OpenPGP card status?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenPGP card status?

Daniel Pocock


Hi,

I just had a look at this page:

https://www.opensc-project.org/opensc/wiki/SupportedHardware

and it has OpenPGP card below the `Unsupported' heading

Is that still the case?  There appears to be a lot of detail on the
OpenPGP page:
https://www.opensc-project.org/opensc/wiki/OpenPGP

Would it be possible to annotate the unsupported cards with some
comments to distinguish those that will never be supported from those
that are work-in-progress?

Looking at it from the other angle, the OpenSC FAQ took me to this page:
  https://sites.google.com/site/alonbarlev/gnupg-pkcs11

which has a very brief statement about "The GnuPG developers insist of
implementing smartcard support from scratch, what makes a low smartcard
variety" - for an outsider, it's not exactly clear what that means.

Is there any document the explains, at arm's length, the current state
of play with free-software related smart card technology and with some
practical comments about how people can mix-and-match all their
different use cases (e.g. ssh keys, gpg keys, X.509 certs for web/email,
VPN that use any of the above types of key, disk encryption, private
root CA key)?

Regards,

Daniel


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP card status?

Crypto Stick
Hi Daniel!
I just stumbled upon your unanswered post of June. Answer: OpenPGP Card
is fully supported by OpenSC.

Best regards
Jan

Am 17.06.2013 23:36, schrieb Daniel Pocock:

>
>
> Hi,
>
> I just had a look at this page:
>
> https://www.opensc-project.org/opensc/wiki/SupportedHardware
>
> and it has OpenPGP card below the `Unsupported' heading
>
> Is that still the case?  There appears to be a lot of detail on the
> OpenPGP page:
> https://www.opensc-project.org/opensc/wiki/OpenPGP
>
> Would it be possible to annotate the unsupported cards with some
> comments to distinguish those that will never be supported from those
> that are work-in-progress?
>
> Looking at it from the other angle, the OpenSC FAQ took me to this page:
>   https://sites.google.com/site/alonbarlev/gnupg-pkcs11
>
> which has a very brief statement about "The GnuPG developers insist of
> implementing smartcard support from scratch, what makes a low smartcard
> variety" - for an outsider, it's not exactly clear what that means.
>
> Is there any document the explains, at arm's length, the current state
> of play with free-software related smart card technology and with some
> practical comments about how people can mix-and-match all their
> different use cases (e.g. ssh keys, gpg keys, X.509 certs for web/email,
> VPN that use any of the above types of key, disk encryption, private
> root CA key)?
>
> Regards,
>
> Daniel
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP card status?

Nikos Mavrogiannopoulos
On Wed, 2013-09-25 at 00:15 +0200, Crypto Stick wrote:
> Hi Daniel!
> I just stumbled upon your unanswered post of June. Answer: OpenPGP Card
> is fully supported by OpenSC.

Hello,
 Sorry for reviving this old thread, but I noticed that this card fails
when used with CardMan 3121 card reader (log is at [0] for the
interested). I guess that this is an issue of the reader (I remember I
had issues with others cards as well), however, the question is where to
write that issue on the wiki. Should it be on the OpenPGP-card page or
in a special page about the reader?

regards,
Nikos

[0]. http://pastebin.com/twiuSMKP



------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP card status?

Ludovic Rousseau
2013/12/22 Nikos Mavrogiannopoulos <[hidden email]>:

> On Wed, 2013-09-25 at 00:15 +0200, Crypto Stick wrote:
>> Hi Daniel!
>> I just stumbled upon your unanswered post of June. Answer: OpenPGP Card
>> is fully supported by OpenSC.
>
> Hello,
>  Sorry for reviving this old thread, but I noticed that this card fails
> when used with CardMan 3121 card reader (log is at [0] for the
> interested). I guess that this is an issue of the reader (I remember I
> had issues with others cards as well), however, the question is where to
> write that issue on the wiki. Should it be on the OpenPGP-card page or
> in a special page about the reader?

It looks like you get PC/SC error for a yet unknown reason (at line 355).

0x7fee27c67740 12:24:08.487 [opensc-pkcs11]
reader-pcsc.c:256:pcsc_transmit: unable to transmit

You should also generate pcscd logs. See
http://pcsclite.alioth.debian.org/pcsclite.html#support

Bye

> [0]. http://pastebin.com/twiuSMKP

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP card status?

Nikos Mavrogiannopoulos
On Sun, 2013-12-22 at 13:14 +0100, Ludovic Rousseau wrote:

> > Hello,
> >  Sorry for reviving this old thread, but I noticed that this card fails
> > when used with CardMan 3121 card reader (log is at [0] for the
> > interested). I guess that this is an issue of the reader (I remember I
> > had issues with others cards as well), however, the question is where to
> > write that issue on the wiki. Should it be on the OpenPGP-card page or
> > in a special page about the reader?
> It looks like you get PC/SC error for a yet unknown reason (at line 355).
>
> 0x7fee27c67740 12:24:08.487 [opensc-pkcs11]
> reader-pcsc.c:256:pcsc_transmit: unable to transmit
>
> You should also generate pcscd logs. See
> http://pcsclite.alioth.debian.org/pcsclite.html#support

I've put the pcscd log at:
http://pastebin.com/AgT0R8mv

regards,
Nikos



------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenPGP card status?

Ludovic Rousseau
2013/12/22 Nikos Mavrogiannopoulos <[hidden email]>:

> On Sun, 2013-12-22 at 13:14 +0100, Ludovic Rousseau wrote:
>
>> > Hello,
>> >  Sorry for reviving this old thread, but I noticed that this card fails
>> > when used with CardMan 3121 card reader (log is at [0] for the
>> > interested). I guess that this is an issue of the reader (I remember I
>> > had issues with others cards as well), however, the question is where to
>> > write that issue on the wiki. Should it be on the OpenPGP-card page or
>> > in a special page about the reader?
>> It looks like you get PC/SC error for a yet unknown reason (at line 355).
>>
>> 0x7fee27c67740 12:24:08.487 [opensc-pkcs11]
>> reader-pcsc.c:256:pcsc_transmit: unable to transmit
>>
>> You should also generate pcscd logs. See
>> http://pcsclite.alioth.debian.org/pcsclite.html#support
>
> I've put the pcscd log at:
> http://pastebin.com/AgT0R8mv

Your reader made the first APDU exchange correctly and then failed with:

0000004 APDU: 00 CA 5F 52 00 08 00
00000017 ifdhandler.c:1265:IFDHTransmitToICC()
usb:076b/3021:libudev:0:/dev/bus/usb/003/009 (lun: 0)
00000002 commands.c:1639:CmdXfrBlockTPDU_T0() T=0: 7 bytes
00000005 -> 000000 6F 07 00 00 00 00 0F 00 00 00 00 CA 5F 52 00 08 00
00000544 <- 000000 80 00 00 00 00 00 0F 40 F6 00
00000008 commands.c:1407:CCID_Receive Protocol not supported
00000003 SW:
00000003 ifdwrapper.c:527:IFDTransmit() Card not transacted: 612
00000003 winscard.c:1612:SCardTransmit() Card not transacted: 0x80100016

The reader reported the error "Protocol not supported". I have no idea why.

I think your reader is bogus and should be replaced.

Bye

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel