Anders Rundgren | 29 May 21:25 2015
Picon

Google's secure micro-SD

http://www.cnet.com/news/googles-project-vault-is-a-security-chip-disguised-as-an-micro-sd-card/

This is a pretty strange thing since both ARM and Intel offer built-in security solutions in the CPU itself.

Anders

------------------------------------------------------------------------------
Dirk-Willem van Gulik | 27 May 09:13 2015

Fwd: [Bug 2240] Secure PIN entry for smartcards through the keypad on the reader (patch)

For those caring about PIN pad readers and OpenSSH; one less patch to apply once ssh 6.9 makes it into the various distributions.

Dw.

Begin forwarded message:

Subject: [Bug 2240] Secure PIN entry for smartcards through the keypad on the reader (patch)
Date: 27 May 2015 07:44:08 CEST

https://bugzilla.mindrot.org/show_bug.cgi?id=2240

Damien Miller <djm <at> mindrot.org> changed:

          What    |Removed                     |Added
----------------------------------------------------------------------------
        Resolution|---                         |FIXED
            Status|NEW                         |RESOLVED

--- Comment #5 from Damien Miller <djm <at> mindrot.org> ---
This has been committed and will be in openssh-6.9. The final patch is:

https://anongit.mindrot.org/openssh.git/patch/?id=a71ba58adf34e599f30cdda6e9b93ae6e3937eea

--
You are receiving this mail because:
You reported the bug.


From a71ba58adf34e599f30cdda6e9b93ae6e3937eea Mon Sep 17 00:00:00 2001 From: "djm <at> openbsd.org" <djm <at> openbsd.org> Date: Wed, 27 May 2015 05:15:02 +0000 Subject: upstream commit support PKCS#11 devices with external PIN entry devices bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker <at> Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d --- ssh-pkcs11.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index f4971ad..e074175 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c <at> <at> -1,4 +1,4 <at> <at> -/* $OpenBSD: ssh-pkcs11.c,v 1.18 2015/04/24 01:36:01 deraadt Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.19 2015/05/27 05:15:02 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * <at> <at> -237,7 +237,7 <at> <at> pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, {CKA_ID, NULL, 0}, {CKA_SIGN, NULL, sizeof(true_val) } }; - char *pin, prompt[1024]; + char *pin = NULL, prompt[1024]; int rval = -1; key_filter[0].pValue = &private_key_class; <at> <at> -255,22 +255,30 <at> <at> pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, si = &k11->provider->slotinfo[k11->slotidx]; if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { if (!pkcs11_interactive) { - error("need pin"); + error("need pin entry%s", (si->token.flags & + CKF_PROTECTED_AUTHENTICATION_PATH) ? + " on reader keypad" : ""); return (-1); } - snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", - si->token.label); - pin = read_passphrase(prompt, RP_ALLOW_EOF); - if (pin == NULL) - return (-1); /* bail out */ - rv = f->C_Login(si->session, CKU_USER, - (u_char *)pin, strlen(pin)); - if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { + if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) + verbose("Deferring PIN entry to reader keypad."); + else { + snprintf(prompt, sizeof(prompt), + "Enter PIN for '%s': ", si->token.label); + pin = read_passphrase(prompt, RP_ALLOW_EOF); + if (pin == NULL) + return (-1); /* bail out */ + } + rv = f->C_Login(si->session, CKU_USER, (u_char *)pin, + (pin != NULL) ? strlen(pin) : 0); + if (pin != NULL) { + explicit_bzero(pin, strlen(pin)); free(pin); + } + if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { error("C_Login failed: %lu", rv); return (-1); } - free(pin); si->logged_in = 1; } key_filter[1].pValue = k11->keyid; -- -- cgit v0.11.2

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Orc Erc | 27 May 00:03 2015
Picon

fips compliant openssl

Hi All, 

I am trying to compile openssl fips compliant.

I have compiled openssl-fips-2.0.1 with;
./config
make
make install

The fipscanister.o, fipscanister.o.sha1, fips_premain.c, fips_premain.c.sha1 files are created in the folder /usr/local/ssl/fips-2.0/lib.

After that i compiled openssl-1.0.1c with;

./config fips shared
make depend
make
make install

The libcrypto.so.1.0.0, libcrypto.so, libssl.so.1.0.0, libssl.so files are copied to /usr/local/ssl/lib folder. 

I have referenced that crypto library and make my program with:

g++ -L/usr/local/ssl/lib -o "OKC"  ./src/libp11/libpkcs11.o ./src/libp11/p11_attr.o ./src/libp11/p11_cert.o .. .. .. . . .   -lssl -lcrypto -lpcsclite -ldl

When i call "FIPS_mode_set(1);" function, i am getting that error:

error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported

But when i checked the version of openssl it gives:

./openssl version
OpenSSL 1.0.1c-fips 10 May 2012


Also when i checked the fips compliant libraries it gives that list:

./openssl ciphers FIPS -v

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) Mac=AEAD
ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  Mac=SHA256
ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1


 I have tried with different version openssl and fips; but i could not succedded. Is there anythink that i can try?

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Fabian Leiros Carrera | 26 May 14:01 2015

Oberthur Cosmo v7.0-n card support

Hello everyone,

I'm trying to make OpenSC work with different models of Oberthur smartcards:

- Cosmo64 RSA v5.2 (applet: 2.17)
- Cosmo v7.0-n (applet: 2.17)

Up until now I only have been able to make the first card model work with OpenSC 0.14.0.

After reading this https://github.com/OpenSC/OpenSC/wiki/Oberthur-AuthentIC-applet-v2.2 I
assumed that Cosmo v7.0-n model is not supported, but I am not quite sure.

Could anyone confirm if Cosmo v7.0-n model is supported by OpenSC please?

If no, what would need to be done in order to support it?

If it is supported, I am detailing at the end of the email how I am installing and setting up OpenSC. What am I
doing wrong?

Thank you so much for your help.
Best regards
Fabián

------------------------------------------------------------------------------------------------------------------

- Install both x86 and x64 versions of OpenSC on a Windows 7 x64 computer
- Add a new entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\" for
Cosmo64 RSA v5.2 including its ATR:

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthenticV5]
        "80000001"="opensc-minidriver.dll"
        "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
        "ATR"=hex:3b,7d,18,00,00,00,31,80,71,8e,64,77,e3,01,00,82,90,00
        "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
        "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"

- Add the same entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\"
- Restart "Certificate Propagation" service.

- Plug-in the Cosmo64 RSA v5.2:
        - the certificate will be imported correctly to Windows certificate store.
        - "opensc-tool.exe -n" will return the name of the card correctly
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                AuthentIC v5

        -  "opensc-tool.exe -a" returns the card's ATR
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:7d:18:00:00:00:31:80:71:8e:64:77:e3:01:00:82:90:00

        - "pkcs15-tool.exe -c" will output information about my certificate

- So far, so good, so now I add two new Registry entries, on both x86 and x64 hives, for the Cosmo v7.0-n card:

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthentIC v7]
        "80000001"="opensc-minidriver.dll"
        "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
        "ATR"=hex:3b,5b,96,00,00,31,c0,64,ba,fc,10,00,0f,90,00
        ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
        "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"

- Now I plug in the Cosmo v7.0-n card and:
        - the certificate is not imported to Windows certificate store.
        -"opensc-tool -n" returns " Unsupported card"
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Unsupported card

        - "opensc-tool.exe -a" returns the card's ATR
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00

        - "pkcs15-tool.exe -c" also returns an error:
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: Card is invalid or cannot be handled

- "opensc-tool.exe --list-drivers " shows two Oberthur drivers:
        oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
        authentic        Oberthur AuthentIC v3.1

- I add a new "atr" entry on "opensc.conf" at "Program Files" and "Program Files (x86)" folders:

        # Oberthur's AuthentIC v7
        card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
                                type = 11100;
                                driver = "authentic";
                                name = "AuthentIC v7";
                }

- Plug in the Cosmo v7.0-n card and:
        -"opensc-tool -n" changes its output:
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

        - Same thing with "opensc-tool.exe -a":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

        - And with "pkcs15-tool.exe -c":
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

- Now I change the "atr" entries on "opensc.conf" files to:

        # Oberthur's AuthentIC v7
        card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
                                type = 11100;
                                driver = "oberthur";
                                name = "AuthentIC v7";
                }

- And I get this outputs with Cosmo v7.0-n card plugged in:
        -"opensc-tool -n":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                AuthentIC v5

        -"opensc-tool -a":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00

        - "pkcs15-tool.exe -c":
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                PKCS#15 binding failed: Unsupported card

________________________________

AVISO DE CONFIDENCIALIDAD.
Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida
exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que
contiene información confidencial cuyo uso, copia, reproducción o distribución está
expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos
lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de
ningún modo.

CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended
exclusively for the addressee. everis informs to whom it may receive it in error that it contains
privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an
intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print,
disclose, copy, retain or redistribute any portion of this E-mail.

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
Douglas E Engert | 25 May 16:07 2015
Picon

Libp11, engine_pkcs11 and OpenSC-0.15.0

Now that OpenSC-0.15.0 is releases, is it time for updated releases of libp11 and engine_pkcs11?

libp11 and engine_pkcs11 have a number of fixes, URI support and ECDSA support.
ECDSA support works with OpenSSL-1.0.2.

--

-- 

  Douglas E. Engert  <DEEngert <at> gmail.com>

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
Picon

Modify PAM-AUTHTOK for next modules

Hi guys,

I am working to make login authentication using smart card over an ldap server. My company ask me to use only smart card PIN do do all the work. In other words I have to do groups.so and mount.so (need ldap password) and this password is cryptpassword field in ldap server.=20

So I have read all pkcs11 and PAM documentation and do not discovery how to do that. I think the only way to do the work is modify pam-pkcs11 to make it change PAM-AUTHTOK doing a search in ldap server.

I would like hear your opinion for this subject. Thank you in advantage.

--
“Se você quer ir rápido, vá sozinho. Se quer ir longe, vá acompanhado." (provérbio africano)
--------------------------------------------------------------------------------
Emmanuel Ferro
SERPRO - Escritório São Luís
SUPOP/OPFLA/OPSLS
Comitê Regional de Software Livre
--------------------------------------------------------------------------------


-


"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."

"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
David Karam | 20 May 00:24 2015
Picon

CAC and PIV support

Hello, we wish to use OpenSC in an application that should support CAC and PIV cards.

From the supported cards page for OpenSC I can only see PIV, but am confused what the difference between them is. CAC seems to be for military personnel while PIV is for the wider civilian gov population. Also CAC seems to be PIV-compliant but am not sure if that means OpenSC can read that.

So am a bit confused here and was hoping someone with more experience on the subject can clear this up!


Thanks,
David
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Picon

pksc11 messages in other language

Hi, I've translated pkcs11 messages to brazilian portuguese but it appears only on unblock screen and never on login screen (ligthdm). What's wrong?

--
--
“Se você quer ir rápido, vá sozinho. Se quer ir longe, vá acompanhado." (provérbio africano)
--------------------------------------------------------------------------------
Emmanuel Ferro
SERPRO - Escritório São Luís
SUPOP/OPFLA/OPSLS
Comitê Regional de Software Livre
--------------------------------------------------------------------------------


-


"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."

"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Sanaullah | 14 May 14:18 2015
Picon

Smartcard HSM USB token ssh-add issue on Mac Leopard

Hi,

I am trying to configure the Smardcard HSM USB token for Mac 10.6.8 Leopard. I am facing issue when trying to add the token using ssh-add

I run the ssh-agen in debug mod.

sh-3.2# eval 'ssh-agent -d'
SSH_AUTH_SOCK=/tmp/ssh-AAUNUBmuQtRI/agent.1830; export SSH_AUTH_SOCK;
echo Agent pid 1830;


 san$ ssh-add -s /usr/lib/opensc-pkcs11.so
Enter passphrase for PKCS#11:
SSH_AGENT_FAILURE
Could not add card: /usr/lib/opensc-pkcs11.so

I haven't seen anything in the logs of ssh-agent. I am using opensc-0.13 and openssh 5.9p1

sh-3.2# opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             SCM SCR 355 00 00

the issue seems to looks the same which reported previously https://github.com/OpenSC/OpenSC/issues/354

Any suggestion?

The same token is working fine in Ubunu 14.04

Regards,
Sanaullah

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Douglas E Engert | 13 May 02:58 2015
Picon

Travis-ci problems?


https://travis-ci.org/OpenSC/OpenSC/jobs/62309767

No output has been received in the last ... minutes, this potentially indicates a stalled build or
something wrong with the build itself.

The build has been terminated

--

-- 

  Douglas E. Engert  <DEEngert <at> gmail.com>

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
Vincent Le Toux | 10 May 20:48 2015

iso7816_process_fci: getting the size of the file

Hi,

I've a question about how the file size is retrieved.
It is implemented in iso7816.c: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/iso7816.c#L362-373

I'm not a DER expert that's why I'm asking.

Is a size encoded with the attribute 0x80 with 4 bytes valid ?
How can I find the difference between 0x81 & 0x80 ?

I get a card with both 0x80 (4 bytes) and 0x81 (2 bytes) tags.
If a 4 bytes is valid, I'd like to propose a patch to the iso7816.c file to handle it.

regards,
--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel

Gmane