-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
opensc-explorer
: look for known application identifiers with find
#77
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use make V=1 for the verbose mode (as used before)
Only set the APDU's data element for the APDU_CASE3_SHORT type; no need to do it for the APDU_CASE_1 type.
No need for response buffers for APDUs of the APDU_CASE_1 type. This should fix OpenSC Ticket OpenSC#299.
The output format of a hex dump has changed from: 668C045A 1C3A4EF4 CF8550F3 20926525 1E8BF478 to: 00000000 66 8C 04 5A 1C 3A 4E F4 CF 85 50 F3 20 92 65 25 f..Z.:N...P. .e% 00000010 1E 8B F4 78 ...x Is it now possible to find text strings inside a hex dump
…e same way do_generate_key has those accessflags This seems the right thing to do, when you look at the initial commit which added the flags in do_generate_key and the ticket http:https://www.opensc-project.org/opensc/ticket/198 Currently when storing a key, the accessflags are not set
Display the ASCII equivalent of a hex dump
* Print out warning when mlock fails, and continue. * The warning required a ctx to be passed in, so that means changing a few function signatures. https://www.opensc-project.org/opensc/ticket/389
* Setting paranoid-memory to true, and mlock() fails, then allocations which require non-pageable memory will return NULL
pkcs11-display.c(139) : error C2275: 'CK_BYTE' : illegal use of this type as an expression Signed-off-by: Viktor Tarasov <[email protected]>
Signed-off-by: Viktor Tarasov <[email protected]>
A change introduced in c0072d1 made the compilation fail: pkcs11-display.c:738:1: error: conflicting types for 'lookup_enum_spec' pkcs11-display.h:64:13: note: previous declaration of 'lookup_enum_spec' was here
Implements PC/SC interface to PACE-enabled readers defined in PC/SC pt. 10 AMD 1 and BSI TR-03119. PACE can be started using `sc_perform_pace`. This function currently calls the new `perform_pace` from `struct sc_reader_operations`, if the reader has the needed capabilities. `sc_perform_pace` could also be extended with a stand-alone implementation of PACE (code could be imported from here http:https://vsmartcard.sourceforge.net/npa/README.html). Note that the reader's PACE capabilities are correctly determined by calling GetReaderPACECapabilities. OpenSC's new PACE capabilities can be tested using the `npa-tool` from the Virtual Smart Card Architecture (see link above).
…cd6cbb59f4ebfbd577 Add possibility to execute PACE on the reader (tested with Reiner SCT RFID standard/komfort)
SC_READER_CAP_PACE has been renamed to SC_READER_CAP_PACE_GENERIC during patch discussion. Thanks to Viktor Tarasov for the bug report
Fix for Windows compilation
Replace sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ...) by sc_log(ctx, ...) as suggested by Viktor Tarasov
Agree, it's better to fix the key access flags at the general pkcs15init level.
iso7816 cleanups for staging
merge 'master' into 'staging'
http:https://www.opensc-project.org/pipermail/opensc-devel/2011-December/017490.html cherry-picked from 'libtool' branch of Alon Barlev's github project git:https://github.com/alonbl/OpenSC.git and rebased Remove libltdl: Remove ltld references (cherry picked from commit a350326) Remove libltdl: Detect libdl (cherry picked from commit 51e7de4) Remove libltdl: Use libscdl (cherry picked from commit 09f3ead) Remove libltdl: Cleanup libscdl (cherry picked from commit 52d5f1b) Remove libltdl: Cleanup libscdl usage at Microsoft VC build Untested, I don't have the environment, Martin, please test. (cherry picked from commit 7fb18f8) Change-Id: I73c98ccb9365584b12f4b0b97b69316a190b6e45
* document the UNBLOCK function * format the examples better, and explain what they do * extend the documentation for CD
CKA_ALWAYS_AUTHENTICATE implies CKU_CONTEXT_SPECIFIC login, but all this key really should need is a C_Login with CKU_USER. The historical reason for having CKA_ALWAYS_AUTHENTICATE set was to keep Firefox/NSS from using that particular key for SSL connections. However, starting with Firefox 8, NSS ignores Non Repudiation certificates for SSL and that makes the CKA_ALWAYS_AUTHENTICATE workaround unnecessary. Now that Firefox is fixed, drop the workaround in OpenSC so that applications that follow the pkcs11 spec wouldn't have to login twice to access the key.
The code to send the APDU to the piv card when using piv-tool -s xx:xx:xx... was inadvertently removed on 2011-04-26 02:29:53 by: 1cdb3fa APDU parsing: switch to Frank Morgner's implementation The missing code is replaced. The -s option is infrequently used, so the problem was not spotted earlier.
Correct the way to parse response data. Updated wrong blob for pubkey info <~~ Fix. OpenPGP: Store creation time after generating keys. OpenPGP: Put_data: Handle the case that DO exists but its blob does not. When checking DO before writing, relying on blobs only will miss the case that DO exists but its blob does not, when DO is non-readable. OpenPGP: Set algorithm attributes before generating key. OpenPGP: Add dependency of OpenSSL. OpenPGP: Calculate and store fingerprint. Calculate and store fingerprint after generating key. OpenPGP: Update blob of pubkey info. Update blob holding pubkey info after generating key. OpenPGP: Add step to update card algorithms. Update card algorithms after generating key. However, this step is not implemented yet, because of suspection about wrong data (see code comment).
openpgp-tool: PIN verfication support. openpgp-tool: Add notification in case of error. openpgp-tool: Add manual for key generation and PIN verification.
OpenPGP: Some indentations need to be tab-size-independent. OpenPGP: Check for null data when storing fingerprints. OpenPGP: Allow to provide creation time to store (when gen/import key). Old: Only store current time. New: Can provide time to store, not only calculate current time. OpenPGP: Correct setting content of pubkey blobs after key generation. cardctl: Add definitions to support key import in OpenPGP. OpenPGP: Add support for key import at driver level.
... used by OpenPGP driver
We need this function to use OpenPGP's specific action flow instead pkcs15init's default. This will help to avoid redundant steps which may make the overall process fail.
DELETE_OBJECT will be done before STORE_XXX.
OpenPGP: Don't really delete pubkeys blobs.
Example command: pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key quan-key.pem --auth-id 3 --verify-pin --extractable --id 3 pkcs15init-OpenPGP: Some parts in openpgp.profile are not used.
…kcs15init. OpenPGP: Update card algorithms after importing key. OpenPGP: Add SC_ALGORITHM_ONBOARD_KEY_GEN flag to card algorithms.
OpenPGP-pkcs15int: Add more debug log. OpenPGP-pkcs15init: Add more checks in key generation. Check for key ID. Set default key. Check for result of key generation from driver.
The card contains only 1 certificate, which can be used for encrypting. But this certificate is bound with authentication key, so when decrypting, the authentication key will be presented to check. This commit allows to bypass the check in driver. However, it is not enough. The users have to import the same key to "Encryption key" to help the card find right key to work. OpenPGP: Add log and comments. OpenPGP: Pretend to select dummy files. Some files are needed by pkcs15init, but not exist in OpenPGP card. We pretend to know these dummy files to make pkcs15init successful. Compilation error on windows: when declaring array use explicit size, add pkcs15-openpgp.obj in Makefile.mak
wrong branch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.