Telia IP5a - RSA 2048

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Telia IP5a - RSA 2048

Marcus Andersson
Hi,

I have a Swedish SITHS card named "Telia IP5a", which is detected as a
SC_CARD_TYPE_SETCOS_EID_V2_1. It uses RSA 2048, but this key length is
not in the list of algorithms for the card in the file card-setcos.c.
This has been pointed out before in ticket #322 [1], but apparently the
patch was not applied then. The card in the ticket was reported as a
SC_CARD_TYPE_SETCOS_44, which uses the same configuration path in
card-setcos.c as my card and two others, SC_CARD_TYPE_SETCOS_EID_V2_0
and SC_CARD_TYPE_SETCOS_NIDEL. Is it acceptable to add RSA 2048 to all
four cards, or should the configuration be split until we know more
about the other two?

[1] https://www.opensc-project.org/opensc/ticket/322

Best regards,
Marcus Andersson


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Telia IP5a - RSA 2048

Martin Paljak-4
Hello,

Can you generate any new keys or certificates on the card? If not, the
best would be to populate the card capabilities from reading the
certificates off the card first (if it is a traditional PKI card) and
adjust the card "capabilities" (which are basically artificial
restrictions set in the code) accordingly.

Martin
--
Martin
+372 515 6495


On Mon, Oct 14, 2013 at 11:56 AM, Marcus Andersson
<[hidden email]> wrote:

> Hi,
>
> I have a Swedish SITHS card named "Telia IP5a", which is detected as a
> SC_CARD_TYPE_SETCOS_EID_V2_1. It uses RSA 2048, but this key length is
> not in the list of algorithms for the card in the file card-setcos.c.
> This has been pointed out before in ticket #322 [1], but apparently the
> patch was not applied then. The card in the ticket was reported as a
> SC_CARD_TYPE_SETCOS_44, which uses the same configuration path in
> card-setcos.c as my card and two others, SC_CARD_TYPE_SETCOS_EID_V2_0
> and SC_CARD_TYPE_SETCOS_NIDEL. Is it acceptable to add RSA 2048 to all
> four cards, or should the configuration be split until we know more
> about the other two?
>
> [1] https://www.opensc-project.org/opensc/ticket/322
>
> Best regards,
> Marcus Andersson
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Telia IP5a - RSA 2048

Marcus Andersson
Hi,

that sounds like a good approach. Where is the appropriate place to do
this, in card-setcos.c? Is this done for any other card already, for me
to look at for ideas? Can it be done at a higher level to cover more cards?

Marcus

Martin Paljak skrev 2013-10-14 16:32:

> Hello,
>
> Can you generate any new keys or certificates on the card? If not, the
> best would be to populate the card capabilities from reading the
> certificates off the card first (if it is a traditional PKI card) and
> adjust the card "capabilities" (which are basically artificial
> restrictions set in the code) accordingly.
>
> Martin
> --
> Martin
> +372 515 6495
>
>
> On Mon, Oct 14, 2013 at 11:56 AM, Marcus Andersson
> <[hidden email]> wrote:
>> Hi,
>>
>> I have a Swedish SITHS card named "Telia IP5a", which is detected as a
>> SC_CARD_TYPE_SETCOS_EID_V2_1. It uses RSA 2048, but this key length is
>> not in the list of algorithms for the card in the file card-setcos.c.
>> This has been pointed out before in ticket #322 [1], but apparently the
>> patch was not applied then. The card in the ticket was reported as a
>> SC_CARD_TYPE_SETCOS_44, which uses the same configuration path in
>> card-setcos.c as my card and two others, SC_CARD_TYPE_SETCOS_EID_V2_0
>> and SC_CARD_TYPE_SETCOS_NIDEL. Is it acceptable to add RSA 2048 to all
>> four cards, or should the configuration be split until we know more
>> about the other two?
>>
>> [1] https://www.opensc-project.org/opensc/ticket/322
>>
>> Best regards,
>> Marcus Andersson
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
>> the latest Intel processors and coprocessors. See abstracts and register >
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel