OpenSC github Test project

Hello,

I created a Test [1] project at github. This project is supposed to be
used to test integration of github with other services before
deploying the configuration to a real OpenSC sub-project.

Feel free to use it.
You may need to get access rigths. Just ask on this list.

Bye,

[1] https://github.com/OpenSC/Test

--

-- 
 Dr. Ludovic Rousseau

Delete 'staging' branch of github OpenSC/OpenSC project

Hello,

During considerable time already the master and staging branches have been closely synchronized.
As for me we can close the 'staging' branch.
It's initial role was to be a buffer for the new features,
now this function is fulfilled by the 'master' itself and by the pull-requests branches.

If no objections,
I will remove the 'staging' branch.

Kind regards,
Viktor.

athena javacar ID Protect Client Support

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

List opensc-devel migration

Hello,

You are a subscribed member of the
opensc-devel <at> lists.opensc-project.org mailing list. The server at
opensc-project.org will be shut down soon and all the services need to
migrated to a new home [1] and [2].

An opensc-devel mailing list has been created at SourceForge. Go to
[3] and subscribe again if you want to continue to receive messages
for opensc-announce. We decided NOT to migrate your email
automatically. So you have to resubscribe by hand.

Sorry for the inconvenience.

Regards,

[1] http://sourceforge.net/projects/opensc/
[2] https://github.com/opensc
[3] https://lists.sourceforge.net/lists/listinfo/opensc-devel

--

-- 
 Dr. Ludovic Rousseau

Status of the server migration

Hi,

merry xmas / happy holidays everyone!

If you don't read this in the coming day: all is fine, enjoy your time
off with friends and family or skiing or ...

But for those with time on their hands for open source project work:
can someone summarize the current status of our server migration?

* source code: now all in git on github, right? Does everyone have
access who needs?
  What is the new system, people are asked to push patches to the
mailing list and someone collects them?
  Or should people have their own repo, publish patches there and
someone else pulls them? (more work, maybe not such a good idea)
  Or do we have an rietveld instance somewhere, so people can push
changes there (how?) and they get compile-build-tested?
* mailing lists: no idea what the current status is (i.e. this is a
test mail). Do we have new lists? Subscribers migrated or invited?
  Does this old list still work, or should I shut it down?
* Continuous build: is there a replacement system for the (jenkins?)
system we have/had on the old server?
* Trac/Wiki/.... -> any progress here? I remember so offerings and
questions to migrate, but no status update since - maybe I missed it?
* opensc-project.org domain - registered to martin paljak, opensc.org
reigstered to same unknown person - opensc.com for sale.
  any chance to move one of the domains to (whom?) someone? or live
without them?

Anything else I missed?

As said, I'd like to retire the server end of year, as it is a very
old and unmaintained installation.

Regards, Andreas

Openssl pkcs11-engine using s_client with PIV card

I'm trying to debug an SSL connection to a webserver utilizing my PIV
Authentication Certificate and the associated private key on my card
and I believe I've found a bug in mechanism.c

I *think* I'm doing everything correctly, although documentation on
the engine in openssl are *very* sparse.  Here's how I'm setting up
the connection.

openssl
engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre
ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:src/pkcs11/.libs/opensc-pkcs11.so -pre VERBOSE
s_client -engine pkcs11 -connect webserver:443 -CAfile ca.crt -cert
pivauth.crt -certform PEM -key 1:01 -keyform engine -prexit

According to the opensc tools, my card is in slot 1 and my key is id
01.  I'm fairly certain I'm using the -key and -keyform parameters
correctly but I'm not sure of -cert and -certform.  Should I instead
be telling openssl how to pull the cert from my card instead of the
local file (which corresponds with the key?)  How do I do that?  (I've
tried a few ways.)

This will prompt me for my pin, but then segfaults on line 428 of
mechanism.c -- seemingly data is pointing to an address but has no
member buffer_len (this could be wrong, my c and gdb experience is
highly lacking)

Found slot:  Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
Found token: PIV_II (PIV Card Holder pin)
Found 4 certificates:
   1    Certificate for PIV Authentication
   2    Certificate for Digital Signature
   3    Certificate for Key Management
   4    Certificate for Card Authentication
PKCS#11 token PIN:
Found 4 keys:
   1 P  PIV AUTH key
   2 P  SIGN key
   3 P  KEY MAN key
   4 P  CARD AUTH key

Program received signal SIGSEGV, Segmentation fault.
0x00002aaaac155660 in sc_pkcs11_signature_final (operation=0x6cb7d0,
pSignature=0x7fffffffda30 "", pulSignatureLen=0x0) at mechanism.c:428
428  sc_log(context, "data length %li", data->buffer_len);
(gdb) print data
$1 = (struct signature_data *) 0x30
(gdb) print data->buffer_len
Cannot access memory at address 0x248
(gdb) backtrace
#0  0x00002aaaac155660 in sc_pkcs11_signature_final
(operation=0x6cb7d0, pSignature=0x7fffffffda30 "",
pulSignatureLen=0x0) at mechanism.c:428
#1  0x00002aaaab036e3d in look_str_cb () from /usr/lib/libcrypto.so.1.0.0
#2  0x00002aaaab04722c in lh_doall_arg () from /usr/lib/libcrypto.so.1.0.0
#3  0x00002aaaab03565c in engine_table_doall () from /usr/lib/libcrypto.so.1.0.0
#4  0x00002aaaab037203 in ENGINE_pkey_asn1_find_str () from
/usr/lib/libcrypto.so.1.0.0
#5  0x00002aaaab071fa3 in EVP_PKEY_asn1_find_str () from
/usr/lib/libcrypto.so.1.0.0
#6  0x00002aaaaad179d7 in ssl_create_cipher_list () from
/usr/lib/libssl.so.1.0.0
#7  0x00002aaaaad10964 in SSL_CTX_new () from /usr/lib/libssl.so.1.0.0
#8  0x000000000043d07e in ?? ()
#9  0x0000000000419587 in ?? ()
#10 0x000000000041927d in ?? ()
#11 0x00002aaaab363725 in __libc_start_main () from /usr/lib/libc.so.6
#12 0x000000000041934d in ?? ()
#13 0x00007fffffffe598 in ?? ()
#14 0x0000000000000000 in ?? ()

Thanks for any advice/patches/help :)
Matt

OpenSC Windows minidriver reg file for the ePass2003

Dear all,

Can anyone help me set the correct value for the ePass2003 mini driver
registry:http://download.gooze.eu/pki/opensc/windows/minidriver/exported-ePass2003.reg

The content of the file is:

**************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards
\OpenSC ePass2003 ECP]
"ATR"=hex:3b,9f,95,81,31,fe,9f,00,66,46,53,05,01,00,11,71,df,00,00,03,6a,82,f8
"ATRMask"=hex,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage
Provider"
"80000001"="opensc-minidriver.dll"
************************************

opensc-tool --atr
Using reader with a card: Feitian ePass2003 00 00
3b:9f:95:81:31:fe:9f:00:66:46:53:05:01:00:11:71:df:00:00:03:6a:82:f8

What is missing in my reg file to make the mini-driver work?

Kind regards,
Jean-Michel POURE
--

-- 

                      GOOZE - http://www.gooze.eu
                   High quality cryptographic tools 
                  for GNU/Linux, Mac OS X and Windows
     POURE SASU - 17 rue Saint Jacques - 95160 Montmorency - France
       Tel : +33 (0)9 72 13 53 90 - Mobile : +33 (0)6 51 99 37 90
         Registry: FR 527 672 448 00018 - VAT: FR54527672448
     CAcert root certificate: http://www.cacert.org/index.php?id=3
                          ID PGP/GPG: 084F2584

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Segmentation fault in pkcs11-tool

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: Muscle smart card Applet various versions from M.U.S.C.L.E. and OpenSC

On 12/12/2012 5:17 AM, Rns Course wrote:
>>This appears in the log that GET_STATUS is returning: 00 01 00 05 ...
>  > i.e. PROTO_VERSION_MAJOR=0, PROTO_VERSION_MINOR=1
> Where does GET_STATUS return 00 01 00 05 in log?
> I mean, how did you understand GET_STATUS return 00 01 00 05 from log file?

You had sent on 12/9 an attachment of the opensc debug log as output.txt.
(but I cant find the original note, but I still have the attachment.)

On line in output.txt, APDUs and responses from muscle_match_card in card-muscle.c:
425: APDU:     00 A4 04 00 05 A0 00 00 00 01
430: Response: 90 00
440: APDU:     B0 3C 00 00 40
445: Response: 00 01 00 05 00 00 75 30 00 00 5E F6 02 02 00 00 90 00

Looking at the Muscle source that was available which is newer then the 0.9.11
I made the assumption that the actual data returned is from an older
version that had Protocol major=0  minor=1,  Applet major=0  minor=5

>
>>    buffer[pos++] = (byte) 1; // Major Card Edge Protocol version n.
>>    buffer[pos++] = (byte) 3; // Minor Card Edge Protocol version n.
>>    buffer[pos++] = (byte) 0; // Major Applet version n.
>>    buffer[pos++] = (byte) 9; // Minor Applet version n.

> I changed version in CardEdge.java source to 0.9.11 & 0.9.13 (before that, it was  0.6.01 at the source!)
and compile it again.

Its the major protocol version that OpenSC is checking, not the Applet version.

> But when I run "pkcs15-init -C" command, the output was as before:
>
> Using reader with a card: OMNIKEY CardMan 3x21 0
> New User PIN.
> Please enter User PIN:  (I entered "00000000")
>   Please type again to verify:
> Unblock Code for New User PIN (Optional - press return for no PIN).
> Please enter User unblocking PIN (PUK):
> User PIN [User PIN] required.
> Please enter User PIN [User PIN]: (I entered "00000000")
> Failed to create PKCS #15 meta structure: File not found
>
> How should I force opensc-0.13.0 to work with Muscle 0.9.11?

If they are using different protocols, one side or the other will need changes.

Buy a Java 2.2.2 card?

> THX.
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* Douglas E. Engert <deengert <at> anl.gov>
> *To:* MUSCLE <muscle <at> lists.musclecard.com>; OpenSC-devel <opensc-devel <at> lists.opensc-project.org>
> *Sent:* Tuesday, 11 December 2012, 0:01:32
> *Subject:* [opensc-devel] Muscle smart card Applet various versions from M.U.S.C.L.E. and OpenSC
>
> I am not using the Muscle card applet, but was looking looking at the OpenSC
> debug log for this thread:
> Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
>
> The OpenSC card-muscle.c (0.12.2 or 0.13.0) is looking for PROTO_VERSION_MAJOR=1
>
> The author of the original note said:
>    > I've loaded and initialized Muscle applet (0.9.11) on it.
>
>
> This appears in the log that GET_STATUS is returning: 00 01 00 05 ...
> i.e. PROTO_VERSION_MAJOR=0, PROTO_VERSION_MINOR=1
> This version from 2003-12-19, does not sound like the latest to me...
>
> Yet in the Muscle CVS archives:
> http://anonscm.debian.org/viewvc/muscleplugins/trunk/MCardApplet/
> as of 4 years ago has version.properties has:
>
>    APPLET_VERSION_MAJOR=0
>    APPLET_VERSION_MINOR=9
>
>    PROTO_VERSION_MAJOR=1
>    PROTO_VERSION_MINOR=3
>
> And there have been changes in the SVN 9 months ago, 2 years ago and
> 3 years ago, which are not reflected in the Download page:
> https://alioth.debian.org/frs/?group_id=30111
>
> Can the download versions be update, or the page change to say
> compile it yourself? Or point to the OpenSC page?
>
>
> Then on OpenSC-project:
> http://www.opensc-project.org/opensc/wiki/MuscleApplet
> it says:
>    "OpenSC supports the Muscle applet, available from Debian SVN:"
>      svn co svn://svn.debian.org/muscleplugins/trunk/MCardApplet
>
>      (This appears to be the same SVN as on the Muscle page, revision 298
>      from 9 months ago.)
>
>      "An updated version, targeting recent JavaCard 2.2.2 cards with
>      extended APDUs is available from github:"
> http://github.com/martinpaljak/MuscleApplet
>
> This github is 3 years old, yet changes where made to the Muscle SVN
> 9 months ago.
>
> https://github.com/martinpaljak/MuscleApplet/blob/master/src/com/musclecard/CardEdge/CardEdge.java
> (3 years old)
>      buffer[pos++] = (byte) 1; // Major Card Edge Protocol version n.
>        buffer[pos++] = (byte) 3; // Minor Card Edge Protocol version n.
>        buffer[pos++] = (byte) 0; // Major Applet version n.
>        buffer[pos++] = (byte) 9; // Minor Applet version n.
>
> Which is in line with the PROTO_VERSION_MAJOR the OpenSC code is looking for.
>
> Can Martin and Ludovic get together and get these versions in sync,
> and make it so others don't download the 9 year old version?
>
> Thanks.
>
>
>
> --
>
>    Douglas E. Engert  <DEEngert <at> anl.gov <mailto:DEEngert <at> anl.gov>>
>    Argonne National Laboratory
>    9700 South Cass Avenue
>    Argonne, Illinois  60439
>    (630) 252-5444
> _______________________________________________
> opensc-devel mailing list
> opensc-devel <at> lists.opensc-project.org <mailto:opensc-devel <at> lists.opensc-project.org>
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

-- 

  Douglas E. Engert  <DEEngert <at> anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

How to compile opensc in windows?

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!

_______________________________________________
opensc-devel mailing list
opensc-devel <at> lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel