed, 27 May 2015 05:15:02 +0000 Subject: upstream commit support PKCS#11 devices with external PIN entry devices bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker <at> Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d --- ssh-pkcs11.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index f4971ad..e074175 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c <at> <at> -1,4 +1,4 <at> <at> -/* $OpenBSD: ssh-pkcs11.c,v 1.18 2015/04/24 01:36:01 deraadt Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.19 2015/05/27 05:15:02 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * <at> <at> -237,7 +237,7 <at> <at> pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, {CKA_ID, NULL, 0}, {CKA_SIGN, NULL, sizeof(true_val) } }; - char *pin, prompt[1024]; + char *pin = NULL, prompt[1024]; int rval = -1; key_filter[0].pValue = &private_key_class; <at> <at> -255,22 +255,30 <at> <at> pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { - error("need pin"); + error("need pin entry%s", (si->token.flags & + CKF_PROTECTED_AUTHENTICATION_PATH) ? + " on reader keypad" : ""); return (-1); } - snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", - si->token.label); - pin = read_passphrase(prompt, RP_ALLOW_EOF); - if (pin == NULL) - return (-1); /* bail out */ - rv = f->C_Login(si->session, CKU_USER, - (u_char *)pin, strlen(pin)); - if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { + if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + verbose("Deferring PIN entry to reader keypad."); + else { + snprintf(prompt, sizeof(prompt), + "Enter PIN for '%s': ", si->token.label); + pin = read_passphrase(prompt, RP_ALLOW_EOF); + if (pin == NULL) + return (-1); /* bail out */ + } + rv = f->C_Login(si->session, CKU_USER, (u_char *)pin, + (pin != NULL) ? strlen(pin) : 0); + if (pin != NULL) { + explicit_bzero(pin, strlen(pin)); free(pin); + } + if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { error("C_Login failed: %lu", rv); return (-1); } - free(pin); si->logged_in = 1; } key_filter[1].pValue = k11->keyid; -- -- cgit v0.11.2

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Orc Erc | 27 May 00:03 2015
Picon

fips compliant openssl

Hi All, 

I am trying to compile openssl fips compliant.

I have compiled openssl-fips-2.0.1 with;
./config
make
make install

The fipscanister.o, fipscanister.o.sha1, fips_premain.c, fips_premain.c.sha1 files are created in the folder /usr/local/ssl/fips-2.0/lib.

After that i compiled openssl-1.0.1c with;

./config fips shared
make depend
make
make install

The libcrypto.so.1.0.0, libcrypto.so, libssl.so.1.0.0, libssl.so files are copied to /usr/local/ssl/lib folder. 

I have referenced that crypto library and make my program with:

g++ -L/usr/local/ssl/lib -o "OKC"  ./src/libp11/libpkcs11.o ./src/libp11/p11_attr.o ./src/libp11/p11_cert.o .. .. .. . . .   -lssl -lcrypto -lpcsclite -ldl

When i call "FIPS_mode_set(1);" function, i am getting that error:

error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported

But when i checked the version of openssl it gives:

./openssl version
OpenSSL 1.0.1c-fips 10 May 2012


Also when i checked the fips compliant libraries it gives that list:

./openssl ciphers FIPS -v

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  Mac=SHA256
ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1


 I have tried with different version openssl and fips; but i could not succedded. Is there anythink that i can try?

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Fabian Leiros Carrera | 26 May 14:01 2015

Oberthur Cosmo v7.0-n card support

Hello everyone,

I'm trying to make OpenSC work with different models of Oberthur smartcards:

- Cosmo64 RSA v5.2 (applet: 2.17)
- Cosmo v7.0-n (applet: 2.17)

Up until now I only have been able to make the first card model work with OpenSC 0.14.0.

After reading this https://github.com/OpenSC/OpenSC/wiki/Oberthur-AuthentIC-applet-v2.2 I
assumed that Cosmo v7.0-n model is not supported, but I am not quite sure.

