2006/11/23, Roberto Resoli <roberto.resoli gmail.com>:
> 2006/11/23, Andreas Jellinghaus <ajdungeon.inka.de>:
> > Hi Roberto,
> >
> > > Yes indeed Andreas, this would definetly
clarify things for newbies like
> > > me ...
> >
> > ok, I added text to the FAQ page. could you proof
read it for typo,
> > grammar and all that? does this help? any open
questions you would
> > like to see answered in the FAQ?
>
> Nice! It is ok, and for other questions i have only one
for the moment:
>
> what is the most reliable way to discover the version
of opensc SCB is
> built upon?
> for the moment i use opensc-explorer --help, which
reports a version number ...
>
> > > 1) I am working with Jan-Ole about doing
Windows logins using OpenSC
> > > and a CSP (open source if possible).
> > ah, that would be great!
>
> Yes, and a thing that is intriguing me is if this could
be possible
> eventually avoiding dealing with MS login certificates
and AD stuff,
> customizing the login process using pGina.
>
> > > I remember that someone already faced this,
reporting success here or
> > > on the developer list, and he should have
been made availble some code
> > > too. Have you more information about this?
> >
> > Well, I got the signed Csp-eleven 4.3 once working
with opensc, but
> > failed to get it working after compiling myself
(and getting it
> > signed by microsoft). Other people had some
success with the PKCSCSP
> > project.
>
> Yes! Many thanks, i had a look to:
> htt
p://www.opensc-project.org/files/pkcscsp/orig/
>
> >since development on both projects stopped a while
ago,
> > I asked around to get all the latest code and
patches and put those
> > into svn repositories on opensc-project.org, so it
isn't lost and
> > we can use it for futher development.
>
> good
>
> I've just installed CSP11 and successfully imported
certs from the
> card, but at the moment i have no way to test the CSP.
>
> > However I have little time and more important:
absolutely no clue about
> > debugging on windows, so there isn't much I can
help with right now.
> >
> > > 2) we tried the Miocos card with latest opesc
version (and SCB too),
> > > but miocos support in pkcs15-tool seems
broken, we had to downgrade
> > > to opesc 0.10.0 (or scb 0.5).
> >
> > hmm, can you check the lock_login parameter in
opensc.conf?
> > I had a similar problem with openssl and the
engine_pkcs11,
> > maybe it is the same issue. if it is commented out
or turned
> > off, please try what happends if you turn it on.
>
> thx, i will try and report the results
>
> > also "pkcs15-tool --dump" (or p15dump)
output of the card
>
> I forgot to mention, but the log I posted in my
previous message is
> the output of pkcs15-tool --dump
>
> > might be of help, and testing with
"pkcs11-tool --test"
>
> ============== TESTED with SCB 0.4
=======================
> E:PROGRA~1SMARTC~1>pkcs11-tool.exe --test --slot 0
-p <mypin>
> mandatory ASN.1 object 'tokenflags' not found
> asn1.c:1093:asn1_decode: returning with: Required ASN.1
object not found
> decoding of ASN.1 object 'TokenInfo' failed: Required
ASN.1 object not found
> ASN.1 parsing of EF(TokenInfo) failed: Required ASN.1
object not found
> C_SeedRandom() and C_GenerateRandom():
> not implemented
> Digests:
> all 4 digest functions seem to work
> MD5: OK
> SHA-1: OK
> RIPEMD160: OK
> Signatures (currently only RSA signatures)
> testing key 0 (authentication and encryption key)
> all 4 signature functions seem to work
> testing signature mechanisms:
> RSA-X-509: OK
> RSA-PKCS: OK
> SHA1-RSA-PKCS: OK
> MD5-RSA-PKCS: OK
> RIPEMD160-RSA-PKCS: OK
> Verify (currently only for RSA):
> testing key 0 (authentication and encryption key)
> RSA-X-509: OK
> RSA-PKCS: OK
> SHA1-RSA-PKCS: OK
> MD5-RSA-PKCS: OK
> RIPEMD160-RSA-PKCS: OK
> Key unwrap (RSA)
> testing key 0 (authentication and encryption key)
> DES-CBC: OK
> DES-EDE3-CBC: OK
> BF-CBC: OK
> CAST5-CFB: OK
> Decryption (RSA)
> testing key 0 (authentication and encryption key)
> RSA-X-509: OK
> RSA-PKCS: OK
> Testing card detection
> Please press return to continue, x to exit:
> Available slots:
> Slot 0 ACS ACR38U 0
> token label: (null) (basic PIN)
> token manuf: (unknown)
> token model: PKCS #15 SCard
> token flags: login required, PIN initialized, token
initialized
> serial num : (unknown)
> Slot 1 ACS ACR38U 0
> token label: (null) (signing PIN)
> token manuf: (unknown)
> token model: PKCS #15 SCard
> token flags: login required, PIN initialized, token
initialized
> serial num : (unknown)
> Slot 2 ACS ACR38U 0
> token label:
> token manuf: (unknown)
> token model: PKCS #15 SCard
> token flags: token initialized
> serial num : (unknown)
> Slot 3 ACS ACR38U 0
> token label:
> token manuf: (unknown)
> token model: PKCS #15 SCard
> token flags: token initialized
> serial num : (unknown)
> Slot 4 (empty)
> Slot 5 (empty)
> Slot 6 (empty)
> Slot 7 (empty)
> Please press return to continue, x to exit: x
> Testing card detection using C_WaitForSlotEvent
> Please press return to continue, x to exit: x
> No errors
> ==========================================
>
> > also also always helpful. maybe also log files
(debug 6
> > or higher)?
>
> I will try and report ...
>
> > but: I'm not the expert on all that, but I hope
they are
> > reading this too and will be able to help you.
> >
> > > Any hint?
> >
> > hmm, tokenflags. I think there was something about
those,
> > but right now I don't remember. Other developers
know all
> > that a lot better, so I hope they see our
discussion and can
> > help.
>
> Many thanks for all your help, Andreas! I'm quite
confident to arrive
> to some concrete results,
>
> Bye,
> Roberto.
>
> > Regards, Andreas
> >
>
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|