OpenSC 0.11.12 released, fixing an important regression

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OpenSC 0.11.12 released, fixing an important regression

Andreas Jellinghaus-2
OpenSC 0.11.12 Release Announcement

On 2009-12-18 OpenSC 0.11.12 was released, providing compatibility
with an ASN.1 Integer encoding issue in older OpenSC releases.

The problem

OpenSC 0.11.4 and earlier did not encode integers properly in ASN.1 structures
including the on-card format for directory files. This issue was was fixed
in OpenSC 0.11.5.  However in december 2009 it was discovered, that as a
result some cards initialized with OpenSC 0.11.4 and earlier will not properly
work with OpenSC 0.11.5 and later.

So far texting showed only problems with "Starcos" cards. The integers
keyReference and pinReference are read as negative numbers, instead
of the positive number (value+256) they should represent.

PKCS#15 dictates that both values need to be positive Integers if
specified in the directory files on the card. Thus code can automatically
detect the wrong (negative) values and fix the issue by adding 256.

In OpenSC 0.11.12 such code was implmeneted and successfully tested.
Starcos cards initialized with OpenSC 0.11.4 and earlier can now be used
with OpenSC 0.11.12 and later. Cards initialized with OpenSC 0.11.5 and later
continue to work fine.

Changes to the code were implemented to keep the ABI compatible with
earlier versions, so that applications using the internal OpenSC API
such as OpenSSH do not need to be recompiled.

Still the format on the Starcos cards initialited with OpenSC 0.11.4
continues to be wrong. If necessary a tool can be written to convert
such old cards, please report to the OpenSC mailing lists. Creating
or storing additional private keys and PIN objects will also update
the directory files and thus should writte the correct ASN.1 values
on the cards.

Please note however that feedback on testing cards was limited, thus
it can't be ruled out that other cards are affected by this issue too.
Please contact us using one of the OpenSC mailing list or out email
address [hidden email] if you find the same issue with further

Other changes

The Entersafe driver in OpenSC was enhanced so it does now support
private data objects.

OpenSC 0.11.12 is available at

Regards, Andreas Jellinghaus
opensc-announce mailing list
[hidden email]