Could anyone confirm if Cosmo v7.0-n model is supported by OpenSC please?

If no, what would need to be done in order to support it?

If it is supported, I am detailing at the end of the email how I am installing and setting up OpenSC. What am I
doing wrong?

Thank you so much for your help.
Best regards
Fabián

------------------------------------------------------------------------------------------------------------------

- Install both x86 and x64 versions of OpenSC on a Windows 7 x64 computer
- Add a new entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\" for
Cosmo64 RSA v5.2 including its ATR:

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthenticV5]
        "80000001"="opensc-minidriver.dll"
        "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
        "ATR"=hex:3b,7d,18,00,00,00,31,80,71,8e,64,77,e3,01,00,82,90,00
        "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
        "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"

- Add the same entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\"
- Restart "Certificate Propagation" service.

- Plug-in the Cosmo64 RSA v5.2:
        - the certificate will be imported correctly to Windows certificate store.
        - "opensc-tool.exe -n" will return the name of the card correctly
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                AuthentIC v5

        -  "opensc-tool.exe -a" returns the card's ATR
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:7d:18:00:00:00:31:80:71:8e:64:77:e3:01:00:82:90:00

        - "pkcs15-tool.exe -c" will output information about my certificate

- So far, so good, so now I add two new Registry entries, on both x86 and x64 hives, for the Cosmo v7.0-n card:

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthentIC v7]
        "80000001"="opensc-minidriver.dll"
        "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
        "ATR"=hex:3b,5b,96,00,00,31,c0,64,ba,fc,10,00,0f,90,00
        ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
        "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"

- Now I plug in the Cosmo v7.0-n card and:
        - the certificate is not imported to Windows certificate store.
        -"opensc-tool -n" returns " Unsupported card"
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Unsupported card

        - "opensc-tool.exe -a" returns the card's ATR
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00

        - "pkcs15-tool.exe -c" also returns an error:
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: Card is invalid or cannot be handled

- "opensc-tool.exe --list-drivers " shows two Oberthur drivers:
        oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
        authentic        Oberthur AuthentIC v3.1

- I add a new "atr" entry on "opensc.conf" at "Program Files" and "Program Files (x86)" folders:

        # Oberthur's AuthentIC v7
        card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
                                type = 11100;
                                driver = "authentic";
                                name = "AuthentIC v7";
                }

- Plug in the Cosmo v7.0-n card and:
        -"opensc-tool -n" changes its output:
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

        - Same thing with "opensc-tool.exe -a":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

        - And with "pkcs15-tool.exe -c":
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

- Now I change the "atr" entries on "opensc.conf" files to:

        # Oberthur's AuthentIC v7
        card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
                                type = 11100;
                                driver = "oberthur";
                                name = "AuthentIC v7";
                }

- And I get this outputs with Cosmo v7.0-n card plugged in:
        -"opensc-tool -n":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                AuthentIC v5

        -"opensc-tool -a":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00

        - "pkcs15-tool.exe -c":
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                PKCS#15 binding failed: Unsupported card

________________________________

AVISO DE CONFIDENCIALIDAD.
Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida
exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que
contiene información confidencial cuyo uso, copia, reproducción o distribución está
expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos
lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de
ningún modo.

CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended
exclusively for the addressee. everis informs to whom it may receive it in error that it contains
privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an
intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print,
disclose, copy, retain or redistribute any portion of this E-mail.

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
Douglas E Engert | 25 May 16:07 2015
Picon

Libp11, engine_pkcs11 and OpenSC-0.15.0

Now that OpenSC-0.15.0 is releases, is it time for updated releases of libp11 and engine_pkcs11?

libp11 and engine_pkcs11 have a number of fixes, URI support and ECDSA support.
ECDSA support works with OpenSSL-1.0.2.

--

-- 

  Douglas E. Engert  <DEEngert <at> gmail.com>

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

Gmane