SCA for Snow Leopard built yet?

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

SCA for Snow Leopard built yet?

Miller, Timothy J.
Afore I go build it, has anyone else done so?

-- Tim

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

JP Szikora-2
Miller, Timothy J. a écrit :
> Afore I go build it, has anyone else done so?
>
>  
Hi Tim,

Have you problems with the latest SCA (0.2.7) on Snow Leopard?

Jean-Pierre
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Gaëtan Le Guelvouit
Le 4 sept. 2009 à 09:12, JP Szikora a écrit :

> Have you problems with the latest SCA (0.2.7) on Snow Leopard?



Hi Jean-Pierre,


I'm not Tim, but since I have problems with SCA 0.2.7 and Snow Leopard  
(SL), I answer you.

SCA 0.2.7 used to work on my Leopard systems (Core Duo and Core2Duo  
Macbook Pro) with my USB token (Schlumberger Sema PKCS#15). It doesn't  
anymore since the upgrade to SL.

In fact, it appears that PCSCD does not work properly. When I launch  
it using command line, I get:

% sudo pcscd -df
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
debuglog.c:240:DebugLogSetLevel() debug level=debug
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:389:main() pcscd set to foreground with debug send to  
stderr
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:585:main() pcsc-lite 1.4.0 daemon ready.


Then I insert my USB token and I get:

/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
readerfactory.c:1545:ReaderCheckArchitecture() Send respawn signal to  
pcscd (pid=251)
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:678:signal_respawn() Got signal to respawn in 32 bit mode
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:294:SVCServiceRunLoop() Preparing to exit...
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
readerfactory.c:1048:RFCleanupReaders() entering cleaning function
pcscd: posix_spawn: pcscd: No such file or directory
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:611:at_exit() cleaning /var/run
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:625:clean_temp_files() Cannot unlink /var/run/pcscd.comm:  
No such file or directory
/SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
pcscdaemon.c:631:clean_temp_files() Cannot unlink /var/run/pcscd: No  
such file or directory

And it quits.


Regards,
Gaetan

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Ludovic Rousseau
2009/9/4 Gaëtan Le Guelvouit <[hidden email]>:

> SCA 0.2.7 used to work on my Leopard systems (Core Duo and Core2Duo
> Macbook Pro) with my USB token (Schlumberger Sema PKCS#15). It doesn't
> anymore since the upgrade to SL.
>
> In fact, it appears that PCSCD does not work properly. When I launch
> it using command line, I get:
>
> % sudo pcscd -df
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> debuglog.c:240:DebugLogSetLevel() debug level=debug
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:389:main() pcscd set to foreground with debug send to
> stderr
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:585:main() pcsc-lite 1.4.0 daemon ready.
>
>
> Then I insert my USB token and I get:
>
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> readerfactory.c:1545:ReaderCheckArchitecture() Send respawn signal to
> pcscd (pid=251)
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:678:signal_respawn() Got signal to respawn in 32 bit mode
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:294:SVCServiceRunLoop() Preparing to exit...
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> readerfactory.c:1048:RFCleanupReaders() entering cleaning function
> pcscd: posix_spawn: pcscd: No such file or directory
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:611:at_exit() cleaning /var/run
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:625:clean_temp_files() Cannot unlink /var/run/pcscd.comm:
> No such file or directory
> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/
> pcscdaemon.c:631:clean_temp_files() Cannot unlink /var/run/pcscd: No
> such file or directory
>
> And it quits.

You need to be in the directory containing the pcscd binary i.e.
/usr/sbin/ so that pcscd can respawn.
$ cd /usr/sbin
$ sudo pcscd -df

pcscd need to restart in 32-bit mode since the CCID driver provided by
Apple is in 32-bit only. I don't know why they have not provided a
64-bits CCID driver. Maybe in the 10.6.1 upgrade?
I also note that the CCID driver is a universal binary i386 + ppc.
Since Snow Leopard does not support PowerPC I guess Apple just reused
the same binary for Leopard and Snow Leopard.

$ file /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib
/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib:
Mach-O universal binary with 2 architectures
/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib
(for architecture i386): Mach-O dynamically linked shared library i386
/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib
(for architecture ppc7400): Mach-O dynamically linked shared library
ppc

Note that conneting a CCID reader will try to start a new pcscd. You
should connect your reader, kill the existing pcscd and then start
pcscd in debug mode.
Or you can disable the autostart of pcscd when a reader is connected.


I fear the tokend has to be in 64-bits mode. All the 4 tokend provided
by Apple are mutliarchiecture (is is still called Universal Binary?)
with at least i386 and x86_64. Some also have ppc7400.

/System/Library/Security/tokend$ file */Contents/MacOS/*
BELPIC.tokend/Contents/MacOS/BELPIC: Mach-O universal binary with 3
architectures
BELPIC.tokend/Contents/MacOS/BELPIC (for architecture x86_64): Mach-O
64-bit executable x86_64
BELPIC.tokend/Contents/MacOS/BELPIC (for architecture i386): Mach-O
executable i386
BELPIC.tokend/Contents/MacOS/BELPIC (for architecture ppc7400): Mach-O
executable ppc
CAC.tokend/Contents/MacOS/CAC:       Mach-O universal binary with 3
architectures
CAC.tokend/Contents/MacOS/CAC (for architecture x86_64): Mach-O 64-bit
executable x86_64
CAC.tokend/Contents/MacOS/CAC (for architecture i386): Mach-O executable i386
CAC.tokend/Contents/MacOS/CAC (for architecture ppc7400): Mach-O executable ppc
JPKI.tokend/Contents/MacOS/JPKI:     Mach-O universal binary with 2
architectures
JPKI.tokend/Contents/MacOS/JPKI (for architecture x86_64): Mach-O
64-bit executable x86_64
JPKI.tokend/Contents/MacOS/JPKI (for architecture i386): Mach-O executable i386
PIV.tokend/Contents/MacOS/PIV:       Mach-O universal binary with 3
architectures
PIV.tokend/Contents/MacOS/PIV (for architecture x86_64): Mach-O 64-bit
executable x86_64
PIV.tokend/Contents/MacOS/PIV (for architecture i386): Mach-O executable i386
PIV.tokend/Contents/MacOS/PIV (for architecture ppc7400): Mach-O executable ppc

So I would not be surprised if the tokend compiled for Leopard does
not work on Snow Leopard and need to be rebuilt in 64-bits mode.

Bye

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Miller, Timothy J.
In reply to this post by JP Szikora-2
On 9/4/2009 2:12 AM, JP Szikora wrote:
> Have you problems with the latest SCA (0.2.7) on Snow Leopard?

Tokend crashes and the PKCS#11 module fails (but doesn't kill the
hosting process).

-- Tim


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Gaëtan Le Guelvouit
In reply to this post by Ludovic Rousseau
Le 4 sept. 2009 à 13:00, Ludovic Rousseau a écrit :

> You need to be in the directory containing the pcscd binary i.e.
> /usr/sbin/ so that pcscd can respawn.
> $ cd /usr/sbin
> $ sudo pcscd -df

OK. It works: I can now use pkcs15-tool and pcsc-test, and connect to  
my VPN with OpenVPN. But my USB token does not appear in MacOS  
"Keychain access" (and other Mac applications, e.g. Mail.app).

This is for my Core2Duo Mac. I will try later with a 32-bit system.


Gaetan

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

JP Szikora-2
In reply to this post by Miller, Timothy J.
Timothy J. Miller a écrit :
> On 9/4/2009 2:12 AM, JP Szikora wrote:
>> Have you problems with the latest SCA (0.2.7) on Snow Leopard?
>
> Tokend crashes and the PKCS#11 module fails (but doesn't kill the
> hosting process).
Hi Tim,

Tokend probably needs to be 64bits. I'm surprised for the PKCS11 module...
Can you test the PKCS11 module with this command:
/Library/OpenSC/bin/pkcs11-tool -tl --module
/Library/OpenSC/lib/opensc-pkcs11.so

Jean-Pierre (still with the leopard...)
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Martin Paljak-2
On 04.09.2009, at 17:15, JP Szikora wrote:
>> Tokend crashes and the PKCS#11 module fails (but doesn't kill the
>> hosting process).

Interestingly the Tokend starts on 64b processor and does not complain  
for being 32bit but I agree, that most probably it needs to be 64bit  
on 64bit OS as securityd is a 64bit process (unlike pcscd). I'm just  
upgrading an old coreduo imac to 10.6 and will see what happens with  
10.6 iin 32bit mode.

I've had no problems with an old pre-built PKCS#11 module in Firefox,  
which is 32bit.
AFAIK it is currently not possible to build Tokend for 64bit (required  
64b libraries are not available with darwinbuild)

Martin,
Running 10.6
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Ludovic Rousseau
In reply to this post by JP Szikora-2
2009/9/4 JP Szikora <[hidden email]>:
> Timothy J. Miller a écrit :
>> On 9/4/2009 2:12 AM, JP Szikora wrote:
>>> Have you problems with the latest SCA (0.2.7) on Snow Leopard?
>>
>> Tokend crashes and the PKCS#11 module fails (but doesn't kill the
>> hosting process).
> Hi Tim,
>
> Tokend probably needs to be 64bits. I'm surprised for the PKCS11 module...

The PKCS#11 should not crash if it is a 32-bits plugin and the
application (like Firefox) is also 32-bits.

> Can you test the PKCS11 module with this command:
> /Library/OpenSC/bin/pkcs11-tool -tl --module
> /Library/OpenSC/lib/opensc-pkcs11.so

This is not directly related to the problem but Apple now provides a
PKCS#11 in /usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so
If I am correct this is a PKCS#11 that works _above_ CDSA so is using
indirectly any tokend. The idea is to be able to use a smart card in
PKCS#11 applications (Firefox for example) without conflicts at the
smart card and/or PC/SC level.
The source code of this PKCS#11 is available at
http://smartcardservices.macosforge.org/trac/browser/branches/tokend/pk11-0009/TokendPKCS11

$ ./pkcs11-tool --module
/usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so -I
Cryptoki version 2.20
Manufacturer     Apple
Library          Apple PKCS #11 module (ver 0.1)

$ ./pkcs11-tool --module
/usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so -LAvailable
slots:
Slot 0           (empty)
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)

$ ./pkcs11-tool --module
/usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so -M
error: PKCS11 function C_GetMechanismList failed: rv =
CKR_TOKEN_NOT_PRESENT (0xe0)

Aborting.

Bye

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Miller, Timothy J.

On Sep 4, 2009, at 1:50 PM, Ludovic Rousseau wrote:

> This is not directly related to the problem but Apple now provides a
> PKCS#11 in /usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so

It's this tokend module that's failing for me causing me to want to  
put OpenSC *back* on the system.  Any signing attempt with  
tokendPKCS11.so gives me the following (output from Firefox running  
with NSS_DEBUG_PKCS11_MODULE set):

-1335791616[1a63a0e0]: C_OpenSession
-1335791616[1a63a0e0]:   slotID = 0x0
-1335791616[1a63a0e0]:   flags = 0x4
-1335791616[1a63a0e0]:   pApplication = 0x1a99800
-1335791616[1a63a0e0]:   Notify = 0x10af9b3
-1335791616[1a63a0e0]:   phSession = 0xb061667c
-1335791616[1a63a0e0]:   *phSession = 0x2
-1335791616[1a63a0e0]:   rv = CKR_OK
-1335791616[1a63a0e0]: C_SignInit
-1335791616[1a63a0e0]:   hSession = 0x2
-1335791616[1a63a0e0]:   pMechanism = 0xb06166cc
-1335791616[1a63a0e0]:   hKey = 0x2
-1335791616[1a63a0e0]:       mechanism = CKM_RSA_PKCS
-1335791616[1a63a0e0]:   rv = CKR_OK
-1335791616[1a63a0e0]: C_Sign
-1335791616[1a63a0e0]:   hSession = 0x2
-1335791616[1a63a0e0]:   pData = 0xb061679c
-1335791616[1a63a0e0]:   ulDataLen = 36
-1335791616[1a63a0e0]:   pSignature = 0x1b8c9240
-1335791616[1a63a0e0]:   pulSignatureLen = 0xb06166d8
-1335791616[1a63a0e0]:   *pulSignatureLen = 0x80
-1335791616[1a63a0e0]:   rv = CKR_FUNCTION_FAILED
-1335791616[1a63a0e0]: C_CloseSession
-1335791616[1a63a0e0]:   hSession = 0x2
-1335791616[1a63a0e0]:   rv = CKR_OK

This results in SSL_ERROR_SIGN_HASHES_FAILURE.

Also:

stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
SmartCardServices/pkcs11/tokendPKCS11.so -L
Available slots:
Slot 0           Apple Tokend
   token label:   CAC-4070-5072-3446-0000-6368
   token manuf:   unknown
   token model:   unknown
   token flags:   readonly, token initialized
   serial num  :  0
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)

stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
SmartCardServices/pkcs11/tokendPKCS11.so -M
Supported mechanisms:
   RSA-PKCS, sign, decrypt
   RSA-X-509, sign, decrypt

stovetop:bin tmiller$ ./pkcs11-tool -tl --module /usr/libexec/
SmartCardServices/pkcs11/tokendPKCS11.so
C_SeedRandom() and C_GenerateRandom():
   seeding (C_SeedRandom) not supported
   ERR: C_GenerateRandom failed: CKR_FUNCTION_NOT_SUPPORTED (0x54)
Digests: not implemented
Signatures (currently only RSA signatures)
   testing key 0 (Identity Private Key)
   Note: C_SignUpdate(), SignFinal() not supported
error: PKCS11 function C_Sign failed: rv = CKR_FUNCTION_FAILED (0x6)

Aborting.

-- Tim


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Miller, Timothy J.

On Sep 10, 2009, at 1:06 PM, Miller, Timothy J. wrote:

>
> On Sep 4, 2009, at 1:50 PM, Ludovic Rousseau wrote:
>
>> This is not directly related to the problem but Apple now provides a
>> PKCS#11 in /usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so
>
> It's this tokend module that's failing for me causing me to want to  
> put OpenSC *back* on the system.  Any signing attempt with  
> tokendPKCS11.so gives me the following (output from Firefox running  
> with NSS_DEBUG_PKCS11_MODULE set):
>
> -1335791616[1a63a0e0]: C_OpenSession
> -1335791616[1a63a0e0]:   slotID = 0x0
> -1335791616[1a63a0e0]:   flags = 0x4
> -1335791616[1a63a0e0]:   pApplication = 0x1a99800
> -1335791616[1a63a0e0]:   Notify = 0x10af9b3
> -1335791616[1a63a0e0]:   phSession = 0xb061667c
> -1335791616[1a63a0e0]:   *phSession = 0x2
> -1335791616[1a63a0e0]:   rv = CKR_OK
> -1335791616[1a63a0e0]: C_SignInit
> -1335791616[1a63a0e0]:   hSession = 0x2
> -1335791616[1a63a0e0]:   pMechanism = 0xb06166cc
> -1335791616[1a63a0e0]:   hKey = 0x2
> -1335791616[1a63a0e0]:       mechanism = CKM_RSA_PKCS
> -1335791616[1a63a0e0]:   rv = CKR_OK
> -1335791616[1a63a0e0]: C_Sign
> -1335791616[1a63a0e0]:   hSession = 0x2
> -1335791616[1a63a0e0]:   pData = 0xb061679c
> -1335791616[1a63a0e0]:   ulDataLen = 36
> -1335791616[1a63a0e0]:   pSignature = 0x1b8c9240
> -1335791616[1a63a0e0]:   pulSignatureLen = 0xb06166d8
> -1335791616[1a63a0e0]:   *pulSignatureLen = 0x80
> -1335791616[1a63a0e0]:   rv = CKR_FUNCTION_FAILED
> -1335791616[1a63a0e0]: C_CloseSession
> -1335791616[1a63a0e0]:   hSession = 0x2
> -1335791616[1a63a0e0]:   rv = CKR_OK
>
> This results in SSL_ERROR_SIGN_HASHES_FAILURE.
>
> Also:
>
> stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
> SmartCardServices/pkcs11/tokendPKCS11.so -L
> Available slots:
> Slot 0           Apple Tokend
>  token label:   CAC-4070-5072-3446-0000-6368
>  token manuf:   unknown
>  token model:   unknown
>  token flags:   readonly, token initialized
>  serial num  :  0
> Slot 1           (empty)
> Slot 2           (empty)
> Slot 3           (empty)
>
> stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
> SmartCardServices/pkcs11/tokendPKCS11.so -M
> Supported mechanisms:
>  RSA-PKCS, sign, decrypt
>  RSA-X-509, sign, decrypt
>
> stovetop:bin tmiller$ ./pkcs11-tool -tl --module /usr/libexec/
> SmartCardServices/pkcs11/tokendPKCS11.so
> C_SeedRandom() and C_GenerateRandom():
>  seeding (C_SeedRandom) not supported
>  ERR: C_GenerateRandom failed: CKR_FUNCTION_NOT_SUPPORTED (0x54)
> Digests: not implemented
> Signatures (currently only RSA signatures)
>  testing key 0 (Identity Private Key)
>  Note: C_SignUpdate(), SignFinal() not supported
> error: PKCS11 function C_Sign failed: rv = CKR_FUNCTION_FAILED (0x6)
>
> Aborting.
Interestingly, this is now working with the PIV.tokend in control  
where it wasn't earlier.  FF did update today, so maybe something  
changed there.  Anyway, same commands, same card:

stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
SmartCardServices/pkcs11/tokendPKCS11.so -L
Available slots:
Slot 0           Apple Tokend
   token label:   PIV-MILLER.TIMOTHY.J.1019052784
   token manuf:   unknown
   token model:   unknown
   token flags:   readonly, token initialized
   serial num  :  0
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
SmartCardServices/pkcs11/tokendPKCS11.so -M
Supported mechanisms:
   RSA-PKCS, sign, decrypt
   RSA-X-509, sign, decrypt
stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/
SmartCardServices/pkcs11/tokendPKCS11.so -tl
C_SeedRandom() and C_GenerateRandom():
   seeding (C_SeedRandom) not supported
   ERR: C_GenerateRandom failed: CKR_FUNCTION_NOT_SUPPORTED (0x54)
Digests: not implemented
Signatures (currently only RSA signatures)
   testing key 0 (PIV Authentication Private Key)
   Note: C_SignUpdate(), SignFinal() not supported
   testing signature mechanisms:
     RSA-X-509: ERR: verification failed
     RSA-PKCS: OK
   testing key 1 (1024 bits, label=Key Management Private Key) with 1  
signature mechanism
     RSA-PKCS: OK
Verify: not implemented
Unwrap: not implemented
Decryption (RSA)
   testing key 0 (PIV Authentication Private Key)
     RSA-PKCS: OK
     RSA-X-509: OK
   testing key 1 (Key Management Private Key)
     RSA-PKCS: OK
     RSA-X-509: OK
Testing card detection
Please press return to continue, x to exit:
Available slots:
Slot 0           Apple Tokend
   token label:   PIV-MILLER.TIMOTHY.J.1019052784
   token manuf:   unknown
   token model:   unknown
   token flags:   readonly, token initialized
   serial num  :  0
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Please press return to continue, x to exit: x
Testing card detection using C_WaitForSlotEvent
Please press return to continue, x to exit: x
2 errors
stovetop:bin tmiller$

-- Tim



_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Miller, Timothy J.
In reply to this post by JP Szikora-2
On Sep 4, 2009, at 9:15 AM, JP Szikora wrote:

> Tokend probably needs to be 64bits.  I'm surprised for the PKCS11  
> module...
> Can you test the PKCS11 module with this command:
> /Library/OpenSC/bin/pkcs11-tool -tl --module
> /Library/OpenSC/lib/opensc-pkcs11.so

Problems with OpenSC.tokend I almost expect, but the module is  
certainly a problem; it doesn't find anything on the card.  The Apple  
tokendPKCS11 module, while it fails to sign, at least sees something  
on the card (see my earlier email today in another branch of this  
thread).

Output follows:

stovetop:bin tmiller$ ./pkcs11-tool --module=../lib/opensc-pkcs11.so -L
[opensc-pkcs11] reader-pcsc.c:239:pcsc_transmit: unable to transmit
[opensc-pkcs11] apdu.c:394:do_single_transmit: unable to transmit APDU
Available slots:
Slot 0           SCM SCR 3310 00 00
   token label:   PIV_II (PIV Card Holder pin)
   token manuf:   piv_II
   token model:   PKCS#15 emulated
   token flags:   rng, login required, PIN initialized, token  
initialized
   serial num  :  00000000
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Slot 4           (empty)
Slot 5           (empty)
Slot 6           (empty)
Slot 7           (empty)
Slot 8           (empty)
Slot 9           (empty)
Slot 10          (empty)
Slot 11          (empty)
Slot 12          (empty)
Slot 13          (empty)
Slot 14          (empty)
Slot 15          (empty)
stovetop:bin tmiller$ ./pkcs11-tool --module=../lib/opensc-pkcs11.so -M
Supported mechanisms:
   SHA-1, digest
   SHA256, digest
   SHA384, digest
   SHA512, digest
   MD5, digest
   RIPEMD160, digest
   RSA-X-509, sign, verify, unwrap, decrypt
   RSA-PKCS, sign, verify, unwrap, decrypt
   SHA1-RSA-PKCS, sign, verify
   MD5-RSA-PKCS, sign, verify
   RIPEMD160-RSA-PKCS, sign, verify
   RSA-PKCS-KEY-PAIR-GEN, keypairgen
stovetop:bin tmiller$ ./pkcs11-tool --module=../lib/opensc-pkcs11.so -tl
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
   seeding (C_SeedRandom) not supported
   ERR: C_GenerateRandom failed: CKR_DATA_INVALID (0x20)
Digests:
   all 4 digest functions seem to work
   MD5: OK
   SHA-1: OK
   RIPEMD160: OK
Signatures (currently only RSA signatures)
Signatures: no private key found in this slot
Verify (currently only for RSA):
   No private key found for testing
Key unwrap (RSA)
Decryption (RSA)
Testing card detection
Please press return to continue, x to exit: x
Testing card detection using C_WaitForSlotEvent
Please press return to continue, x to exit: x
1 errors
stovetop:bin tmiller$


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

João Poupino-2
In reply to this post by Miller, Timothy J.
Hi,

I've attached two packages compiled on Snow Leopard:
OpenSC (universal binary: x86_64, i386 and ppc7400);
OpenSC.tokend (universal binary x86_64, i386, ppc7400).


OpenSC itself appears to be working fine, at least the command line  
tools and pkcs11-module.so work OK. However, I'm having trouble with  
OpenSC.tokend: the card is recognized, the certificates are recognized  
and all seems perfectly OK but, as soon as I try to use a certificate  
to login to a site, it fails mysteriously. Putting OpenSC in debug  
mode didn't help much and the debug messages generated by the Tokend  
itself aren't that helpful either...


OpenSC was compiled by downloading the SCA build scripts, and the  
following patch was applied to the Makefile:

--- Makefile_ 2009-09-12 01:23:20.000000000 +0100
+++ Makefile 2009-09-12 01:53:02.000000000 +0100
@@ -177,9 +177,11 @@

  build-opensc: fetch-opensc
  cd opensc && \
+ CFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
+ LDFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
  OPENSSL_CFLAGS="-I$(BUILDHOME)/compiled-openssl/Library/OpenSC/
include" \
  OPENSSL_LIBS="-L$(BUILDHOME)/compiled-openssl/Library/OpenSC/lib -
lcrypto" \
- ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
etc --enable-pcsc && \
+ ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
etc --enable-pcsc --disable-dependency-tracking && \
  make && \
  make install prefix=$(BUILDHOME)/compiled-opensc/Library/OpenSC
  touch $@

The OpenSC package was then created with "make package-opensc".

Compiling OpenSC.tokend is a bit trickier, after giving up on  
darwinbuild, I used Martin Paljak's instructions [1]:

In order to compile, the following patch for OpenSC.tokend is needed:

diff -urN OpenSC_/OpenSCToken.h OpenSC/OpenSCToken.h
--- OpenSC_/OpenSCToken.h 2009-09-12 16:36:10.000000000 +0100
+++ OpenSC/OpenSCToken.h 2009-09-12 15:11:17.000000000 +0100
@@ -76,7 +76,7 @@
  //virtual void authenticate(CSSM_DB_ACCESS_TYPE mode, const  
AccessCredentials *cred);
  bool _verifyPIN(int pinNum, const unsigned char *pin, size_t  
pinLength);

-  bool OpenSCToken:: _changePIN( int pinNum,
+  bool _changePIN( int pinNum,
                                   const unsigned char *oldPin, size_t  
oldPinLength,
                                   const unsigned char *newPin, size_t  
newPinLength );


The Tokend was first compiled with Leopard's SDK, in order to support  
the i386 and ppc7400 architectures.

To compile the Tokend for x86_64, using Snow Leopard's SDK, the  
following frameworks had to be changed from the Leopard versions  
(provided by Martin) to the Snow Leopard versions:

Security.framework
SecurityTokend.framework
security_cdsa_client.framework
security_cdsa_utilities.framework
security_utilities.framework

You can get the necessary files at [2].

In the end, the lipo(1) tool was used to generate the universal binary  
for the Tokend.

If anyone is willing to test it and verify if it's working or not (and  
why it's not working...) it would be great.

[1] - http://wiki.github.com/martinpaljak/opensc.tokend
[2] - http://src.macosforge.org/Roots/10A432/

P.S. - The OpenSC version is 0.11.9 + Portugal's eID card support  
(experimental)










On Sep 3, 2009, at 8:39 PM, Miller, Timothy J. wrote:

> Afore I go build it, has anyone else done so?
>
> -- Tim
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

OpenSC.pkg.zip (4M) Download Attachment
OpenSC.tokend.zip (384K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

João Poupino-2
In reply to this post by Miller, Timothy J.
[Resending the message due to the 40KB attachment limit]

Hi,

I've attached two packages compiled on Snow Leopard:
OpenSC (universal binary: x86_64, i386 and ppc7400);
OpenSC.tokend (universal binary x86_64, i386, ppc7400).


OpenSC itself appears to be working fine, at least the command line  
tools and pkcs11-module.so work OK. However, I'm having trouble with  
OpenSC.tokend: the card is recognized, the certificates are recognized  
and all seems perfectly OK but, as soon as I try to use a certificate  
to login to a site, it fails mysteriously. Putting OpenSC in debug  
mode didn't help much and the debug messages generated by the Tokend  
itself aren't that helpful either...


OpenSC was compiled by downloading the SCA build scripts, and the  
following patch was applied to the Makefile:

--- Makefile_ 2009-09-12 01:23:20.000000000 +0100
+++ Makefile 2009-09-12 01:53:02.000000000 +0100
@@ -177,9 +177,11 @@

build-opensc: fetch-opensc
        cd opensc && \
+ CFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
+ LDFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
        OPENSSL_CFLAGS="-I$(BUILDHOME)/compiled-openssl/Library/OpenSC/
include" \
        OPENSSL_LIBS="-L$(BUILDHOME)/compiled-openssl/Library/OpenSC/lib -
lcrypto" \
- ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
etc --enable-pcsc && \
+ ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
etc --enable-pcsc --disable-dependency-tracking && \
        make && \
        make install prefix=$(BUILDHOME)/compiled-opensc/Library/OpenSC
        touch $@

The OpenSC package was then created with "make package-opensc".

Compiling OpenSC.tokend is a bit trickier, after giving up on  
darwinbuild, I used Martin Paljak's instructions [1]:

In order to compile, the following patch for OpenSC.tokend is needed:

diff -urN OpenSC_/OpenSCToken.h OpenSC/OpenSCToken.h
--- OpenSC_/OpenSCToken.h 2009-09-12 16:36:10.000000000 +0100
+++ OpenSC/OpenSCToken.h 2009-09-12 15:11:17.000000000 +0100
@@ -76,7 +76,7 @@
        //virtual void authenticate(CSSM_DB_ACCESS_TYPE mode, const  
AccessCredentials *cred);
        bool _verifyPIN(int pinNum, const unsigned char *pin, size_t  
pinLength);

-  bool OpenSCToken:: _changePIN( int pinNum,
+  bool _changePIN( int pinNum,
                                  const unsigned char *oldPin, size_t  
oldPinLength,
                                  const unsigned char *newPin, size_t  
newPinLength );


The Tokend was first compiled with Leopard's SDK, in order to support  
the i386 and ppc7400 architectures.

To compile the Tokend for x86_64, using Snow Leopard's SDK, the  
following frameworks had to be changed from the Leopard versions  
(provided by Martin) to the Snow Leopard versions:

Security.framework
SecurityTokend.framework
security_cdsa_client.framework
security_cdsa_utilities.framework
security_utilities.framework

You can get the necessary files at [2].

In the end, the lipo(1) tool was used to generate the universal binary  
for the Tokend.

If anyone is willing to test it and verify if it's working or not (and  
why it's not working...) it would be great.

Thanks.

João

[1] - http://wiki.github.com/martinpaljak/opensc.tokend
[2] - http://src.macosforge.org/Roots/10A432/

P.S. - The OpenSC version is 0.11.9 + Portugal's eID card support  
(experimental)


The packages are at:

http://web.ist.utl.pt/~joao.poupino/OpenSC.pkg.zip
http://web.ist.utl.pt/~joao.poupino/OpenSC.tokend.zip


On Sep 3, 2009, at 8:39 PM, Miller, Timothy J. wrote:

> Afore I go build it, has anyone else done so?
>
> -- Tim
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Martin Paljak-2
Look into /Library/Logs/CrashReports/ (with sudo) and send the OpenSC
log, if available (assuming it crashed, which was the case with me).

I can check your build tomorrow.

Thanks,

On 12/09/2009, João Poupino <[hidden email]> wrote:

> [Resending the message due to the 40KB attachment limit]
>
> Hi,
>
> I've attached two packages compiled on Snow Leopard:
> OpenSC (universal binary: x86_64, i386 and ppc7400);
> OpenSC.tokend (universal binary x86_64, i386, ppc7400).
>
>
> OpenSC itself appears to be working fine, at least the command line
> tools and pkcs11-module.so work OK. However, I'm having trouble with
> OpenSC.tokend: the card is recognized, the certificates are recognized
> and all seems perfectly OK but, as soon as I try to use a certificate
> to login to a site, it fails mysteriously. Putting OpenSC in debug
> mode didn't help much and the debug messages generated by the Tokend
> itself aren't that helpful either...
>
>
> OpenSC was compiled by downloading the SCA build scripts, and the
> following patch was applied to the Makefile:
>
> --- Makefile_ 2009-09-12 01:23:20.000000000 +0100
> +++ Makefile 2009-09-12 01:53:02.000000000 +0100
> @@ -177,9 +177,11 @@
>
> build-opensc: fetch-opensc
> cd opensc && \
> + CFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
> + LDFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
> OPENSSL_CFLAGS="-I$(BUILDHOME)/compiled-openssl/Library/OpenSC/
> include" \
> OPENSSL_LIBS="-L$(BUILDHOME)/compiled-openssl/Library/OpenSC/lib -
> lcrypto" \
> - ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
> etc --enable-pcsc && \
> + ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
> etc --enable-pcsc --disable-dependency-tracking && \
> make && \
> make install prefix=$(BUILDHOME)/compiled-opensc/Library/OpenSC
> touch $@
>
> The OpenSC package was then created with "make package-opensc".
>
> Compiling OpenSC.tokend is a bit trickier, after giving up on
> darwinbuild, I used Martin Paljak's instructions [1]:
>
> In order to compile, the following patch for OpenSC.tokend is needed:
>
> diff -urN OpenSC_/OpenSCToken.h OpenSC/OpenSCToken.h
> --- OpenSC_/OpenSCToken.h 2009-09-12 16:36:10.000000000 +0100
> +++ OpenSC/OpenSCToken.h 2009-09-12 15:11:17.000000000 +0100
> @@ -76,7 +76,7 @@
> //virtual void authenticate(CSSM_DB_ACCESS_TYPE mode, const
> AccessCredentials *cred);
> bool _verifyPIN(int pinNum, const unsigned char *pin, size_t
> pinLength);
>
> -  bool OpenSCToken:: _changePIN( int pinNum,
> +  bool _changePIN( int pinNum,
>                                   const unsigned char *oldPin, size_t
> oldPinLength,
>                                   const unsigned char *newPin, size_t
> newPinLength );
>
>
> The Tokend was first compiled with Leopard's SDK, in order to support
> the i386 and ppc7400 architectures.
>
> To compile the Tokend for x86_64, using Snow Leopard's SDK, the
> following frameworks had to be changed from the Leopard versions
> (provided by Martin) to the Snow Leopard versions:
>
> Security.framework
> SecurityTokend.framework
> security_cdsa_client.framework
> security_cdsa_utilities.framework
> security_utilities.framework
>
> You can get the necessary files at [2].
>
> In the end, the lipo(1) tool was used to generate the universal binary
> for the Tokend.
>
> If anyone is willing to test it and verify if it's working or not (and
> why it's not working...) it would be great.
>
> Thanks.
>
> João
>
> [1] - http://wiki.github.com/martinpaljak/opensc.tokend
> [2] - http://src.macosforge.org/Roots/10A432/
>
> P.S. - The OpenSC version is 0.11.9 + Portugal's eID card support
> (experimental)
>
>
> The packages are at:
>
> http://web.ist.utl.pt/~joao.poupino/OpenSC.pkg.zip
> http://web.ist.utl.pt/~joao.poupino/OpenSC.tokend.zip
>
>
> On Sep 3, 2009, at 8:39 PM, Miller, Timothy J. wrote:
>
>> Afore I go build it, has anyone else done so?
>>
>> -- Tim
>> _______________________________________________
>> opensc-devel mailing list
>> [hidden email]
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>

--
Sent from my mobile device

Martin Paljak
http://martin.paljak.pri.ee
GSM:+3725156495
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

João Poupino-2
Hi Martin. Sorry, it didn't crash...

When I said "it fails", I meant "it doesn't do anything". The Keychain  
remains visible in Keychain Access, the OpenSC.tokend process  
continues to run, all apparently "normal"...

Thanks.

João

On Sep 12, 2009, at 5:55 PM, Martin Paljak wrote:

> Look into /Library/Logs/CrashReports/ (with sudo) and send the OpenSC
> log, if available (assuming it crashed, which was the case with me).
>
> I can check your build tomorrow.
>
> Thanks,
>
> On 12/09/2009, João Poupino <[hidden email]> wrote:
>> [Resending the message due to the 40KB attachment limit]
>>
>> Hi,
>>
>> I've attached two packages compiled on Snow Leopard:
>> OpenSC (universal binary: x86_64, i386 and ppc7400);
>> OpenSC.tokend (universal binary x86_64, i386, ppc7400).
>>
>>
>> OpenSC itself appears to be working fine, at least the command line
>> tools and pkcs11-module.so work OK. However, I'm having trouble with
>> OpenSC.tokend: the card is recognized, the certificates are  
>> recognized
>> and all seems perfectly OK but, as soon as I try to use a certificate
>> to login to a site, it fails mysteriously. Putting OpenSC in debug
>> mode didn't help much and the debug messages generated by the Tokend
>> itself aren't that helpful either...
>>
>>
>> OpenSC was compiled by downloading the SCA build scripts, and the
>> following patch was applied to the Makefile:
>>
>> --- Makefile_ 2009-09-12 01:23:20.000000000 +0100
>> +++ Makefile 2009-09-12 01:53:02.000000000 +0100
>> @@ -177,9 +177,11 @@
>>
>> build-opensc: fetch-opensc
>> cd opensc && \
>> + CFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
>> + LDFLAGS="-arch x86_64 -arch i386 -arch ppc7400" \
>> OPENSSL_CFLAGS="-I$(BUILDHOME)/compiled-openssl/Library/OpenSC/
>> include" \
>> OPENSSL_LIBS="-L$(BUILDHOME)/compiled-openssl/Library/OpenSC/lib -
>> lcrypto" \
>> - ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
>> etc --enable-pcsc && \
>> + ./configure --prefix=/Library/OpenSC --sysconfdir=/Library/OpenSC/
>> etc --enable-pcsc --disable-dependency-tracking && \
>> make && \
>> make install prefix=$(BUILDHOME)/compiled-opensc/Library/OpenSC
>> touch $@
>>
>> The OpenSC package was then created with "make package-opensc".
>>
>> Compiling OpenSC.tokend is a bit trickier, after giving up on
>> darwinbuild, I used Martin Paljak's instructions [1]:
>>
>> In order to compile, the following patch for OpenSC.tokend is needed:
>>
>> diff -urN OpenSC_/OpenSCToken.h OpenSC/OpenSCToken.h
>> --- OpenSC_/OpenSCToken.h 2009-09-12 16:36:10.000000000 +0100
>> +++ OpenSC/OpenSCToken.h 2009-09-12 15:11:17.000000000 +0100
>> @@ -76,7 +76,7 @@
>> //virtual void authenticate(CSSM_DB_ACCESS_TYPE mode, const
>> AccessCredentials *cred);
>> bool _verifyPIN(int pinNum, const unsigned char *pin, size_t
>> pinLength);
>>
>> -  bool OpenSCToken:: _changePIN( int pinNum,
>> +  bool _changePIN( int pinNum,
>>                                  const unsigned char *oldPin, size_t
>> oldPinLength,
>>                                  const unsigned char *newPin, size_t
>> newPinLength );
>>
>>
>> The Tokend was first compiled with Leopard's SDK, in order to support
>> the i386 and ppc7400 architectures.
>>
>> To compile the Tokend for x86_64, using Snow Leopard's SDK, the
>> following frameworks had to be changed from the Leopard versions
>> (provided by Martin) to the Snow Leopard versions:
>>
>> Security.framework
>> SecurityTokend.framework
>> security_cdsa_client.framework
>> security_cdsa_utilities.framework
>> security_utilities.framework
>>
>> You can get the necessary files at [2].
>>
>> In the end, the lipo(1) tool was used to generate the universal  
>> binary
>> for the Tokend.
>>
>> If anyone is willing to test it and verify if it's working or not  
>> (and
>> why it's not working...) it would be great.
>>
>> Thanks.
>>
>> João
>>
>> [1] - http://wiki.github.com/martinpaljak/opensc.tokend
>> [2] - http://src.macosforge.org/Roots/10A432/
>>
>> P.S. - The OpenSC version is 0.11.9 + Portugal's eID card support
>> (experimental)
>>
>>
>> The packages are at:
>>
>> http://web.ist.utl.pt/~joao.poupino/OpenSC.pkg.zip
>> http://web.ist.utl.pt/~joao.poupino/OpenSC.tokend.zip
>>
>>
>> On Sep 3, 2009, at 8:39 PM, Miller, Timothy J. wrote:
>>
>>> Afore I go build it, has anyone else done so?
>>>
>>> -- Tim
>>> _______________________________________________
>>> opensc-devel mailing list
>>> [hidden email]
>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>
>> _______________________________________________
>> opensc-devel mailing list
>> [hidden email]
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>
>
> --
> Sent from my mobile device
>
> Martin Paljak
> http://martin.paljak.pri.ee
> GSM:+3725156495

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

Martin Paljak-2
In reply to this post by João Poupino-2
After installing the OpenSC.pkg I have problems with missing libltdl.
3.dylib:
I remember that it got bundled because it did not exist on machines  
without Developer tools installed, but can't remember if it changed  
with 10.5 or Need to investigate clean 10.4 and 10.5 installations if  
the dylib is installed or not.
After fixing it Tokend works and certificates appear, great succes!

lrwxr-xr-x 1 root wheel     24 26. juuli 17:27 /usr/lib/libltdl.
3.1.0.dylib -> /usr/lib/libltdl.3.dylib
lrwxr-xr-x 1 root staff     15 28. aug   11:17 /usr/lib/libltdl.
3.1.4.dylib -> libltdl.3.dylib
lrwxr-xr-x 1 root wheel     15 28. aug   11:17 /usr/lib/libltdl.
7.1.2.dylib -> libltdl.7.dylib
-rwxr-xr-x 1 root wheel 123888 18. mai   20:26 /usr/lib/libltdl.7.dylib
-rw-r--r-- 1 root wheel 318748 18. mai   20:26 /usr/lib/libltdl.a
lrwxr-xr-x 1 root wheel     24 14. sept  14:26 /usr/lib/libltdl.dylib -
 > /usr/lib/libltdl.3.dylib


Interestingly my personal OpenSC tree does not work and crashes, even  
though it has 64bits. Probably there is difference in OSX deployment  
target (I'm using 10.5, OpenSC.tokend has 10.4)

Have you upgraded your eID patch? Would be OK to include it maybe?





On 12.09.2009, at 19:10, João Poupino wrote:

>
> The Tokend was first compiled with Leopard's SDK, in order to support
> the i386 and ppc7400 architectures.
>
> To compile the Tokend for x86_64, using Snow Leopard's SDK, the
> following frameworks had to be changed from the Leopard versions
> (provided by Martin) to the Snow Leopard versions:
>
> Security.framework
> SecurityTokend.framework
> security_cdsa_client.framework
> security_cdsa_utilities.framework
> security_utilities.framework

--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495




_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SCA for Snow Leopard built yet?

João Poupino-2
Hello Martin, thanks for helping!


On Sep 14, 2009, at 3:48 PM, Martin Paljak wrote:

> After installing the OpenSC.pkg I have problems with missing libltdl.
> 3.dylib:
> I remember that it got bundled because it did not exist on machines  
> without Developer tools installed, but can't remember if it changed  
> with 10.5 or Need to investigate clean 10.4 and 10.5 installations  
> if the dylib is installed or not.
Sorry, I forgot to bundle it. I confirm that both 10.5 and 10.6 do not  
have libltdl.3.dylib by default.

> After fixing it Tokend works and certificates appear, great succes!
>
That's great! But can you actually use the token? In my case the  
certificates show up in the Keychain, but when I try to login with the  
card, it fails. If I try to login to a website with Safari using one  
of the certificates on the card, it also fails... Can you, for  
example, login to website with the card?

> lrwxr-xr-x 1 root wheel     24 26. juuli 17:27 /usr/lib/libltdl.
> 3.1.0.dylib -> /usr/lib/libltdl.3.dylib
> lrwxr-xr-x 1 root staff     15 28. aug   11:17 /usr/lib/libltdl.
> 3.1.4.dylib -> libltdl.3.dylib
> lrwxr-xr-x 1 root wheel     15 28. aug   11:17 /usr/lib/libltdl.
> 7.1.2.dylib -> libltdl.7.dylib
> -rwxr-xr-x 1 root wheel 123888 18. mai   20:26 /usr/lib/libltdl.
> 7.dylib
> -rw-r--r-- 1 root wheel 318748 18. mai   20:26 /usr/lib/libltdl.a
> lrwxr-xr-x 1 root wheel     24 14. sept  14:26 /usr/lib/
> libltdl.dylib -> /usr/lib/libltdl.3.dylib
>
>
> Interestingly my personal OpenSC tree does not work and crashes,  
> even though it has 64bits. Probably there is difference in OSX  
> deployment target (I'm using 10.5, OpenSC.tokend has 10.4)
>
> Have you upgraded your eID patch? Would be OK to include it maybe?
>
The patch its almost done. We haven't released it yet because we need  
to test the "Change PIN" operation in the older version of the card,  
but we are waiting that one of those cards becomes available to us.  
Apart from that, its pretty much finished I guess - I hope to finish  
in the next few days (if I can get my hands on one the older cards...).


Thank you.

João

>
>
>
>
> On 12.09.2009, at 19:10, João Poupino wrote:
>>
>> The Tokend was first compiled with Leopard's SDK, in order to support
>> the i386 and ppc7400 architectures.
>>
>> To compile the Tokend for x86_64, using Snow Leopard's SDK, the
>> following frameworks had to be changed from the Leopard versions
>> (provided by Martin) to the Snow Leopard versions:
>>
>> Security.framework
>> SecurityTokend.framework
>> security_cdsa_client.framework
>> security_cdsa_utilities.framework
>> security_utilities.framework
>
> --
> Martin Paljak
> http://martin.paljak.pri.ee
> +372.515.6495
>
>
>
>

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel