Douglas E Engert | 22 Nov 17:06 2014
Picon

Jenkins

Is Jenkins working?

There are a number of pull requests with:

Waiting to hear about xxxxxxxx — Merged build triggered.

https://opensc.fr/jenkins/job/OpenSC-pr-master/

Looks like it hung on Nov 20, 2014 5:32:44PM

--

-- 

  Douglas E. Engert  <DEEngert <at> gmail.com>

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Anders Rundgren | 17 Nov 19:53 2014
Picon

Web-Signatures using WebCrypto++

https://mobilepki.org/WCPPSignatureDemo

Primary features;
- No installation of signature plugins, the code is supplied as a part of the RP web.
- No relying party direct access to keys, postMessage

Limitations:
- Not possible to use with existing smart cards
- Requires substantial updates of platforms

This is an early version that requires Chrome or Firefox beta.

Anders

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
Etienne Cordonnier | 10 Nov 17:58 2014

Bug in verbose flag handling in cardos-tool.c

Hi!
The way the verbose flag is handled in src/tools/cardos-tool.c is not correct, see for instance:

 335     if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) {                     
 336         fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n",                
 337             apdu.sw1, apdu.sw2, apdu.resplen ? ":" : "");                       
 338         if (apdu.resplen)                                                       
 339             util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1);             
 340         return 1;                                                               
 341     } 

When running cardos-tool with -v, the program returns 1 as soon as it reaches one of those blocks, because
the condition “|| verbose” is true.
Should I send a pull request extracting those checks in a function and correcting the behaviour? I think the
wanted behaviour is the following:

      if (apdu.sw1 != 0x90 || apdu.sw2 != 00 || verbose) {                     
          fprintf(stderr, "Received (SW1=0x%02X, SW2=0x%02X)%s\n",                
              apdu.sw1, apdu.sw2, apdu.resplen ? ":" : "");                       
          if (apdu.resplen)                                                       
              util_hex_dump_asc(stdout, apdu.resp, apdu.resplen, -1);  
          if (apdu.sw1 != 0x90 || apdu.sw2 != 00)           
             return 1;                                                               
      } 

Cordially,
Etienne
------------------------------------------------------------------------------
William Roberts | 7 Nov 19:49 2014
Picon

Symmetric 9E Key

Does anyone know how to use something like pkcs11-tool to issue a AES
256 encryption on 9E key? My Card supports this, but I am trying to
figure out how to test this within higher level apps. I verified that
I can generate a GENERAL AUTH APDU and send it to the card and have
encrypted.

Thanks.

--

-- 
Respectfully,

William C Roberts

------------------------------------------------------------------------------
David Woodhouse | 6 Nov 21:52 2014

Repeated login issues with Yubikey NEO

I'm using a Yubikey NEO with OpenSC, from the OpenConnect VPN client.

It starts off by doing a test signature to validate that I've given it a
matching certificate and key, which works fine. PKCS#11 Spy output at
http://forum.yubico.com/viewtopic.php?f=26&t=1586

Then it connects to the HTTPS server and is required to do client
certificate authentication, so it tries another signature. Which fails
thus:

22: C_SignInit
2014-11-06 16:32:39.499
[in] hSession = 0x28a1560
pMechanism->type=CKM_RSA_PKCS                 
[in] hKey = 0x2a3b950
Returned:  0 CKR_OK

23: C_Sign
2014-11-06 16:32:39.499
[in] hSession = 0x28a1560
[in] pData[ulDataLen] 00007fff6dbbf6b0 / 36
    00000000  42 B1 2E A0 4B A2 D6 C0 AD C0 CA 28 AD 0F 5D 34  B...K......(..]4
    00000010  09 AD 6C 8C 2C A1 31 1E 13 FF 91 65 59 A3 9D D9  ..l.,.1....eY...
    00000020  24 89 88 9D                                      $...            
[out] pSignature[*pulSignatureLen] NULL [size : 0x100 (256)]
Returned:  0 CKR_OK

24: C_Sign
2014-11-06 16:32:39.499
[in] hSession = 0x28a1560
(Continue reading)

Roberto Resoli | 5 Nov 15:50 2014
Picon

Best way to implement Italian CNS card_ctl function with SC_CARDCTL_GET_SERIALNR

Hello,

I am referring to this post:
http://sourceforge.net/p/opensc/mailman/message/32982604/

I succeded in build and test the minidriver, but i need to refine the
implementation of the new itacns card_ctl  function (only for
SC_CARDCTL_GET_SERIALNR, atm).

A little preamble: itacns driver currently is more or less a wrapper for
implementing the CNS specification for some different underlying cards.

To my knowledge, these are some of the different CNS manufacturer -
opensc driver incarnations:

- Incard - incrypto34
- Siemens - cardos
- Athena - asepcos

The latter two are very widespread as there are used as European Health
Insurance Card in many italian Regions. I own currently a cardos one,
and waiting for a test sample of asepcos one.

According to CNS filesystem specification there is an EF "IDCarta" (16
bytes) which seems the best candidate for an interoperable serial number.

The file id is 1003 under DF 1000:

OpenSC [3F00]> cd 1000
OpenSC [3F00/1000]> cat 1003
(Continue reading)

Michael Ströder | 3 Nov 19:31 2014

git build breaks

After git pull something's missing:

checking XSLTPROC requirement... configure: error: Missing xslstylesheetsdir

Ciao, Michael.

Attachment (smime.p7s): application/pkcs7-signature, 5750 bytes
------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Michael Ströder | 3 Nov 19:28 2014

Cards with support for pkcs15-init

HI!

Any recommendations for cards with support for pkcs15-init?
I know that importing a PKCS#12 is not as secure as some other backuprestore
mechanisms but longer-term availabilty is more important in this case.

Ciao, Michael.

Attachment (smime.p7s): application/pkcs7-signature, 5750 bytes
------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
William Roberts | 30 Oct 23:06 2014
Picon

CBEFF Biometric Data For PIV

Has anyone loaded biometric data onto a PIV card with OpenSC tools?
Thanks for anyhelp.

Bill

------------------------------------------------------------------------------
Michael Ströder | 29 Oct 17:05 2014

Smartcard-HSM sleeping?

HI!

I'm testing the Smartcard-HSM with read "ACS ACR38U-CCID" and PKCS#11 with EJBCA.

Sometimes the USB token is not reachable from EJBCA anymore.
In this case "pkcs15-tool -D" also says "no readers". But the second
invocation of "pkcs15-tool -D" works as expected.

Seems that some component is going into sleep mode. But how to track which
one? Which sleep parameters should be tweaked?

Any experience of others here?

Ciao, Michael.

Attachment (smime.p7s): application/pkcs7-signature, 5750 bytes
------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
J.Witvliet | 28 Oct 12:54 2014
Picon

driver difference

Hi all,

 

A third party is enquiring about all sorts of software we are using.

Claiming they need to know, because of omnikey linux/drivers.

 

Perhaps I am mistaken, but afaicr those ifdokccid packages were only needed for the wireless chip,

Not for the contact/chip/readers. For those we use the generic drivers from the distro.

 

Smells like phising to me

 

Hans

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel

Gmane