Quantcast

Call for review of the ePass2003 driver

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Call for review of the ePass2003 driver

Jean-Michel Pouré - GOOZE
Dear Friends,

Just a quick note that the ePass2003 is now available from GOOZE:
http://www.gooze.eu/epass-2003

As usual, we are happy to donate free tokens to OpenSC developers
willing to test the ePass 2003:
http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit

Some of you have already received free tokens.

To compile and test the ePass2003 driver:
$ git clone git://github.com/entersafe/OpenSC.git
$ cd OpenSC
$ git branch testing origin/epass2003
$ git checkout epass2003
$ ./bootstrap
$ make; make install

We would be happy to hear from you and integrate the epass2003 driver
into OpenSC core source code.

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Ludovic Rousseau
Hello,

Le 16 décembre 2011 18:35, Jean-Michel Pouré - GOOZE
<[hidden email]> a écrit :

> Dear Friends,
>
> Just a quick note that the ePass2003 is now available from GOOZE:
> http://www.gooze.eu/epass-2003
>
> As usual, we are happy to donate free tokens to OpenSC developers
> willing to test the ePass 2003:
> http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit
>
> Some of you have already received free tokens.
>
> To compile and test the ePass2003 driver:
> $ git clone git://github.com/entersafe/OpenSC.git
> $ cd OpenSC
> $ git branch testing origin/epass2003
> $ git checkout epass2003
> $ ./bootstrap
> $ make; make install
>
> We would be happy to hear from you and integrate the epass2003 driver
> into OpenSC core source code.

I made some comments on github for
https://github.com/entersafe/OpenSC/commit/34ee73614abcba3bb8aa8390706ca7b3c8fafd2d

Martin made a comment on
https://github.com/entersafe/OpenSC/commit/5097fcca69af534f7bd69a122186e909469fcda1

Read the comments and fix the issues.

Bye,

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Douglas E. Engert
In reply to this post by Jean-Michel Pouré - GOOZE


On 12/16/2011 11:35 AM, Jean-Michel Pouré - GOOZE wrote:

> Dear Friends,
>
> Just a quick note that the ePass2003 is now available from GOOZE:
> http://www.gooze.eu/epass-2003
>
> As usual, we are happy to donate free tokens to OpenSC developers
> willing to test the ePass 2003:
> http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit
>
> Some of you have already received free tokens.

Got it, thanks.

>
> To compile and test the ePass2003 driver:
> $ git clone git://github.com/entersafe/OpenSC.git
> $ cd OpenSC
> $ git branch testing origin/epass2003
> $ git checkout epass2003
> $ ./bootstrap
> $ make; make install
>
> We would be happy to hear from you and integrate the epass2003 driver
> into OpenSC core source code.

Since this is a hotplug device, is there a specific version of pcscd that is needed?

>
> Kind regards,
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Jean-Michel Pouré - GOOZE
Le vendredi 16 décembre 2011 à 14:41 -0600, Douglas E. Engert a écrit :
> Since this is a hotplug device, is there a specific version of pcscd
> that is needed?

pcscd with latest libccid work fine.

We are using :
* pcscd 1.8.1
* ccid 1.4.8

More detailed installation steps:
http://www.gooze.eu/howto/smartcard-quickstarter-guide/opensc-installation-under-gnu-linux

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Ludovic Rousseau
In reply to this post by Douglas E. Engert
2011/12/16 Douglas E. Engert <[hidden email]>:

>
>
> On 12/16/2011 11:35 AM, Jean-Michel Pouré - GOOZE wrote:
>> Dear Friends,
>>
>> Just a quick note that the ePass2003 is now available from GOOZE:
>> http://www.gooze.eu/epass-2003
>>
>> As usual, we are happy to donate free tokens to OpenSC developers
>> willing to test the ePass 2003:
>> http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit
>>
>> Some of you have already received free tokens.
>
> Got it, thanks.
>
>>
>> To compile and test the ePass2003 driver:
>> $ git clone git://github.com/entersafe/OpenSC.git
>> $ cd OpenSC
>> $ git branch testing origin/epass2003
>> $ git checkout epass2003
>> $ ./bootstrap
>> $ make; make install
>>
>> We would be happy to hear from you and integrate the epass2003 driver
>> into OpenSC core source code.
>
> Since this is a hotplug device, is there a specific version of pcscd that is needed?

You need to use the CCID driver version 1.4.3 or later.
See http://pcsclite.alioth.debian.org/ccid/supported.html#0x096E0x0807

Bye

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Douglas E. Engert
In reply to this post by Jean-Michel Pouré - GOOZE


On 12/16/2011 11:35 AM, Jean-Michel Pouré - GOOZE wrote:

> Dear Friends,
>
> Just a quick note that the ePass2003 is now available from GOOZE:
> http://www.gooze.eu/epass-2003
>
> As usual, we are happy to donate free tokens to OpenSC developers
> willing to test the ePass 2003:
> http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit
>
> Some of you have already received free tokens.
>
> To compile and test the ePass2003 driver:
> $ git clone git://github.com/entersafe/OpenSC.git
> $ cd OpenSC
> $ git branch testing origin/epass2003
> $ git checkout epass2003
> $ ./bootstrap
> $ make; make install
>
> We would be happy to hear from you and integrate the epass2003 driver
> into OpenSC core source code.

Using the epass2003 token you sent a few weeks ago, and the github
source with branch epass2003 and the documents on the CD,
I was able to build OpenSC on Solaris 10.

I generated a 2048 bit key, and used the OpenSSL engine to generate
a certificate request. I was then able to get our Windows enterprise
CA to sign the request, and then loaded the certificate on the token.

The token works with the pam_krb5 and MIT PKINIT Kerberos to logon
to the workstation using Windows AD as the KDC.

Next thing to try is the minidriver on Windows with smart card logon,
maybe after the holidays.

Since Solaris does not support libusb-1.0, I was able to use older
pcscd-1.6.1 and ccid-1.3.13 using the reader/supported_readers.txt
from ccid-1.4.5.

Looks good so far!

Thanks for the token to test with.


>
> Kind regards,
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Jean-Michel Pouré - GOOZE
We have new issues out there:
http://www.gooze.eu/forums/support/can-t-store-key-onto-epass2003-ssh-usage-problem#comment-356

My question to OpenSC list is:

to what extent is pkcs11-tool --login --test
--module /usr/lib/opensc-pkcs11.so relevant

The result is:
Using slot 1 with a present token (0x1)
Logging in to "François Pérou (User PIN)".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only RSA signatures)
testing key 0 (Private Key)
all 4 signature functions seem to work
testing signature mechanisms:
RSA-X-509: ERR: verification failed
RSA-PKCS: ERR: verification failed
SHA1-RSA-PKCS: ERR: verification failed
MD5-RSA-PKCS: ERR: verification failed
RIPEMD160-RSA-PKCS: ERR: verification failed
Verify (currently only for RSA):
testing key 0 (Private Key)
RSA-X-509: ERR: verification failed ERR: C_Verify() returned
CKR_SIGNATURE_INVALID (0xc0)
Unwrap: not implemented
Decryption (RSA)
testing key 0 (Private Key)
RSA-X-509: resulting cleartext doesn't match input
Original: 61 62 63 64 65 66 67 68 69 00
Decrypted: 00 a1 39 af 4f ba 95 9f cc ea 2e 7b c5 98 d6 83 ec d4 b3 99
fa ed 88 43 09 f3 a6 f5 b7 a1 22 18 54 7a 03 06 46 52 3f 9b 9f 05 74 3a
d1 d0 33 9a d6 de 0a 2b b3 bb e9 5d 08 17 9f fc b0 0a 47 0e f3 76 71 ca
eb d9 95 81 3e ad 84 83 dc 56 c0 04 8f 92 03 2e b5 d5 4a 09 e3 0b 14 0c
57 dc a1 de bd fa be b8 5f f2 45 92 71 f3 0d c2 01 5b 0d ca d2 9b 9f 94
47 d4 2d f7 f1 7f d9 98 19 3f 08 e1 f2 aa d1 25 e9 49 1c 02 88 0b 1a ed
90 ce 7e 60 00 2b c9 84 89 5b e8 02 40 6d 84 a7 31 ac e3 67 75 c3 e5 3c
1e 9f 45 5a ce d1 af 45 15 b1 37 cc c1 bd e7 72 72 7d 9c ff 48 37 c9 2d
ce 3c 27 46 f9 46 ee cc 64 75 db b9 23 5d f9 e2 94 bd c3 dd 18 ff c6 f5
d2 b0 3b 3d a8 01 61 06 81 c2 54 bb 1d 7f f1 6b 4e 0d 68 ad 30 a4 f4 c1
a7 bf ec 96 75 dc 27 42 e7 57 d5 06 6e 92 3c bf 86 32 c3 8c
error: PKCS11 function C_Decrypt failed: rv = CKR_GENERAL_ERROR (0x5)

Aborting.

Kind regards,
Jean-Michel

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Viktor Tarasov-3
In reply to this post by Jean-Michel Pouré - GOOZE
Hello Jean-Michel.

On Fri, Dec 16, 2011 at 6:35 PM, Jean-Michel Pouré - GOOZE <[hidden email]> wrote:
Dear Friends,

Just a quick note that the ePass2003 is now available from GOOZE:
http://www.gooze.eu/epass-2003
... 
We would be happy to hear from you and integrate the epass2003 driver
into OpenSC core source code.

I started the merge of ePass2003 support into my SM branche:
For a while I've tested it with opensc-explorer and with importing of PKCS#12.

I invite you to look into. Will you agree with the changes of SM API ?

There are still some cosmetic changes to be made, like using of short logs form, coding style, ...


Kind regards, 
--
                 Jean-Michel Pouré - Gooze - http://www.gooze.eu
Kind wishes,
Viktor.


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Call for review of the ePass2003 driver

Jean-Michel Pouré - GOOZE
Dear Viktor,

> I started the merge of ePass2003 support into my SM branche:
> https://github.com/viktorTarasov/OpenSC/tree/include-ePass2003 For a
> while I've tested it with opensc-explorer and with importing of
> PKCS#12.
Many thanks. I will test ASAP.

> I invite you to look into. Will you agree with the changes of SM API ?
> https://github.com/viktorTarasov/OpenSC/commit/1922e1bf38344f5e4491601a783047655c34faf7 https://github.com/viktorTarasov/OpenSC/commit/24776a365156a47e7754a3207334eb2a517d20e3 
Perfect.

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Loading...