Hello,
how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the number 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is converted to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted something bad or if really exist this error in opensc. Thank you. _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
On 3/5/2012 10:45 AM, evalues evalues wrote: > Hello, > > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the number > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is converted > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted > something bad or if really exist this error in opensc. You did not say how you were providing 55.555.555 It looks like the routine you are using is only looking at hex digits and ignoring the "."s, and the fact that 1.000.000 has an odd number of digits. One place where it is created is in src/tools/pkcs15-tool.c: sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id) sc_pkcs15_id has an octet string and a length. (The octet string could be printable.) So depending on the tool you are trying to use, you can pass in the hex characters, and let it convert it, 31:2e:30:30:30:2e:30:30:30 would be your 1.000.000 31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000 or if you are writing your own code, copy the asci characters and set the length. > > Thank you. > > > _______________________________________________ > opensc-devel mailing list > [hidden email] > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <[hidden email]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Hello, you are right, I have not explained well the problem, sorry.
I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and third certificate have the id 10000000. I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the ids 1000000 and 10000000. I use %lu for print this values. Is there a function sc_pkcs15_id_to_hex_string? Thank you. On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email]> wrote:
_______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
On 3/7/2012 7:05 AM, evalues evalues wrote: > Hello, you are right, I have not explained well the problem, sorry. > > I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and > third certificate have the id 10000000. I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the > ids 1000000 and 10000000. I use %lu for print this values. Will not work. the ID may be up to 255 bytes long. You have to treat it as as an array of unsigned char. the endian of the machine would also effect the output if you tried to use %lu. Is there a function sc_pkcs15_id_to_hex_string? sc_pkcs15_print_id Look at tools/pkcs15-tool.c in the print_cert_info routine. > > Thank you. > > On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote: > > > > On 3/5/2012 10:45 AM, evalues evalues wrote: > > Hello, > > > > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the > number > > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is > converted > > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted > > something bad or if really exist this error in opensc. > > You did not say how you were providing 55.555.555 > > It looks like the routine you are using is only looking at hex > digits and ignoring the "."s, and the fact that 1.000.000 has an > odd number of digits. > > One place where it is created is in src/tools/pkcs15-tool.c: > sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id) > > sc_pkcs15_id has an octet string and a length. > (The octet string could be printable.) > > So depending on the tool you are trying to use, you can > pass in the hex characters, and let it convert it, > > 31:2e:30:30:30:2e:30:30:30 would be your 1.000.000 > 31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000 > or if you are writing your own code, copy the > asci characters and set the length. > > > > > Thank you. > > > > > > _______________________________________________ > > opensc-devel mailing list > > [hidden email] <mailto:[hidden email]> > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- > > Douglas E. Engert <[hidden email] <mailto:[hidden email]>> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 <tel:%28630%29%20252-5444> > _______________________________________________ > opensc-devel mailing list > [hidden email] <mailto:[hidden email]> > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert <[hidden email]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Hello,
I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 with the second certificate. When I try to add the second certificate I obtain that there is a certificate with the same id within the smartcard. Thank you. On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email]> wrote:
_______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Sorry, the id that I use for the second certificate is 10000000
Thank you. On Fri, Mar 9, 2012 at 4:51 PM, evalues evalues <[hidden email]> wrote: Hello, _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
In reply to this post by evalues evalues
Someone else needs to answer this, as I don't use pkcs15-init for the cards
I am familiar with. On 3/9/2012 9:51 AM, evalues evalues wrote: > Hello, > > I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 > with the second certificate. When I try to add the second certificate I obtain that there is a certificate with the same id within the smartcard. > > Thank you. > > On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote: > > > > On 3/7/2012 7:05 AM, evalues evalues wrote: > > Hello, you are right, I have not explained well the problem, sorry. > > I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id > 1000000 and > third certificate have the id 10000000. I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 > for the > ids 1000000 and 10000000. I use %lu for print this values. > > > Will not work. the ID may be up to 255 bytes long. > You have to treat it as as an array of unsigned char. > the endian of the machine would also effect the output > if you tried to use %lu. > > > Is there a function sc_pkcs15_id_to_hex_string? > > sc_pkcs15_print_id > > Look at tools/pkcs15-tool.c in the print_cert_info routine. > > > Thank you. > > > On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> wrote: > > > > On 3/5/2012 10:45 AM, evalues evalues wrote: > > Hello, > > > > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the > number > > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is > converted > > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have > interpreted > > something bad or if really exist this error in opensc. > > You did not say how you were providing 55.555.555 > > It looks like the routine you are using is only looking at hex > digits and ignoring the "."s, and the fact that 1.000.000 has an > odd number of digits. > > One place where it is created is in src/tools/pkcs15-tool.c: > sc_pkcs15_hex_string_to_id(__opt_auth_id, &auth_id) > > sc_pkcs15_id has an octet string and a length. > (The octet string could be printable.) > > So depending on the tool you are trying to use, you can > pass in the hex characters, and let it convert it, > > 31:2e:30:30:30:2e:30:30:30 would be your 1.000.000 > 31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000 > or if you are writing your own code, copy the > asci characters and set the length. > > > > > Thank you. > > > > > > _________________________________________________ > > opensc-devel mailing list > > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>> > > http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel> > > -- > > Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> > > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444> > _________________________________________________ > opensc-devel mailing list > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>> > http://www.opensc-project.org/__mailman/listinfo/opensc-devel <http://www.opensc-project.org/mailman/listinfo/opensc-devel> > > > > -- > > Douglas E. Engert <[hidden email] <mailto:[hidden email]>> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 <tel:%28630%29%20252-5444> > > -- Douglas E. Engert <[hidden email]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
In reply to this post by evalues evalues
Hello,
Le 09/03/2012 16:53, evalues evalues a écrit : > Sorry, the id that I use for the second certificate is 10000000 For PKCS#15 the ID is an octet string. In the OpenSC tools the 'id' argument is treated as hexadecimal string. If this string length is odd, the last byte is hexadecimal value of the last character. "12345" -> 0x12,0x34,0x05 In you case the "100" and "1000" will give the same result. Except for one-byte values, nowhere in OpenSC the number is transformed into ID. It's up to you to make this transformation. > > Thank you. Kind regards, Viktor. > > On Fri, Mar 9, 2012 at 4:51 PM, evalues evalues <[hidden email] <mailto:[hidden email]>> wrote: > > Hello, > > I try to add two certificates to the smart card with the command pkcs15-init -T --store-certificate with the option --id, and I use the id 1000000 with the first certificate and I use the id 1000000 with the second certificate. When I try to add the > second certificate I obtain that there is a certificate with the same id within the smartcard. > > Thank you. > > On Wed, Mar 7, 2012 at 3:59 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote: > > > > On 3/7/2012 7:05 AM, evalues evalues wrote: > > Hello, you are right, I have not explained well the problem, sorry. > > I have a smartcard with three certificates and each certificate have a different ID (first certificate have the 55555555 (without dot, all ids are numbers), second certificate have the id 1000000 and > third certificate have the id 10000000. I use the function sc_pkcs15_get_objects to obtain the certificates. After that, I print the id of each certificate and I obtain the same value 16000 for the > ids 1000000 and 10000000. I use %lu for print this values. > > > Will not work. the ID may be up to 255 bytes long. > You have to treat it as as an array of unsigned char. > the endian of the machine would also effect the output > if you tried to use %lu. > > > Is there a function sc_pkcs15_id_to_hex_string? > > sc_pkcs15_print_id > > Look at tools/pkcs15-tool.c in the print_cert_info routine. > > > Thank you. > > > On Wed, Mar 7, 2012 at 12:02 AM, Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> wrote: > > > > On 3/5/2012 10:45 AM, evalues evalues wrote: > > Hello, > > > > how data is stored in this structure? I have been testing with numerical data and I think that the data are converted to hexadecimal in pairs and from right to left. For example, if I have the > number > > 55.555.555 is converted into 85 85 85 85. It is a problem when the number ends in zero, because, if I have the number 1.000.000 is converted to16 0 0 0 and if I have the number 10.000.000 is > converted > > to the same value (16000). Due to this, for two objects with identifiers 1.000.000 and 10.000.000, in opensc they are converted to the same identifier 16 0 0 0. I don't know if I have interpreted > > something bad or if really exist this error in opensc. > > You did not say how you were providing 55.555.555 > > It looks like the routine you are using is only looking at hex > digits and ignoring the "."s, and the fact that 1.000.000 has an > odd number of digits. > > One place where it is created is in src/tools/pkcs15-tool.c: > sc_pkcs15_hex_string_to_id(opt_auth_id, &auth_id) > > sc_pkcs15_id has an octet string and a length. > (The octet string could be printable.) > > So depending on the tool you are trying to use, you can > pass in the hex characters, and let it convert it, > > 31:2e:30:30:30:2e:30:30:30 would be your 1.000.000 > 31:30:2e:30:30:30:2e:30:30:30 would be 10.000.000 > or if you are writing your own code, copy the > asci characters and set the length. > > > > > Thank you. > > > > > > _______________________________________________ > > opensc-devel mailing list > > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>> > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- > > Douglas E. Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> > > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 <tel:%28630%29%20252-5444> <tel:%28630%29%20252-5444> > _______________________________________________ > opensc-devel mailing list > [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>> > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > > -- > > Douglas E. Engert <[hidden email] <mailto:[hidden email]>> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 <tel:%28630%29%20252-5444> > > > > > _______________________________________________ > opensc-devel mailing list > [hidden email] > http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Hello,
thanks for your answers. Now I understand where I had the problem. I will limit that the option --id only can have pairs numbers. Thank you. On Fri, Mar 9, 2012 at 11:20 PM, Viktor Tarasov <[hidden email]> wrote: Hello, _______________________________________________ opensc-devel mailing list [hidden email] http://www.opensc-project.org/mailman/listinfo/opensc-devel |
Free forum by Nabble | Edit this page |