Question about struct sc_pkcs15_id

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about struct sc_pkcs15_id

evalues evalues
Hello,

how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the number 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is converted to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted something bad or if really exist this error in opensc.

Thank you.

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

Douglas E. Engert


On 3/5/2012 10:45 AM, evalues evalues wrote:
> Hello,
>
> how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the number
> 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is converted
> to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
> something bad or if really exist this error in opensc.

You did not say how you were providing 55.555.555

It looks like the routine you are using is only looking at hex
digits and ignoring the "."s, and the fact that 1.000.000 has an
odd number of digits.

One place where it is created is in src/tools/pkcs15-tool.c:
   sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)

sc_pkcs15_id has an octet string and a length.
(The octet string could be printable.)

So depending on the tool you are trying to use, you can
pass in the hex characters, and let it convert it,

31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
or if you are writing your own code, copy the
asci characters and set the length.

>
> Thank you.
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

evalues evalues
Hello, you are right, I have not explained well the problem, sorry.

I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and third certificate have the id 10000000. I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the ids 1000000 and 10000000. I use %lu for print this values. Is there a function sc_pkcs15_id_to_hex_string?

Thank you.

On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email]> wrote:


On 3/5/2012 10:45 AM, evalues evalues wrote:
> Hello,
>
> how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the number
> 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is converted
> to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
> something bad or if really exist this error in opensc.

You did not say how you were providing 55.555.555

It looks like the routine you are using is only looking at hex
digits and ignoring the "."s, and the fact that 1.000.000 has an
odd number of digits.

One place where it is created is in src/tools/pkcs15-tool.c:
  sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)

sc_pkcs15_id has an octet string and a length.
(The octet string could be printable.)

So depending on the tool you are trying to use, you can
pass in the hex characters, and let it convert it,

31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
or if you are writing your own code, copy the
asci characters and set the length.

>
> Thank you.
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444">(630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

Douglas E. Engert


On 3/7/2012 7:05 AM, evalues evalues wrote:
> Hello, you are right, I have not explained well the problem, sorry.
>
> I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and
> third certificate have the id 10000000.  I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the
> ids 1000000 and 10000000. I use %lu for print this values.

Will not work. the ID may be up to 255 bytes long.
You have to treat it as as an array of unsigned char.
the endian of the machine would also effect the output
if you tried to use %lu.

  Is there a function sc_pkcs15_id_to_hex_string?

  sc_pkcs15_print_id

Look at tools/pkcs15-tool.c in the print_cert_info routine.

>
> Thank you.
>
> On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>
>
>     On 3/5/2012 10:45 AM, evalues evalues wrote:
>      > Hello,
>      >
>      > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the
>     number
>      > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is
>     converted
>      > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
>      > something bad or if really exist this error in opensc.
>
>     You did not say how you were providing 55.555.555
>
>     It looks like the routine you are using is only looking at hex
>     digits and ignoring the "."s, and the fact that 1.000.000 has an
>     odd number of digits.
>
>     One place where it is created is in src/tools/pkcs15-tool.c:
>        sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)
>
>     sc_pkcs15_id has an octet string and a length.
>     (The octet string could be printable.)
>
>     So depending on the tool you are trying to use, you can
>     pass in the hex characters, and let it convert it,
>
>     31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
>     31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
>     or if you are writing your own code, copy the
>     asci characters and set the length.
>
>      >
>      > Thank you.
>      >
>      >
>      > _______________________________________________
>      > opensc-devel mailing list
>      > [hidden email] <mailto:[hidden email]>
>      > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>     --
>
>       Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>       Argonne National Laboratory
>       9700 South Cass Avenue
>       Argonne, Illinois  60439
>     (630) 252-5444 <tel:%28630%29%20252-5444>
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

evalues evalues
Hello,

I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 with the second certificate. When I try to add the second certificate I obtain that there is a certificate with the same id within the smartcard.

Thank you.

On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email]> wrote:


On 3/7/2012 7:05 AM, evalues evalues wrote:
Hello, you are right, I have not explained well the problem, sorry.

I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and
third certificate have the id 10000000.  I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the
ids 1000000 and 10000000. I use %lu for print this values.

Will not work. the ID may be up to 255 bytes long.
You have to treat it as as an array of unsigned char.
the endian of the machine would also effect the output
if you tried to use %lu.


 Is there a function sc_pkcs15_id_to_hex_string?

 sc_pkcs15_print_id

Look at tools/pkcs15-tool.c in the print_cert_info routine.


Thank you.


On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:



   On 3/5/2012 10:45 AM, evalues evalues wrote:
    > Hello,
    >
    > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the
   number
    > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is
   converted
    > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
    > something bad or if really exist this error in opensc.

   You did not say how you were providing 55.555.555

   It looks like the routine you are using is only looking at hex
   digits and ignoring the "."s, and the fact that 1.000.000 has an
   odd number of digits.

   One place where it is created is in src/tools/pkcs15-tool.c:
      sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)

   sc_pkcs15_id has an octet string and a length.
   (The octet string could be printable.)

   So depending on the tool you are trying to use, you can
   pass in the hex characters, and let it convert it,

   31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
   31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
   or if you are writing your own code, copy the
   asci characters and set the length.

    >
    > Thank you.
    >
    >
    > _______________________________________________
    > opensc-devel mailing list
    > [hidden email] <mailto:[hidden email]>
    > http://www.opensc-project.org/mailman/listinfo/opensc-devel

   --

     Douglas E. Engert <[hidden email] <mailto:[hidden email]>>

     Argonne National Laboratory
     9700 South Cass Avenue
     Argonne, Illinois  60439
   <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444 <tel:%28630%29%20252-5444>
   _______________________________________________
   opensc-devel mailing list
   [hidden email] <mailto:[hidden email]>
   http://www.opensc-project.org/mailman/listinfo/opensc-devel



--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

evalues evalues
Sorry, the id that I use for the second certificate is 10000000

Thank you.

On Fri, Mar 9, 2012 at 4:51 PM, evalues evalues <[hidden email]> wrote:
Hello,

I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 with the second certificate. When I try to add the second certificate I obtain that there is a certificate with the same id within the smartcard.

Thank you.

On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email]> wrote:


On 3/7/2012 7:05 AM, evalues evalues wrote:
Hello, you are right, I have not explained well the problem, sorry.

I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and
third certificate have the id 10000000.  I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the
ids 1000000 and 10000000. I use %lu for print this values.

Will not work. the ID may be up to 255 bytes long.
You have to treat it as as an array of unsigned char.
the endian of the machine would also effect the output
if you tried to use %lu.


 Is there a function sc_pkcs15_id_to_hex_string?

 sc_pkcs15_print_id

Look at tools/pkcs15-tool.c in the print_cert_info routine.


Thank you.


On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:



   On 3/5/2012 10:45 AM, evalues evalues wrote:
    > Hello,
    >
    > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the
   number
    > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is
   converted
    > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
    > something bad or if really exist this error in opensc.

   You did not say how you were providing 55.555.555

   It looks like the routine you are using is only looking at hex
   digits and ignoring the "."s, and the fact that 1.000.000 has an
   odd number of digits.

   One place where it is created is in src/tools/pkcs15-tool.c:
      sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)

   sc_pkcs15_id has an octet string and a length.
   (The octet string could be printable.)

   So depending on the tool you are trying to use, you can
   pass in the hex characters, and let it convert it,

   31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
   31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
   or if you are writing your own code, copy the
   asci characters and set the length.

    >
    > Thank you.
    >
    >
    > _______________________________________________
    > opensc-devel mailing list
    > [hidden email] <mailto:[hidden email]>
    > http://www.opensc-project.org/mailman/listinfo/opensc-devel

   --

     Douglas E. Engert <[hidden email] <mailto:[hidden email]>>

     Argonne National Laboratory
     9700 South Cass Avenue
     Argonne, Illinois  60439
   <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444 <tel:%28630%29%20252-5444>
   _______________________________________________
   opensc-devel mailing list
   [hidden email] <mailto:[hidden email]>
   http://www.opensc-project.org/mailman/listinfo/opensc-devel



--

 Douglas E. Engert  <[hidden email]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 <a href="tel:%28630%29%20252-5444" value="+16302525444" target="_blank">(630) 252-5444



_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

Douglas E. Engert
In reply to this post by evalues evalues
Someone else needs to answer this, as I don't use pkcs15-init for the cards
I am familiar with.

On 3/9/2012 9:51 AM, evalues evalues wrote:

> Hello,
>
> I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000
> with the second certificate. When I try to add the second certificate I obtain that there is a certificate with the same id within the smartcard.
>
> Thank you.
>
> On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>
>
>     On 3/7/2012 7:05 AM, evalues evalues wrote:
>
>         Hello, you are right, I have not explained well the problem, sorry.
>
>         I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id
>         1000000 and
>         third certificate have the id 10000000.  I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000
>         for the
>         ids 1000000 and 10000000. I use %lu for print this values.
>
>
>     Will not work. the ID may be up to 255 bytes long.
>     You have to treat it as as an array of unsigned char.
>     the endian of the machine would also effect the output
>     if you tried to use %lu.
>
>
>       Is there a function sc_pkcs15_id_to_hex_string?
>
>       sc_pkcs15_print_id
>
>     Look at tools/pkcs15-tool.c in the print_cert_info routine.
>
>
>         Thank you.
>
>
>         On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>
>
>
>             On 3/5/2012 10:45 AM, evalues evalues wrote:
>          > Hello,
>          >
>          > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the
>             number
>          > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is
>             converted
>          > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have
>         interpreted
>          > something bad or if really exist this error in opensc.
>
>             You did not say how you were providing 55.555.555
>
>             It looks like the routine you are using is only looking at hex
>             digits and ignoring the "."s, and the fact that 1.000.000 has an
>             odd number of digits.
>
>             One place where it is created is in src/tools/pkcs15-tool.c:
>                sc_pkcs15_hex_string_to_id(__opt_auth_id, &auth_id)
>
>             sc_pkcs15_id has an octet string and a length.
>             (The octet string could be printable.)
>
>             So depending on the tool you are trying to use, you can
>             pass in the hex characters, and let it convert it,
>
>             31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
>             31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
>             or if you are writing your own code, copy the
>             asci characters and set the length.
>
>          >
>          > Thank you.
>          >
>          >
>          > _________________________________________________
>          > opensc-devel mailing list
>          > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>          > http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>
>
>             --
>
>               Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>               Argonne National Laboratory
>               9700 South Cass Avenue
>               Argonne, Illinois  60439
>         (630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444>
>             _________________________________________________
>             opensc-devel mailing list
>         [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>         http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel>
>
>
>
>     --
>
>       Douglas E. Engert <[hidden email] <mailto:[hidden email]>>
>       Argonne National Laboratory
>       9700 South Cass Avenue
>       Argonne, Illinois  60439
>     (630) 252-5444 <tel:%28630%29%20252-5444>
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

Viktor Tarasov-3
In reply to this post by evalues evalues
Hello,

Le 09/03/2012 16:53, evalues evalues a écrit :
> Sorry, the id that I use for the second certificate is 10000000

For PKCS#15 the ID is an octet string.
In the OpenSC tools the 'id' argument is treated as hexadecimal string.
If this string length is odd, the last byte is hexadecimal value of the last character.
"12345" -> 0x12,0x34,0x05

In you case the "100" and "1000" will give the same result.

Except for one-byte values, nowhere in OpenSC the number is transformed into ID.
It's up to you to make this transformation.

>
> Thank you.

Kind regards,
Viktor.

>
> On Fri, Mar 9, 2012 at 4:51 PM, evalues evalues <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hello,
>
>     I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 with the second certificate. When I try to add the
>     second certificate I obtain that there is a certificate with the same id within the smartcard.
>
>     Thank you.
>
>     On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>
>
>         On 3/7/2012 7:05 AM, evalues evalues wrote:
>
>             Hello, you are right, I have not explained well the problem, sorry.
>
>             I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and
>             third certificate have the id 10000000.  I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the
>             ids 1000000 and 10000000. I use %lu for print this values.
>
>
>         Will not work. the ID may be up to 255 bytes long.
>         You have to treat it as as an array of unsigned char.
>         the endian of the machine would also effect the output
>         if you tried to use %lu.
>
>
>          Is there a function sc_pkcs15_id_to_hex_string?
>
>          sc_pkcs15_print_id
>
>         Look at tools/pkcs15-tool.c in the print_cert_info routine.
>
>
>             Thank you.
>
>
>             On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>
>
>
>                On 3/5/2012 10:45 AM, evalues evalues wrote:
>                 > Hello,
>                 >
>                 > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the
>                number
>                 > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is
>                converted
>                 > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
>                 > something bad or if really exist this error in opensc.
>
>                You did not say how you were providing 55.555.555
>
>                It looks like the routine you are using is only looking at hex
>                digits and ignoring the "."s, and the fact that 1.000.000 has an
>                odd number of digits.
>
>                One place where it is created is in src/tools/pkcs15-tool.c:
>                   sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)
>
>                sc_pkcs15_id has an octet string and a length.
>                (The octet string could be printable.)
>
>                So depending on the tool you are trying to use, you can
>                pass in the hex characters, and let it convert it,
>
>                31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
>                31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
>                or if you are writing your own code, copy the
>                asci characters and set the length.
>
>                 >
>                 > Thank you.
>                 >
>                 >
>                 > _______________________________________________
>                 > opensc-devel mailing list
>                 > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>                 > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>                --
>
>                  Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>                  Argonne National Laboratory
>                  9700 South Cass Avenue
>                  Argonne, Illinois  60439
>                (630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444>
>                _______________________________________________
>                opensc-devel mailing list
>                [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>                http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>         --
>
>          Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>
>          Argonne National Laboratory
>          9700 South Cass Avenue
>          Argonne, Illinois  60439
>          (630) 252-5444 <tel:%28630%29%20252-5444>
>
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Question about struct sc_pkcs15_id

evalues evalues
Hello,

thanks for your answers. Now I understand where I had the problem. I will limit that the option --id only can have pairs numbers.

Thank you.

On Fri, Mar 9, 2012 at 11:20 PM, Viktor Tarasov <[hidden email]> wrote:
Hello,

Le 09/03/2012 16:53, evalues evalues a écrit :
> Sorry, the id that I use for the second certificate is 10000000

For PKCS#15 the ID is an octet string.
In the OpenSC tools the 'id' argument is treated as hexadecimal string.
If this string length is odd, the last byte is hexadecimal value of the last character.
"12345" -> 0x12,0x34,0x05

In you case the "100" and "1000" will give the same result.

Except for one-byte values, nowhere in OpenSC the number is transformed into ID.
It's up to you to make this transformation.

>
> Thank you.

Kind regards,
Viktor.

>
> On Fri, Mar 9, 2012 at 4:51 PM, evalues evalues <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hello,
>
>     I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 with the second certificate. When I try to add the
>     second certificate I obtain that there is a certificate with the same id within the smartcard.
>
>     Thank you.
>
>     On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>
>
>         On 3/7/2012 7:05 AM, evalues evalues wrote:
>
>             Hello, you are right, I have not explained well the problem, sorry.
>
>             I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and
>             third certificate have the id 10000000.  I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the
>             ids 1000000 and 10000000. I use %lu for print this values.
>
>
>         Will not work. the ID may be up to 255 bytes long.
>         You have to treat it as as an array of unsigned char.
>         the endian of the machine would also effect the output
>         if you tried to use %lu.
>
>
>          Is there a function sc_pkcs15_id_to_hex_string?
>
>          sc_pkcs15_print_id
>
>         Look at tools/pkcs15-tool.c in the print_cert_info routine.
>
>
>             Thank you.
>
>
>             On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>
>
>
>                On 3/5/2012 10:45 AM, evalues evalues wrote:
>                 > Hello,
>                 >
>                 > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the
>                number
>                 > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is
>                converted
>                 > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted
>                 > something bad or if really exist this error in opensc.
>
>                You did not say how you were providing 55.555.555
>
>                It looks like the routine you are using is only looking at hex
>                digits and ignoring the "."s, and the fact that 1.000.000 has an
>                odd number of digits.
>
>                One place where it is created is in src/tools/pkcs15-tool.c:
>                   sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id)
>
>                sc_pkcs15_id has an octet string and a length.
>                (The octet string could be printable.)
>
>                So depending on the tool you are trying to use, you can
>                pass in the hex characters, and let it convert it,
>
>                31:2e:30:30:30:2e:30:30:30 would be your 1.000.000
>                31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000
>                or if you are writing your own code, copy the
>                asci characters and set the length.
>
>                 >
>                 > Thank you.
>                 >
>                 >
>                 > _______________________________________________
>                 > opensc-devel mailing list
>                 > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>                 > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>                --
>
>                  Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>                  Argonne National Laboratory
>                  9700 South Cass Avenue
>                  Argonne, Illinois  60439
>                <a href="tel:%28630%29%20252-5444" value="+16302525444">(630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444>
>                _______________________________________________
>                opensc-devel mailing list
>                [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>                http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>
>         --
>
>          Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>
>          Argonne National Laboratory
>          9700 South Cass Avenue
>          Argonne, Illinois  60439
>          <a href="tel:%28630%29%20252-5444" value="+16302525444">(630) 252-5444 <tel:%28630%29%20252-5444>
>
>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel



_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel