Question about OpenSC

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about OpenSC

David Sills

To whom it may concern:

 

This is apparently not a mailing list for users, but I am a (potential) user with many questions. Is there a mailing list for me?

 

I have successfully (more or less) got OpenSC working on my Windows 7 machine with a Dell Smart Card Reader Keyboard and pkcs11-tool seems to be able to detect keys (and thus certificates, I assume) on the card, but when I go through the Sun API (SunPKCS11) I get no aliases in the Keystore I generate, which makes it, of course, impossible to get at the data. (What I really want to know is, is the certificate expired?) Is this a common occurrence, and has anyone any kind of solution for it?

 

Please redirect me if I am in the wrong list. Many thanks for your work in creating OpenSC.

 

Thanks!

 

David

 


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about OpenSC

Jaroslav Imrich
Hello David,

seems like your primary problem is behaviour of SunPKCS11 provider so IMO you should take a look at "Java PKCS#11 Reference Guide" [0] which describes in detail how this provider operates. I remember that values of CKA_LABEL and CKA_ID attributes were very important and that SunPKCS11 provider didn't "show" private key which were not associated with the certificate.

[0] http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html

Kind Regards / S pozdravom

Jaroslav Imrich
http://www.jimrich.sk
[hidden email]


On Mon, Jan 18, 2016 at 3:40 PM, David Sills <[hidden email]> wrote:

To whom it may concern:

 

This is apparently not a mailing list for users, but I am a (potential) user with many questions. Is there a mailing list for me?

 

I have successfully (more or less) got OpenSC working on my Windows 7 machine with a Dell Smart Card Reader Keyboard and pkcs11-tool seems to be able to detect keys (and thus certificates, I assume) on the card, but when I go through the Sun API (SunPKCS11) I get no aliases in the Keystore I generate, which makes it, of course, impossible to get at the data. (What I really want to know is, is the certificate expired?) Is this a common occurrence, and has anyone any kind of solution for it?

 

Please redirect me if I am in the wrong list. Many thanks for your work in creating OpenSC.

 

Thanks!

 

David

 


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about OpenSC

Frank Morgner
In reply to this post by David Sills
To extract the certificate, you could try something like
https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM#store-certificates-and-data

On Monday, January 18 at 02:40PM, David Sills wrote:

> To whom it may concern:
>
> This is apparently not a mailing list for users, but I am a (potential) user with many questions. Is there a mailing list for me?
>
> I have successfully (more or less) got OpenSC working on my Windows 7 machine with a Dell Smart Card Reader Keyboard and pkcs11-tool seems to be able to detect keys (and thus certificates, I assume) on the card, but when I go through the Sun API (SunPKCS11) I get no aliases in the Keystore I generate, which makes it, of course, impossible to get at the data. (What I really want to know is, is the certificate expired?) Is this a common occurrence, and has anyone any kind of solution for it?
>
> Please redirect me if I am in the wrong list. Many thanks for your work in creating OpenSC.
>
> Thanks!
>
> David
>

> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel

--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

attachment0 (985 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

FW: Question about OpenSC

David Sills
In reply to this post by Jaroslav Imrich

I emailed this by mistake to the wrong address, I think.

 

From: David Sills
Sent: Monday, January 18, 2016 10:22 AM
To: 'Jaroslav Imrich'
Subject: RE: [Opensc-devel] Question about OpenSC

 

Jaroslav:

 

Thanks so much for your prompt reply. I pretty much started there. Of course, the Sun class is just a wrapper around a native provider (in my case, the OpenSC provider), so I was hoping to get some useful tips. However, perhaps there are not developers who have made this work.

 

We have a client who wants to “smart-card-enable” their application. Essentially, they want to identify the user from the smart card (not something I immediately see how to do, either from Sun or OpenSC) and find whether or not their certificate (and the question of “which certificate?” is a valid one) is valid, possibly checking whether their PIN is correctly entered. That would substitute for their logging on to the application with a username and password.

 

I know of no application that actually does this, so I am skeptical, but that is my charge for the moment.

 

Thanks for trying to help!

 

David

 

From: Jaroslav Imrich [[hidden email]]
Sent: Monday, January 18, 2016 10:14 AM
To: David Sills
Cc: [hidden email]
Subject: Re: [Opensc-devel] Question about OpenSC

 

Hello David,

seems like your primary problem is behaviour of SunPKCS11 provider so IMO you should take a look at "Java PKCS#11 Reference Guide" [0] which describes in detail how this provider operates. I remember that values of CKA_LABEL and CKA_ID attributes were very important and that SunPKCS11 provider didn't "show" private key which were not associated with the certificate.

[0] http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html


Kind Regards / S pozdravom

Jaroslav Imrich
http://www.jimrich.sk
[hidden email]

 

On Mon, Jan 18, 2016 at 3:40 PM, David Sills <[hidden email]> wrote:

To whom it may concern:

 

This is apparently not a mailing list for users, but I am a (potential) user with many questions. Is there a mailing list for me?

 

I have successfully (more or less) got OpenSC working on my Windows 7 machine with a Dell Smart Card Reader Keyboard and pkcs11-tool seems to be able to detect keys (and thus certificates, I assume) on the card, but when I go through the Sun API (SunPKCS11) I get no aliases in the Keystore I generate, which makes it, of course, impossible to get at the data. (What I really want to know is, is the certificate expired?) Is this a common occurrence, and has anyone any kind of solution for it?

 

Please redirect me if I am in the wrong list. Many thanks for your work in creating OpenSC.

 

Thanks!

 

David

 


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

 


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel