Little patch for Starcos

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Little patch for Starcos

Tarasov Viktor
Hi,

there is a small patch that helps to generate the private key on iKey3000
using Mozilla.

I tested it with acl *=NONE for p15_isf DF in starcos profile.
Normally it can be restricted to WRITE=NONE.

Kind wishes,
Viktor.


--- ./opensc.trunk.orig/src/pkcs15init/pkcs15-starcos.c 2005-09-08 13:09:33.000000000 +0200
+++ ./opensc.trunk/src/pkcs15init/pkcs15-starcos.c 2005-09-08 17:57:08.000000000 +0200
@@ -728,6 +728,9 @@
  if (acl_entry->method  != SC_AC_NONE) {
  r = sc_pkcs15init_authenticate(profile, card, tfile, SC_AC_OP_WRITE);
  }
+ else   {
+ r = sc_select_file(card, &tfile->path, NULL);
+ }
  sc_file_free(tfile);
  if (r < 0)
  return r;

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Little patch for Starcos

Nils Larsch
Tarasov Viktor wrote:
> Hi,
>
> there is a small patch that helps to generate the private key on iKey3000
> using Mozilla.
>
> I tested it with acl *=NONE for p15_isf DF in starcos profile.
> Normally it can be restricted to WRITE=NONE.

ok, but I hope you know what you are doing when you set the
WRITE acl to NONE.

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Little patch for Starcos

Tarasov Viktor
Nils Larsch wrote:

> Tarasov Viktor wrote:
>
>> Hi,
>>
>> there is a small patch that helps to generate the private key on
>> iKey3000
>> using Mozilla.
>>
>> I tested it with acl *=NONE for p15_isf DF in starcos profile.
>> Normally it can be restricted to WRITE=NONE.
>
>
> ok, but I hope you know what you are doing when you set the
> WRITE acl to NONE.
>
Yes, I know.
It's not real application,
I need to make a little demonstration of using iKey with OpenSC and Mozilla.


If you have time, can you give me some insite into iKey-3000, please:

To generate private key, why the acl WRITE for DF is needed, and not
CREATE one?
The contents of the key file, can it be changed, after the key was
imported/generated?
Current OpenSC's starcos card profile, does it describe the objects
layout expected by SafeSign SDK in Windows?
This SDK (csp and pkcs11), does it also use the PKCS15?

> Nils

Kind wishes,
Viktor.

>
>

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Little patch for Starcos

Nils Larsch
Tarasov Viktor wrote:
...
> If you have time, can you give me some insite into iKey-3000, please:
>
> To generate private key, why the acl WRITE for DF is needed, and not
> CREATE one?

because the private key (and the pins as well) are stored in a file,

> The contents of the key file, can it be changed, after the key was
> imported/generated?

partially, some attributes cannot be changed once created, however the
key itself could be changed (if allowed in the key header)

> Current OpenSC's starcos card profile, does it describe the objects
> layout expected by SafeSign SDK in Windows?

no, I once tried to do it but the safesign profile makes some implicit
assumptions of the profile not described in the pkcs15 description files
(for example the short file identifier of some files).

> This SDK (csp and pkcs11), does it also use the PKCS15?

the newer safesign software should use pkcs15 (and hence opensc should
be able to read such cards).

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel