Re: opensc-user Digest, Vol 73, Issue 10

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: opensc-user Digest, Vol 73, Issue 10

Gabryella Menezes
Good Day

PCSC-lite daemon uses pcscd. And besides implementing OpenCT driver
also uses some daemom? And OpenCT is compatible with the CCID, or
better stated PCSC-lite is the same?

Thanks

2011/5/20, [hidden email]
<[hidden email]>:

> Send opensc-user mailing list submissions to
> [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.opensc-project.org/mailman/listinfo/opensc-user
> or, via email, send a message with subject or body 'help' to
> [hidden email]
>
> You can reach the person managing the list at
> [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of opensc-user digest..."
>
>
> Today's Topics:
>
>    1. Re: question please (Gabryella Menezes)
>    2. Re: question please (Breno Jacinto)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 20 May 2011 08:59:57 -0400
> From: Gabryella Menezes <[hidden email]>
> Subject: Re: [opensc-user] question please
> To: Felipe Blauth <[hidden email]>
> Cc: [hidden email]
> Message-ID: <BANLkTinw=s8VYuLRoMRUN2oHzuznnz=[hidden email]>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Thank you to all who are helping me.
>
> Someone has to explain to me how the communication and OpenCT OpenSC?
> As the OpenCT directly accesses the reader?
> I have such doubts. Maybe a diagram would be the best explanation if
> someone had.
>
> thanks.
>
> 2011/5/19, Felipe Blauth <[hidden email]>:
>> 2011/5/19 Rafael Coninck Teig?o <[hidden email]>
>>
>>> Hello,
>>>
>>> If you are using a smartcard supplied by one of the Brazilians CAs, you
>>> are
>>> probably using a card from G&D. In this case, they've probably given you
>>> a
>>> manager for it called SafeSign. This manager is available for Windows,
>>> Linux
>>> and Mac, but sometimes you have to strong-arm it out of the supplier if
>>> you
>>> want the Linux or Mac variant.
>>>
>>> Anyway, the two CAs I've dealt with (Serasa and Certisign) both have
>>> given
>>> me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is
>>> installed on /usr/lib/libaetpkss.so (if not use locate or find to search
>>> for
>>> it.) You can use this lib directly in Firefox or Thunderbird.
>>>
>>
>> Just to complete, there are some versions of libaetpkss.so around. The
>> latest I tested can be downloaded
>> here<http://icp.caixa.gov.br/_downloads/safesign_linux.zip>,
>> and works pretty well.
>>
>> --
>> Felipe blauth
>>
>>
>>>
>>> Cheers,
>>> Rafael.
>>>
>>>
>>> On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]> wrote:
>>>
>>>> 2011/5/19 Breno Jacinto <[hidden email]>
>>>>
>>>>> Hello,
>>>>>
>>>>>    I have a follow-up on this question. I actually have CCID devices
>>>>> working pretty fine on Linux, but I'm unable to reach them from the
>>>>> browser
>>>>> (which would need PKCS#11, openSC, etc). The point is, CCID is able to
>>>>> use
>>>>> the reader, but apparently OpenSC does not (it does not recognize it).
>>>>> So,
>>>>> basically, is there anyway to access a CCID device from the browser,
>>>>> without
>>>>> OpenSC?
>>>>>
>>>>
>>>> What do you mean with working pretty fine on Linux? A CCID device stands
>>>> for a device that uses the USB interface and understand the PC/SC
>>>> interface
>>>> for IFDs (readers). Since PC/SC is a standard, then any reader that is
>>>> PC/SC
>>>> compliant can be used with a generic driver, named CCID. But that is
>>>> only
>>>> the bottom part of the communication.
>>>>
>>>> If you say you can use these devices, you are probably using some
>>>> software
>>>> that talks directly to the middleware, wich talks to the CCID driver
>>>> that
>>>> finally talks to the reader (or other PC/SC devices).
>>>>
>>>> The communication between any interface and the midleware is made by low
>>>> level commands called APDUs. Most of PKCS #11 modules map PKCS #11
>>>> commands
>>>> directly to APDUs. OpenSC can work this way or by using OpenCT, which
>>>> has
>>>> nothing to do with PC/SC, or CCID or any of those standards, but it
>>>> works
>>>> on
>>>> its own way (someone correct me if I'm wrong).
>>>>
>>>> For OpenSC understand your device, it needs to know what kind of APDUs
>>>> it
>>>> uses. OpenSC tryes to standarize that by using some ways like PKCS #15,
>>>> but
>>>> in pratice every supported
>>>> card or device needs to have it's own driver. OpenSC probably does not
>>>> recognize it because there's no driver for it.
>>>>
>>>> Answering your questions, many CCID devices can be accessed from the
>>>> browser. But you'll need a PKCS #11 module that understands it for
>>>> firefox
>>>> or a csp for internet explorer, since those browsers expect those
>>>> formats.
>>>>
>>>>     I'm sorry if I'm making any confusion here - just started playing
>>>> with
>>>>> this and currently we are using a lot of smart cards and digital
>>>>> certificates in Brazil, but users are being forced to use Windows to do
>>>>> that, simply because there is no reader "working" (which means the
>>>>> driver is
>>>>> fine and an interface from the browser to the device is fine, which is
>>>>> not
>>>>> the case up to now).
>>>>>
>>>>
>>>> No problem , I have bothered this list a lot when I was also learning
>>>> the
>>>> basics. Now I try to answer some questions = ).
>>>>
>>>> PS: Sauda??es do Brasil
>>>>
>>>>
>>>> best regards,
>>>>>
>>>>>
>>>>> ---> Breno Jacinto
>>>>> ---> Instituto Federal de Educa??o, Ci?ncia e Tecnologia de Alagoas
>>>>> (IFAL)
>>>>> -----> http://www.ifal.edu.br
>>>>> --> Instituto Nacional do Conhecimento e da Inclus?o S?cio-Digital
>>>>> -----> http://www.iconis.org.br
>>>>> ---> Life is Choice. You can choose to be a victim, or anything else
>>>>> you
>>>>> want to be. (S?crates - Peaceful Warrior) <--
>>>>>
>>>>> *CAMPANHA ACABE COM O SPAM**:
>>>>> 1. Proteja o meu endere?o e o de seus amigos como estou protegendo o
>>>>> seu.
>>>>> 2. Ao enviar mensagens, use SEMPRE o "Cco" (c?pia oculta) ou "Bcc"
>>>>> (blind
>>>>> carbon copy). Assim, TODOS os endere?os estar?o preservados.
>>>>> 3. E, claro, antes de encaminhar um e-mail, delete todas as informa??es
>>>>> que apare?am no corpo do e-mail e que possam ser usadas (SPAM) por
>>>>> hackers.***
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 2011/5/19 Martin Paljak <[hidden email]>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> On Thu, May 19, 2011 at 17:36, Gabryella Menezes
>>>>>> <[hidden email]> wrote:
>>>>>> > Good Morning!
>>>>>> >
>>>>>> > I'm having a big question:
>>>>>> The answer is short and simple
>>>>>>
>>>>>> >
>>>>>> > Currently I use a combination of PCSC-lite CCID and diver.
>>>>>> > Studying on the matter and discover the OpenSC OpenCT and wondered
>>>>>> > what the main differences between them? It's the same interface?
>>>>>>
>>>>>>
>>>>>> No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
>>>>>> use CCID devices and everything works for you now, do not bother with
>>>>>> OpenCT.
>>>>>>
>>>>>> Martin
>>>>>> _______________________________________________
>>>>>> opensc-user mailing list
>>>>>> [hidden email]
>>>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> opensc-user mailing list
>>>>> [hidden email]
>>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>>
>>>>
>>>> --
>>>> Felipe Menegola Blauth
>>>>
>>>> _______________________________________________
>>>> opensc-user mailing list
>>>> [hidden email]
>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>
>>>
>>>
>>
>
>
> --
> Gabryella Menezes
> 9291623288
>
> Tecn?loga em Desenvolvimento de Software - IFAM
> Analista/Pesquisadora da Plataforma ANDROID SO
> Analista/Pesquisadora C/C++ Instituto Certi Amaz?nia
> http://twitter.com/_GabyMenezes
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 20 May 2011 10:10:37 -0300
> From: Breno Jacinto <[hidden email]>
> Subject: Re: [opensc-user] question please
> To: Gabryella Menezes <[hidden email]>
> Cc: [hidden email]
> Message-ID: <BANLkTi=[hidden email]>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hey Gabryella,
>
>     I was just searcing for this, and I found a good one here:
> http://www.opensc-project.org/opensc/wiki/OverView
>
>     Now things start to make sense.
>
> regards,
> ---> Breno Jacinto
> ---> Instituto Federal de Educa??o, Ci?ncia e Tecnologia de Alagoas (IFAL)
> -----> http://www.ifal.edu.br
> --> Instituto Nacional do Conhecimento e da Inclus?o S?cio-Digital
> -----> http://www.iconis.org.br
> ---> Life is Choice. You can choose to be a victim, or anything else you
> want to be. (S?crates - Peaceful Warrior) <--
>
> *CAMPANHA ACABE COM O SPAM**:
> 1. Proteja o meu endere?o e o de seus amigos como estou protegendo o seu.
> 2. Ao enviar mensagens, use SEMPRE o "Cco" (c?pia oculta) ou "Bcc" (blind
> carbon copy). Assim, TODOS os endere?os estar?o preservados.
> 3. E, claro, antes de encaminhar um e-mail, delete todas as informa??es que
> apare?am no corpo do e-mail e que possam ser usadas (SPAM) por hackers.***
>
>
>
>
> 2011/5/20 Gabryella Menezes <[hidden email]>
>
>> Thank you to all who are helping me.
>>
>> Someone has to explain to me how the communication and OpenCT OpenSC?
>> As the OpenCT directly accesses the reader?
>> I have such doubts. Maybe a diagram would be the best explanation if
>> someone had.
>>
>> thanks.
>>
>> 2011/5/19, Felipe Blauth <[hidden email]>:
>> > 2011/5/19 Rafael Coninck Teig?o <[hidden email]>
>> >
>> >> Hello,
>> >>
>> >> If you are using a smartcard supplied by one of the Brazilians CAs, you
>> >> are
>> >> probably using a card from G&D. In this case, they've probably given
>> >> you
>> a
>> >> manager for it called SafeSign. This manager is available for Windows,
>> >> Linux
>> >> and Mac, but sometimes you have to strong-arm it out of the supplier if
>> >> you
>> >> want the Linux or Mac variant.
>> >>
>> >> Anyway, the two CAs I've dealt with (Serasa and Certisign) both have
>> given
>> >> me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is
>> >> installed on /usr/lib/libaetpkss.so (if not use locate or find to
>> >> search
>> >> for
>> >> it.) You can use this lib directly in Firefox or Thunderbird.
>> >>
>> >
>> > Just to complete, there are some versions of libaetpkss.so around. The
>> > latest I tested can be downloaded
>> > here<http://icp.caixa.gov.br/_downloads/safesign_linux.zip>,
>> > and works pretty well.
>> >
>> > --
>> > Felipe blauth
>> >
>> >
>> >>
>> >> Cheers,
>> >> Rafael.
>> >>
>> >>
>> >> On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]>
>> wrote:
>> >>
>> >>> 2011/5/19 Breno Jacinto <[hidden email]>
>> >>>
>> >>>> Hello,
>> >>>>
>> >>>>    I have a follow-up on this question. I actually have CCID devices
>> >>>> working pretty fine on Linux, but I'm unable to reach them from the
>> >>>> browser
>> >>>> (which would need PKCS#11, openSC, etc). The point is, CCID is able
>> >>>> to
>> >>>> use
>> >>>> the reader, but apparently OpenSC does not (it does not recognize
>> >>>> it).
>> >>>> So,
>> >>>> basically, is there anyway to access a CCID device from the browser,
>> >>>> without
>> >>>> OpenSC?
>> >>>>
>> >>>
>> >>> What do you mean with working pretty fine on Linux? A CCID device
>> stands
>> >>> for a device that uses the USB interface and understand the PC/SC
>> >>> interface
>> >>> for IFDs (readers). Since PC/SC is a standard, then any reader that is
>> >>> PC/SC
>> >>> compliant can be used with a generic driver, named CCID. But that is
>> only
>> >>> the bottom part of the communication.
>> >>>
>> >>> If you say you can use these devices, you are probably using some
>> >>> software
>> >>> that talks directly to the middleware, wich talks to the CCID driver
>> that
>> >>> finally talks to the reader (or other PC/SC devices).
>> >>>
>> >>> The communication between any interface and the midleware is made by
>> low
>> >>> level commands called APDUs. Most of PKCS #11 modules map PKCS #11
>> >>> commands
>> >>> directly to APDUs. OpenSC can work this way or by using OpenCT, which
>> has
>> >>> nothing to do with PC/SC, or CCID or any of those standards, but it
>> works
>> >>> on
>> >>> its own way (someone correct me if I'm wrong).
>> >>>
>> >>> For OpenSC understand your device, it needs to know what kind of APDUs
>> it
>> >>> uses. OpenSC tryes to standarize that by using some ways like PKCS
>> >>> #15,
>> >>> but
>> >>> in pratice every supported
>> >>> card or device needs to have it's own driver. OpenSC probably does not
>> >>> recognize it because there's no driver for it.
>> >>>
>> >>> Answering your questions, many CCID devices can be accessed from the
>> >>> browser. But you'll need a PKCS #11 module that understands it for
>> >>> firefox
>> >>> or a csp for internet explorer, since those browsers expect those
>> >>> formats.
>> >>>
>> >>>     I'm sorry if I'm making any confusion here - just started playing
>> >>> with
>> >>>> this and currently we are using a lot of smart cards and digital
>> >>>> certificates in Brazil, but users are being forced to use Windows to
>> do
>> >>>> that, simply because there is no reader "working" (which means the
>> >>>> driver is
>> >>>> fine and an interface from the browser to the device is fine, which
>> >>>> is
>> >>>> not
>> >>>> the case up to now).
>> >>>>
>> >>>
>> >>> No problem , I have bothered this list a lot when I was also learning
>> the
>> >>> basics. Now I try to answer some questions = ).
>> >>>
>> >>> PS: Sauda??es do Brasil
>> >>>
>> >>>
>> >>> best regards,
>> >>>>
>> >>>>
>> >>>> ---> Breno Jacinto
>> >>>> ---> Instituto Federal de Educa??o, Ci?ncia e Tecnologia de Alagoas
>> >>>> (IFAL)
>> >>>> -----> http://www.ifal.edu.br
>> >>>> --> Instituto Nacional do Conhecimento e da Inclus?o S?cio-Digital
>> >>>> -----> http://www.iconis.org.br
>> >>>> ---> Life is Choice. You can choose to be a victim, or anything else
>> you
>> >>>> want to be. (S?crates - Peaceful Warrior) <--
>> >>>>
>> >>>> *CAMPANHA ACABE COM O SPAM**:
>> >>>> 1. Proteja o meu endere?o e o de seus amigos como estou protegendo o
>> >>>> seu.
>> >>>> 2. Ao enviar mensagens, use SEMPRE o "Cco" (c?pia oculta) ou "Bcc"
>> >>>> (blind
>> >>>> carbon copy). Assim, TODOS os endere?os estar?o preservados.
>> >>>> 3. E, claro, antes de encaminhar um e-mail, delete todas as
>> informa??es
>> >>>> que apare?am no corpo do e-mail e que possam ser usadas (SPAM) por
>> >>>> hackers.***
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> 2011/5/19 Martin Paljak <[hidden email]>
>> >>>>
>> >>>>> Hello,
>> >>>>>
>> >>>>> On Thu, May 19, 2011 at 17:36, Gabryella Menezes
>> >>>>> <[hidden email]> wrote:
>> >>>>> > Good Morning!
>> >>>>> >
>> >>>>> > I'm having a big question:
>> >>>>> The answer is short and simple
>> >>>>>
>> >>>>> >
>> >>>>> > Currently I use a combination of PCSC-lite CCID and diver.
>> >>>>> > Studying on the matter and discover the OpenSC OpenCT and wondered
>> >>>>> > what the main differences between them? It's the same interface?
>> >>>>>
>> >>>>>
>> >>>>> No. PC/SC is standard and cross-platform, OpenCT is Linux only. If
>> you
>> >>>>> use CCID devices and everything works for you now, do not bother
>> >>>>> with
>> >>>>> OpenCT.
>> >>>>>
>> >>>>> Martin
>> >>>>> _______________________________________________
>> >>>>> opensc-user mailing list
>> >>>>> [hidden email]
>> >>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>> >>>>>
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> opensc-user mailing list
>> >>>> [hidden email]
>> >>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>> >>>>
>> >>>
>> >>> --
>> >>> Felipe Menegola Blauth
>> >>>
>> >>> _______________________________________________
>> >>> opensc-user mailing list
>> >>> [hidden email]
>> >>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>> >>>
>> >>
>> >>
>> >
>>
>>
>> --
>> Gabryella Menezes
>> 9291623288
>>
>> Tecn?loga em Desenvolvimento de Software - IFAM
>> Analista/Pesquisadora da Plataforma ANDROID SO
>> Analista/Pesquisadora C/C++ Instituto Certi Amaz?nia
>> http://twitter.com/_GabyMenezes
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://www.opensc-project.org/pipermail/opensc-user/attachments/20110520/c3b12eac/attachment.htm
>
> ------------------------------
>
> _______________________________________________
> opensc-user mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-user
>
> End of opensc-user Digest, Vol 73, Issue 10
> *******************************************
>


--
Gabryella Menezes
9291623288

Tecn├│loga em Desenvolvimento de Software - IFAM
Analista/Pesquisadora da Plataforma ANDROID SO
Analista/Pesquisadora C/C++ Instituto Certi Amaz├┤nia
http://twitter.com/_GabyMenezes
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user