Michael Ströder | 24 Oct 09:24 2014

0.14.1?

HI!

I experienced seg faults of EJBCA as noted at the end of this page:

http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html

Currently I'm testing with the git version of OpenSC but I wonder whether and
when the patches noted on the page will be released (maybe as 0.14.1)?

Ciao, Michael.

Attachment (smime.p7s): application/pkcs7-signature, 5750 bytes
------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Picon

OpenSC Internet Explorer


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi List,

I was wondering if anyone here managed to get some smart cards working
with Internet Explorer. Upstream there are some "reg" files that
configure some cards such as ePass2003, Feitan and so forth...
Do they really work well with Internet Explorer? (Do the smart cards
work at all with IE? If so... how?)

We are a small province in the north of Italy and would like to
implement a FOSS solution to manage smart cards. Our OpenSC-GUI
frontend, creates an easy way to change the PIN, however getting the
OpenSC drivers to play nice with Internet Explorer seems to be rather
tricky... (All works under Linux but the majority of the userbase uses
Windows and IE)

The project can be found here:
https://github.com/tis-innovation-park/OpenSC-GUI/

Before going into a lot of details I was wondering if anyone on this
list managed to get the Italian CNS (European Health Insurance Card)
working with Internet Explorer. All works great under Firefox.
I have been playing with a lot of registry settings but somehow think
that the problems are related to the minidriver?

This topic somehow relates to the issues that were mentioned previously,
concerning deprecated drivers and the maintenance thereof. I am more
(Continue reading)

Frank Morgner | 20 Oct 22:34 2014
Picon

State of card drivers

Hey guys!

I see we have a number of pull requests hanging concerning new card
drivers. We have some internal card drivers that don't seem to have a
maintainer. We have seen errors in OpenSC that could be exploited by a
rouge smart card.

Still, we don't seem to have a clear policy about new code in OpenSC.
Here is what I would suggest regarding the card driver level (which I
know relatively good):

    Only mature drivers with active maintainers should be loaded by
    default.

This means that

1. All new card drivers belong into a separate driver library that is
  *not* loaded together with all internal drivers.

  I this would allow us to faster accept contributions (but it would
  still require changes for the existing pull requests).

2. Old drivers need to be reviewed. If there is no maintainer, the
   driver needs to be separated and disabled by default.

   I would work on this from time to time, I invite others to do the
   same.

3. Automatic tests need to be applied for drivers that are enabled by
   default.
(Continue reading)

Frank Morgner | 19 Oct 14:58 2014
Picon

Fwd: Re: Regarding pcsc reader


-- 
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
Picon
From: Frank Morgner <morgner <at> informatik.hu-berlin.de>
Subject: Re: [Opensc-devel] Regarding pcsc reader
Date: 2014-10-19 12:51:55 GMT
Your debug output is very hard to read, the line breaks are missing.
What you are describing seems to work for me. What is your
configuration, how can the behaviour be reproduced?

On Sunday, October 19 at 04:10PM, nsar nq wrote:
> the virtual card says :19.10.2014 15:52:02  [WARNING] Using default SAM parameters. PIN=1234, Card
Nr=123456789019.10.2014 15:52:02  [INFO] Connected to virtual PCD at localhost:35963
> I have tried it many time, detected card presence, returning with 3, 2 and 0. After that it shows it returns
thecode -1104<card not present>  for detailed debug info, when debug is set to 9. the following output is generated:
> 2014-10-19 15:30:47.182 ===================================2014-10-19 15:30:47.182 opensc
version: 0.13.02014-10-19 15:30:47.182 PC/SC options: connect_exclusive=0 disconnect_action=1
transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=12014-10-19
15:30:47.182 [opensc-tool] reader-pcsc.c:948:pcsc_detect_readers: called2014-10-19
(Continue reading)

nsar nq | 19 Oct 10:34 2014
Picon

Regarding pcsc reader

Hi!

I am trying to connect my virtual smart card with the reader . On viewing the detailed debug  OpenSC reader-pcsc shows card presence, connected then changed to card absent . Kindly provide some help. 

debug output:

C:\Program Files (x86)\OpenSC Project\OpenSC\tools>opensc-tool -l -vvv
# Detected readers (pcsc)
Nr.  Card  Features  Name
2014-10-19 13:26:46.569 [opensc-tool] sc.c:231:sc_detect_card_presence: called
2014-10-19 13:26:46.569 [opensc-tool] reader-pcsc.c:370:pcsc_detect_card_presenc
e: called
2014-10-19 13:26:46.569 Virtual Smart Card Architecture Virtual PCD 0 check
2014-10-19 13:26:46.569 current  state: 0x00440222
2014-10-19 13:26:46.569 previous state: 0x00440012
2014-10-19 13:26:46.569 card present, changed
2014-10-19 13:26:46.569 [opensc-tool] reader-pcsc.c:375:pcsc_detect_card_presenc
e: returning with: 3
2014-10-19 13:26:46.569 [opensc-tool] sc.c:236:sc_detect_card_presence: returnin
g with: 3
0    Yes             Virtual Smart Card Architecture Virtual PCD 0
2014-10-19 13:26:46.569 [opensc-tool] card.c:125:sc_connect_card: called
2014-10-19 13:26:46.569 [opensc-tool] reader-pcsc.c:450:pcsc_connect: called
2014-10-19 13:26:46.569 Virtual Smart Card Architecture Virtual PCD 0 check
2014-10-19 13:26:46.569 current  state: 0x00450012
2014-10-19 13:26:46.569 previous state: 0x00440222
2014-10-19 13:26:46.569 card absent, changed
2014-10-19 13:26:46.569 [opensc-tool] reader-pcsc.c:457:pcsc_connect: returning
with: -1104 (Card not present)
2014-10-19 13:26:46.585 [opensc-tool] card.c:249:sc_connect_card: returning with
: -1104 (Card not present)
     failed: Card not present
2014-10-19 13:26:46.585 [opensc-tool] ctx.c:787:sc_release_context: called
2014-10-19 13:26:46.585 [opensc-tool] reader-pcsc.c:745:pcsc_finish: called
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Anders Rundgren | 17 Oct 11:21 2014
Picon

eIDAS-tokens and Apple-SIM

https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110-eIDAS_Token_Specification.html

  eIDAS-tokens have no links to the web (BSI and ANSSI doesn't have such knowledge) and are therefore already
dead in the water.

We will probably have to leave this kind of technology development to Google and Apple.

Apple just launched the first step towards SIM virtualization:
http://techcrunch.com/2014/10/16/apple-sim/

Apple do use a SIM but it is not tied to a specific operator, which means that the original business model is
already gone; the rest is only about "connecting the dots".

Anders

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
William Roberts | 16 Oct 19:42 2014
Picon

IFDs

Looking through the OpenSC code base, its unclear to me how the reader
driver is discovered and used to send the apdu's generated by the card
driver. Can anyone point me in the right direction?

I ask this because I am interested in finding out how to add a new
driver that I would be implementing, and want to look at the
interface. The driver I want to implement would be purely virtual, and
essentially always available, is there a way to configure it
statically via:

reader_driver in opensc.conf

Thanks,
Bill

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
Thomas Calderon | 15 Oct 16:20 2014
Picon

Discussion about OpenSC broken PKCS#11 compliance

Hi all,

I would like to start a new discussion related to how OpenSC complies or rather do not complies with the PKCS#11 standard.

I understand the need for a multi-card support and appreciate the community effort that has been put towards supporting so many cards.
However, I feel that there is are numerous outstanding issues in the way OpenSC is designed.

First, the current pkcs11.h in OpenSC is a "custom" version derived from a draft of the standard. PKCS#11 v2.20 is long published and was amended 3 times already.
Second, the way OpenSC handles the card provisioning is broken. Let's take an example for IAS-ECC cards.

Suppose you want to inject a Private Key object on the token, but you want to restrict the key usage for this private key. You can do so using PKCS#11 attributes such as : 
  - CKA_SIGN
  - CKA_SIGN_RECOVER
  - CKA_DECRYPT
  - CKA_UNWRAP

Now, you only need this key for signing, therefore the PKCS#11 template you will use within your code will set CKA_SIGN=TRUE and other attributes to FALSE. The OpenSC object creation code will ignore your "least" privilege policy and enable all key usage for this key.
This is bad but there is worse. Since this key was generated "off-board", the PKCS#11 standards mandates that the CKA_LOCAL attribute should be set to FALSE. OpenSC hard-code this value to TRUE, thus lying to client applications !
Other important values such as CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE are wrongly set in this case.

The "on-board" generation code is also doing dirty tricks behing your back. First the requested PKCS#11 attributes are mapped to an X509 representation and mapped again to PKCS#15 attributes. During this process you loose some granularity on the attributes you required. For instance, request an "on-board" key pair generation for a "signing" key (CKA_SIGN=TRUE, rest to FALSE). Because of this double attribute mapping dance you end up with a private key with CKA_SIGN and CKA_SIGN_RECOVER set to TRUE although you set up CKA_SIGN_RECOVER to FALSE.

As a last example, there is not point in setting CKA_WRAP/CKA_UNWRAP to TRUE if the C_Wrap/C_Unwrap functions are not supported. Those should be the ones hard-coded to FALSE !

Is increased PKCS#11 compliance part of the OpenSC roadmap ?


Feedback appreciated.

Regards,

Thomas C.
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
sara qamar | 13 Oct 21:08 2014
Picon

FW: Opensc-explorer failed to connect virtual smard card


Hi !

I am trying to access or scan some virtual smart card of type
iso7816,cryptoflex,ePass,nPA and relay cards using opensc-explorer. I am
using "Bix Virtual Smart Card Reader" . Currently opensc-explorer is giving error that failed to
connect to card or card not present .

on running opensc-explorer, following output is generated.
Using reader with a card: Virtual Smart Card Architecture Virtual PCD 0
Failed to connect to card: Card not present

How to configure opensc-tools to detect connected virtual smart cards?



------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
sara qamar | 13 Oct 21:08 2014
Picon

FW: Opensc-explorer failed to connect virtual smard card


Hi !

I am trying to access or scan some virtual smart card of type
iso7816,cryptoflex,ePass,nPA and relay cards using opensc-explorer. I am
using "Bix Virtual Smart Card Reader" . Currently opensc-explorer is giving error that failed to
connect to card or card not present .

on running opensc-explorer, following output is generated.
Using reader with a card: Virtual Smart Card Architecture Virtual PCD 0
Failed to connect to card: Card not present

How to configure opensc-tools to detect connected virtual smart cards?



------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
sara qamar | 13 Oct 21:07 2014
Picon

FW: Opensc-explorer failed to connect virtual smard card


Hi !

I am trying to access or scan some virtual smart card of type
iso7816,cryptoflex,ePass,nPA and relay cards using opensc-explorer. I am
using "Bix Virtual Smart Card Reader" . Currently opensc-explorer is giving error that failed to
connect to card or card not present .

on running opensc-explorer, following output is generated.
Using reader with a card: Virtual Smart Card Architecture Virtual PCD 0
Failed to connect to card: Card not present

How to configure opensc-tools to detect connected virtual smart cards?



------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel

Gmane