new release?

classic Classic list List threaded Threaded
51 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert


On 9/24/2012 12:52 PM, Viktor Tarasov wrote:

> On Wed, Sep 19, 2012 at 11:54 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>     I have been testing 0.13.0-pre1 from tarball listed below.
>
>     Builds on Solaris.
>
>     works with MIT Kerberos PKINIT and pam_krb5 to login to AD as the KDC.
>
>     Can sign Email using thunderbird 13.0.1.
>
>     The pkcs11-tool -derive using ECDH works using a PIV test card from NIST
>     and a card I created. (i.e. using the key frome a card and the cert from
>     the other card, will produce the same secret key.)
>
>
> Ok, thanks for the testing.
>
> In 0.13.0-pre1 there is the bug that concerns the using of non-initialized OID data.
> My non-regression tests were done with the current (*d525ca97e3*) 'master' version:
>
> For the OpenSC installed on Linux from tarball
> the following tests of the where done using the pkcs15 and pkcs11 tools,
> with the cards 'CardOS v4.3B', 'SetCOS 4.4.1 B', 'Athena', 'Aventra' and 'Feitian':
> - erase card (pkcs15-init -E);
> - initialize (ex. pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" --so-puk "123456" --pin "999999" --puk "888888");
> - generate RSA 1024/2048 (depending on card);
> - import PKCS#12 with user and CA certificates;
> - get public key from imported or generated key;
> - sign data using pkcs15-crypt and pkcs11-tool and verify it with openssl;
> - decrypt the data encypted by openssl;
>
> Using Firefox 12.0 and Thunderbird 15.0.1, on Vista, with IAS/ECC card and OpenSC installed from MSI:
> - generate key and sign certificate request;
> - import certificate;
> - authenticate to access protected web page.
> - import PKCS#12;
> - sign mail;
> - decrypt mail.
>
> As for me, still to test are minidriver (IE and outlook), smartcard logon (windows) and SM (for the cards that support it).
>
> Do you have other suggestions for the non-regression tests?

If you have a Windows build, I could test PKCS#11 on Windows 7 with Firefox and Thinderbird.


>
> Kind regards,
> Viktor.
>
>
>     On 9/17/2012 3:00 PM, Viktor Tarasov wrote:
>      > Hello,
>      >
>      > Le 15/09/2012 16:52, Kalev Lember a écrit :
>      >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>      >>> Hello,
>      >>>
>      >>> current github 'staging' is tagged as v0.13.0-pre1.
>      >>>
>      >>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>      >>> and to prepare the coming release candidate.
>      >> Very good idea. I think it makes a lot of sense to have just one
>      >> 'master' branch for development; this is what people coming over from
>      >> other projects tend to expect.
>      >
>      >
>      > 'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
>      > Until the end of this release the pull requests to 'staging' are also accepted.
>      >
>      > The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
>      > could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...
>      >
>      > Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
>      > https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>
>      >
>      > The resulting packages are transfered to 'download' part of the opensc-project.org <http://opensc-project.org> file server:
>      >   - commits to
>      > http://www.opensc-project.org/downloads/projects/opensc/nightly/
>      >   - releases to
>      > http://www.opensc-project.org/downloads/projects/opensc/releases/
>      >
>      >
>      > For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
>      > Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.
>      >
>      > It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
>      > Your remarks, proposals, contributions are heartily welcome.
>      >
>      > Kind regards,
>      > Viktor.
>      > _______________________________________________
>      > opensc-devel mailing list
>      > [hidden email] <mailto:[hidden email]>
>      > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>      >
>      >
>
>     --
>
>        Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>
>        Argonne National Laboratory
>        9700 South Cass Avenue
>        Argonne, Illinois  60439
>     (630) 252-5444 <tel:%28630%29%20252-5444>
>
>
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
Duh, I see you have 32 and 64 bit msi files.

Since I was using 32 bit firefox and Thunderbird, I installed the 32 bit
version on W7 64. It install the clients in \Program Files (x86)\...
but not the Windows\system32\opensc-pkcs11.dll


If I then install the 64 bit msi, it installs the \Program Files\OpenSC\...
and installs Windows\system32\opensc-pkcs11.dll.


Is the intent that the 64 bit msi install 64 bit tools, and opensc.dll
and the 32 bit opensc-pkcs11.dll? Is there a 64 bit opensc-pkcs11.dll?

Firefox 8.0.1 works to a web site.

Thunderbird 13.0.1 complains about the signing certificate usage, but
appears to read the certificates, and TB says the certificate chain is valid
and all the CA certs are listed as trusted for signing e-mail.
This sounds like a Thunderbird bug. Will have to look some more.
but it looks like OpenSC is working.

I was able to sign using TB 13.0.1 on Solaris using a test account.


On 9/24/2012 2:43 PM, Douglas E. Engert wrote:

>
>
> On 9/24/2012 12:52 PM, Viktor Tarasov wrote:
>> On Wed, Sep 19, 2012 at 11:54 PM, Douglas E. Engert <[hidden email] <mailto:[hidden email]>> wrote:
>>
>>      I have been testing 0.13.0-pre1 from tarball listed below.
>>
>>      Builds on Solaris.
>>
>>      works with MIT Kerberos PKINIT and pam_krb5 to login to AD as the KDC.
>>
>>      Can sign Email using thunderbird 13.0.1.
>>
>>      The pkcs11-tool -derive using ECDH works using a PIV test card from NIST
>>      and a card I created. (i.e. using the key frome a card and the cert from
>>      the other card, will produce the same secret key.)
>>
>>
>> Ok, thanks for the testing.
>>
>> In 0.13.0-pre1 there is the bug that concerns the using of non-initialized OID data.
>> My non-regression tests were done with the current (*d525ca97e3*) 'master' version:
>>
>> For the OpenSC installed on Linux from tarball
>> the following tests of the where done using the pkcs15 and pkcs11 tools,
>> with the cards 'CardOS v4.3B', 'SetCOS 4.4.1 B', 'Athena', 'Aventra' and 'Feitian':
>> - erase card (pkcs15-init -E);
>> - initialize (ex. pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" --so-puk "123456" --pin "999999" --puk "888888");
>> - generate RSA 1024/2048 (depending on card);
>> - import PKCS#12 with user and CA certificates;
>> - get public key from imported or generated key;
>> - sign data using pkcs15-crypt and pkcs11-tool and verify it with openssl;
>> - decrypt the data encypted by openssl;
>>
>> Using Firefox 12.0 and Thunderbird 15.0.1, on Vista, with IAS/ECC card and OpenSC installed from MSI:
>> - generate key and sign certificate request;
>> - import certificate;
>> - authenticate to access protected web page.
>> - import PKCS#12;
>> - sign mail;
>> - decrypt mail.
>>
>> As for me, still to test are minidriver (IE and outlook), smartcard logon (windows) and SM (for the cards that support it).
>>
>> Do you have other suggestions for the non-regression tests?
>
> If you have a Windows build, I could test PKCS#11 on Windows 7 with Firefox and Thinderbird.
>
>
>>
>> Kind regards,
>> Viktor.
>>
>>
>>      On 9/17/2012 3:00 PM, Viktor Tarasov wrote:
>>       > Hello,
>>       >
>>       > Le 15/09/2012 16:52, Kalev Lember a écrit :
>>       >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>>       >>> Hello,
>>       >>>
>>       >>> current github 'staging' is tagged as v0.13.0-pre1.
>>       >>>
>>       >>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>>       >>> and to prepare the coming release candidate.
>>       >> Very good idea. I think it makes a lot of sense to have just one
>>       >> 'master' branch for development; this is what people coming over from
>>       >> other projects tend to expect.
>>       >
>>       >
>>       > 'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
>>       > Until the end of this release the pull requests to 'staging' are also accepted.
>>       >
>>       > The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
>>       > could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...
>>       >
>>       > Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
>>       > https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>
>>       >
>>       > The resulting packages are transfered to 'download' part of the opensc-project.org <http://opensc-project.org> file server:
>>       >   - commits to
>>       > http://www.opensc-project.org/downloads/projects/opensc/nightly/
>>       >   - releases to
>>       > http://www.opensc-project.org/downloads/projects/opensc/releases/
>>       >
>>       >
>>       > For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
>>       > Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.
>>       >
>>       > It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
>>       > Your remarks, proposals, contributions are heartily welcome.
>>       >
>>       > Kind regards,
>>       > Viktor.
>>       > _______________________________________________
>>       > opensc-devel mailing list
>>       > [hidden email] <mailto:[hidden email]>
>>       > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>       >
>>       >
>>
>>      --
>>
>>         Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>
>>         Argonne National Laboratory
>>         9700 South Cass Avenue
>>         Argonne, Illinois  60439
>>      (630) 252-5444 <tel:%28630%29%20252-5444>
>>
>>
>>      _______________________________________________
>>      opensc-devel mailing list
>>      [hidden email] <mailto:[hidden email]>
>>      http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>
>>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Jean-Michel Pouré - GOOZE
> Thunderbird 13.0.1 complains about the signing certificate usage,

ePass2003 users also reported an issue about signing certificates:
www.gooze.eu/forums/support/epass2003-as-ca-with-openssl

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Andreas Schwier
In reply to this post by Viktor Tarasov-3
Hi Viktor,

we've completed the development of write support for the SmartCard-HSM
and are in the middle of testing and bug-fixing.

The code is based on the latest version in OpenSC/staging and changes
mostly apply to our own code.

Is there a chance to get write support into the upcomin release ?

If yes, I would prepare a pull request against the CardContact/staging
branch.


Andreas



Am 17.09.2012 22:00, schrieb Viktor Tarasov:

> Hello,
>
> Le 15/09/2012 16:52, Kalev Lember a écrit :
>> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>>> Hello,
>>>
>>> current github 'staging' is tagged as v0.13.0-pre1.
>>>
>>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>>> and to prepare the coming release candidate.
>> Very good idea. I think it makes a lot of sense to have just one
>> 'master' branch for development; this is what people coming over from
>> other projects tend to expect.
>
> 'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
> Until the end of this release the pull requests to 'staging' are also accepted.
>
> The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
> could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...
>
> Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
> https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>
>
> The resulting packages are transfered to 'download' part of the opensc-project.org file server:
>  - commits to
>     http://www.opensc-project.org/downloads/projects/opensc/nightly/
>  - releases to
>     http://www.opensc-project.org/downloads/projects/opensc/releases/
>
>
> For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
> Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.
>
> It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
> Your remarks, proposals, contributions are heartily welcome.
>
> Kind regards,
> Viktor.
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
In reply to this post by Douglas E. Engert
Thunderbird 13.0.1 can now sign e-mail.
I had forgot to uncomment in opensc.conf:

    pin_cache_ignore_user_consent = true;

a new feature of 0.13.0pre1

See:
http://www.opensc-project.org/pipermail/opensc-devel/2012-August/018282.html

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444




_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (13K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
In reply to this post by Andreas Schwier
Hi Andreas,

On Tue, Sep 25, 2012 at 9:14 AM, Andreas Schwier <[hidden email]> wrote:
we've completed the development of write support for the SmartCard-HSM
and are in the middle of testing and bug-fixing.

Fine, 
what part of the common OpenSC libraries are involved into your tests (pkcs11, minidriver, pkcs15, ...) ?
What are the OSs?

 

The code is based on the latest version in OpenSC/staging and changes
mostly apply to our own code.

Is there a chance to get write support into the upcomin release ?

If yes, I would prepare a pull request against the CardContact/staging
branch.

Ok, 
you can make pull request to 'staging' or 'master' of OpenSC/OpenSC -- two branches are kept syncronized.


Andreas

Kind wishes,
Viktor.
 



Am 17.09.2012 22:00, schrieb Viktor Tarasov:
> Hello,
>
> Le 15/09/2012 16:52, Kalev Lember a écrit :
>> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>>> Hello,
>>>
>>> current github 'staging' is tagged as v0.13.0-pre1.
>>>
>>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>>> and to prepare the coming release candidate.
>> Very good idea. I think it makes a lot of sense to have just one
>> 'master' branch for development; this is what people coming over from
>> other projects tend to expect.
>
> 'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
> Until the end of this release the pull requests to 'staging' are also accepted.
>
> The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
> could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...
>
> Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
> https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>
>
> The resulting packages are transfered to 'download' part of the opensc-project.org file server:
>  - commits to
>     http://www.opensc-project.org/downloads/projects/opensc/nightly/
>  - releases to
>     http://www.opensc-project.org/downloads/projects/opensc/releases/
>
>
> For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
> Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.
>
> It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
> Your remarks, proposals, contributions are heartily welcome.
>
> Kind regards,
> Viktor.
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone <a href="tel:%2B49%20571%2056149" value="+4957156149">+49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Andreas Schwier
Hi Viktor,

we are testing on Windows XP SP3, Debian Lenny and a current Ubuntu
version. Our focus is on PKCS#11 and integration with Firefox,
Thunderbird and XCA. We already tested minidriver with IE and Outlook,
but we do short regression tests with each new build.

We've set up automated tests using our Smart Card Shell, which
interfaces with PKCS#11 using opensc-java. This way we test key
generation of all kinds (RSA/EC), certificates issuance and storing as
well as data element reading/writing. We also have a quick regression
test using a script with various pkcs11-tool commands. We've also done
tests using the IAIK PKCS#11 wrapper that worked well.

So far we're quite confident that the current code base is stable.

We have three things left on our list, but they are not pressing:

1. Adding support to have domain parameter at the PKCS#11 interface for
EC public keys after on card generation (i.e. serialize/ deserialize
public keys as spki)
2. Adding support for explicit domain parameter in EC_PARAMS
3. Fast-track C_Initialize and C_SetPIN into the card-driver (The
SmartCard-HSM uses a PKCS#11 like token initialization)

Given the fact, that these changes touch core code, we would schedule
this topics for the .14 release.

Andreas

Am 25.09.2012 17:04, schrieb Viktor Tarasov:

> Hi Andreas,
>
> On Tue, Sep 25, 2012 at 9:14 AM, Andreas Schwier
> <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     we've completed the development of write support for the SmartCard-HSM
>     and are in the middle of testing and bug-fixing.
>
>
> Fine,
> what part of the common OpenSC libraries are involved into your tests
> (pkcs11, minidriver, pkcs15, ...) ?
> What are the OSs?
>
>  
>
>
>     The code is based on the latest version in OpenSC/staging and changes
>     mostly apply to our own code.
>
>     Is there a chance to get write support into the upcomin release ?
>
>     If yes, I would prepare a pull request against the CardContact/staging
>     branch.
>
>
> Ok,
> you can make pull request to 'staging' or 'master' of OpenSC/OpenSC --
> two branches are kept syncronized.
>
>
>     Andreas
>
>
> Kind wishes,
> Viktor.
>  
>
>
>
>
>     Am 17.09.2012 22:00, schrieb Viktor Tarasov:
>     > Hello,
>     >
>     > Le 15/09/2012 16:52, Kalev Lember a écrit :
>     >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>     >>> Hello,
>     >>>
>     >>> current github 'staging' is tagged as v0.13.0-pre1.
>     >>>
>     >>> If no objections, I will merge this branch into github
>     'master' -- it will be base version to test
>     >>> and to prepare the coming release candidate.
>     >> Very good idea. I think it makes a lot of sense to have just one
>     >> 'master' branch for development; this is what people coming
>     over from
>     >> other projects tend to expect.
>     >
>     > 'Master' and 'staging' are actually synchronized and for the new
>     pull requests I propose to create them relative to the 'master'
>     branch.
>     > Until the end of this release the pull requests to 'staging' are
>     also accepted.
>     >
>     > The tag name 'v0.13.0-pre1' has been changed (sorry) to
>     '0.13.0pre1' -- still cannot understand which common set of characters
>     > could be used for the release-version/tag-name to satisfy 'git',
>     'obs', 'dpkg-build', ...
>     >
>     > Commits to 'master' and new tags trigger the jenkins jobs of
>     build, packaging and some rudimentary test of package and unit
>     tests (for Suse).
>     > https://opensc.fr/jenkins/view/Open
>     <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/
>     <https://opensc.fr/jenkins/view/OpenSC-release/>
>     >
>     > The resulting packages are transfered to 'download' part of the
>     opensc-project.org <http://opensc-project.org> file server:
>     >  - commits to
>     >     http://www.opensc-project.org/downloads/projects/opensc/nightly/
>     >  - releases to
>     >    
>     http://www.opensc-project.org/downloads/projects/opensc/releases/
>     >
>     >
>     > For a while there are only source tarballs, MSIs for x32 and x64
>     and rpm i586 for opensSuSE 12.1 .
>     > Hope that rapidly the building of releases packages for some
>     debian/ubuntu distributions will be connected.
>     >
>     > It would be nice if you could look/test the tarball or packages
>     of the release 0.13.0pre1.
>     > Your remarks, proposals, contributions are heartily welcome.
>     >
>     > Kind regards,
>     > Viktor.
>     > _______________________________________________
>     > opensc-devel mailing list
>     > [hidden email]
>     <mailto:[hidden email]>
>     > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>     --
>
>         ---------    CardContact Software & System Consulting
>        |.##> <##.|   Andreas Schwier
>        |#       #|   Schülerweg 38
>        |#       #|   32429 Minden, Germany
>        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149>
>         ---------    http://www.cardcontact.de
>                      http://www.tscons.de
>                      http://www.openscdp.org
>
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Peter Stuge-4
In reply to this post by Jean-Michel Pouré - GOOZE
Jean-Michel Pouré - GOOZE wrote:
> I was quite busy and failed to do any work these last days.

Remember how much easier it is to write email with opinion.


//Peter

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

attachment0 (197 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
In reply to this post by Andreas Schwier
Hello Andreas.

On Tue, Sep 25, 2012 at 8:07 PM, Andreas Schwier <[hidden email]> wrote:
we are testing on Windows XP SP3, Debian Lenny and a current Ubuntu
version. Our focus is on PKCS#11 and integration with Firefox,
Thunderbird and XCA. We already tested minidriver with IE and Outlook,
but we do short regression tests with each new build.
 
Ok, thanks. 


We've set up automated tests using our Smart Card Shell, which
interfaces with PKCS#11 using opensc-java. This way we test key
generation of all kinds (RSA/EC), certificates issuance and storing as
well as data element reading/writing. We also have a quick regression
test using a script with various pkcs11-tool commands. We've also done
tests using the IAIK PKCS#11 wrapper that worked well.

Your automated tests are triggered-by/pulled-from your-branch/opensc-opensc github ?

Do you see any interest in connecting your automated tests to the common OpenSC CI service ?



So far we're quite confident that the current code base is stable.

We have three things left on our list, but they are not pressing:

1. Adding support to have domain parameter at the PKCS#11 interface for
EC public keys after on card generation (i.e. serialize/ deserialize
public keys as spki)
2. Adding support for explicit domain parameter in EC_PARAMS
3. Fast-track C_Initialize and C_SetPIN into the card-driver (The
SmartCard-HSM uses a PKCS#11 like token initialization)

Given the fact, that these changes touch core code, we would schedule
this topics for the .14 release.

Andreas

Am 25.09.2012 17:04, schrieb Viktor Tarasov:
> Hi Andreas,
>
> On Tue, Sep 25, 2012 at 9:14 AM, Andreas Schwier
> <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     we've completed the development of write support for the SmartCard-HSM
>     and are in the middle of testing and bug-fixing.
>
>
> Fine,
> what part of the common OpenSC libraries are involved into your tests
> (pkcs11, minidriver, pkcs15, ...) ?
> What are the OSs?
>
>
>
>
>     The code is based on the latest version in OpenSC/staging and changes
>     mostly apply to our own code.
>
>     Is there a chance to get write support into the upcomin release ?
>
>     If yes, I would prepare a pull request against the CardContact/staging
>     branch.
>
>
> Ok,
> you can make pull request to 'staging' or 'master' of OpenSC/OpenSC --
> two branches are kept syncronized.
>
>
>     Andreas
>
>
> Kind wishes,
> Viktor.
>
>
>
>
>
>     Am 17.09.2012 22:00, schrieb Viktor Tarasov:
>     > Hello,
>     >
>     > Le 15/09/2012 16:52, Kalev Lember a écrit :
>     >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>     >>> Hello,
>     >>>
>     >>> current github 'staging' is tagged as v0.13.0-pre1.
>     >>>
>     >>> If no objections, I will merge this branch into github
>     'master' -- it will be base version to test
>     >>> and to prepare the coming release candidate.
>     >> Very good idea. I think it makes a lot of sense to have just one
>     >> 'master' branch for development; this is what people coming
>     over from
>     >> other projects tend to expect.
>     >
>     > 'Master' and 'staging' are actually synchronized and for the new
>     pull requests I propose to create them relative to the 'master'
>     branch.
>     > Until the end of this release the pull requests to 'staging' are
>     also accepted.
>     >
>     > The tag name 'v0.13.0-pre1' has been changed (sorry) to
>     '0.13.0pre1' -- still cannot understand which common set of characters
>     > could be used for the release-version/tag-name to satisfy 'git',
>     'obs', 'dpkg-build', ...
>     >
>     > Commits to 'master' and new tags trigger the jenkins jobs of
>     build, packaging and some rudimentary test of package and unit
>     tests (for Suse).
>     > https://opensc.fr/jenkins/view/Open
>     <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/
>     <https://opensc.fr/jenkins/view/OpenSC-release/>
>     >
>     > The resulting packages are transfered to 'download' part of the
>     opensc-project.org <http://opensc-project.org> file server:
>     >  - commits to
>     >     http://www.opensc-project.org/downloads/projects/opensc/nightly/
>     >  - releases to
>     >
>     http://www.opensc-project.org/downloads/projects/opensc/releases/
>     >
>     >
>     > For a while there are only source tarballs, MSIs for x32 and x64
>     and rpm i586 for opensSuSE 12.1 .
>     > Hope that rapidly the building of releases packages for some
>     debian/ubuntu distributions will be connected.
>     >
>     > It would be nice if you could look/test the tarball or packages
>     of the release 0.13.0pre1.
>     > Your remarks, proposals, contributions are heartily welcome.
>     >
>     > Kind regards,
>     > Viktor.
>     > _______________________________________________
>     > opensc-devel mailing list
>     > [hidden email]
>     <mailto:[hidden email]>
>     > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>     --
>
>         ---------    CardContact Software & System Consulting
>        |.##> <##.|   Andreas Schwier
>        |#       #|   Schülerweg 38
>        |#       #|   32429 Minden, Germany
>        |'##> <##'|   Phone <a href="tel:%2B49%20571%2056149" value="+4957156149">+49 571 56149 <tel:%2B49%20571%2056149>
>         ---------    http://www.cardcontact.de
>                      http://www.tscons.de
>                      http://www.openscdp.org
>
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone <a href="tel:%2B49%20571%2056149" value="+4957156149">+49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Andreas Schwier
In reply to this post by Viktor Tarasov-3
Hi Viktor,

I've created a pull request into staging for adding SmartCard-HSM write
support.

Andreas

Am 25.09.2012 17:04, schrieb Viktor Tarasov:

> Hi Andreas,
>
> On Tue, Sep 25, 2012 at 9:14 AM, Andreas Schwier
> <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     we've completed the development of write support for the SmartCard-HSM
>     and are in the middle of testing and bug-fixing.
>
>
> Fine,
> what part of the common OpenSC libraries are involved into your tests
> (pkcs11, minidriver, pkcs15, ...) ?
> What are the OSs?
>
>  
>
>
>     The code is based on the latest version in OpenSC/staging and changes
>     mostly apply to our own code.
>
>     Is there a chance to get write support into the upcomin release ?
>
>     If yes, I would prepare a pull request against the CardContact/staging
>     branch.
>
>
> Ok,
> you can make pull request to 'staging' or 'master' of OpenSC/OpenSC --
> two branches are kept syncronized.
>
>
>     Andreas
>
>
> Kind wishes,
> Viktor.
>  
>
>
>
>
>     Am 17.09.2012 22:00, schrieb Viktor Tarasov:
>     > Hello,
>     >
>     > Le 15/09/2012 16:52, Kalev Lember a écrit :
>     >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>     >>> Hello,
>     >>>
>     >>> current github 'staging' is tagged as v0.13.0-pre1.
>     >>>
>     >>> If no objections, I will merge this branch into github
>     'master' -- it will be base version to test
>     >>> and to prepare the coming release candidate.
>     >> Very good idea. I think it makes a lot of sense to have just one
>     >> 'master' branch for development; this is what people coming
>     over from
>     >> other projects tend to expect.
>     >
>     > 'Master' and 'staging' are actually synchronized and for the new
>     pull requests I propose to create them relative to the 'master'
>     branch.
>     > Until the end of this release the pull requests to 'staging' are
>     also accepted.
>     >
>     > The tag name 'v0.13.0-pre1' has been changed (sorry) to
>     '0.13.0pre1' -- still cannot understand which common set of characters
>     > could be used for the release-version/tag-name to satisfy 'git',
>     'obs', 'dpkg-build', ...
>     >
>     > Commits to 'master' and new tags trigger the jenkins jobs of
>     build, packaging and some rudimentary test of package and unit
>     tests (for Suse).
>     > https://opensc.fr/jenkins/view/Open
>     <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/
>     <https://opensc.fr/jenkins/view/OpenSC-release/>
>     >
>     > The resulting packages are transfered to 'download' part of the
>     opensc-project.org <http://opensc-project.org> file server:
>     >  - commits to
>     >     http://www.opensc-project.org/downloads/projects/opensc/nightly/
>     >  - releases to
>     >    
>     http://www.opensc-project.org/downloads/projects/opensc/releases/
>     >
>     >
>     > For a while there are only source tarballs, MSIs for x32 and x64
>     and rpm i586 for opensSuSE 12.1 .
>     > Hope that rapidly the building of releases packages for some
>     debian/ubuntu distributions will be connected.
>     >
>     > It would be nice if you could look/test the tarball or packages
>     of the release 0.13.0pre1.
>     > Your remarks, proposals, contributions are heartily welcome.
>     >
>     > Kind regards,
>     > Viktor.
>     > _______________________________________________
>     > opensc-devel mailing list
>     > [hidden email]
>     <mailto:[hidden email]>
>     > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>
>     --
>
>         ---------    CardContact Software & System Consulting
>        |.##> <##.|   Andreas Schwier
>        |#       #|   Schülerweg 38
>        |#       #|   32429 Minden, Germany
>        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149>
>         ---------    http://www.cardcontact.de
>                      http://www.tscons.de
>                      http://www.openscdp.org
>
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
In reply to this post by Viktor Tarasov-3
Hello,

New release candidate is tagged as '0.13.0rc1' -- commit 6b7d8af0 of github OpenSC/OpenSC.git.

The tarball, MSI and SuSE RPM can be downloaded from
http://www.opensc-project.org/downloads/projects/opensc/releases/
or directly from CI service
https://opensc.fr/jenkins/

Here listed the changes since '0.13.0pre1' (only 'essential'):
40ff0e4e pkcs11: Fixed SIGV when deleting public key objects via PKCS#11
c91f0e84 entersafe: Disable RSA:512bits that modified in entersafe_generate_key and entersafe_store_key function
72786abe sc-hsm: Added write support for RSA and ECC keys, certificates and data objects
a9393aa9 framework-pkcs15: Fixed a SIGV when key generation returned ERROR_NOT_SUPPORTED
1619a423 ecc: Adding more curves
db3f5f5f framework-pkcs15: Fixed issued with uninitialized variable keysize
f508b212 pkcs15: Add support to encode EC private key description
02fe6d47 pkcs11-tool: Fixed issue with ID increment failing on constant data
249b769a pkcs11: unlink 'pubkey' FW object when deleting related certificate
ea40e7fe Use AM_CPPFLAGS instead of INCLUDES
3656b478 Use AX_PTHREAD instead of ACX_PTHREAD
d525ca97 libopensc: OID with only zeros in array do not valid

Thanks for your participation.

There are still few issues inherited from pre1:
- building MAC OS X packages (waiting for someone who know/can/will to bring more details on this problem);
- ePass2003 signing problem -- seems to be related with pkcs11 engine ...
- ... and as a consequence -- need to be tested with engine;
- still to be tested smartcard logon.

Kind regards,
Viktor.


Le 26/09/2012 11:12, Viktor Tarasov a écrit :

> Hello Andreas.
>
> On Tue, Sep 25, 2012 at 8:07 PM, Andreas Schwier <[hidden email] <mailto:[hidden email]>> wrote:
>
>     we are testing on Windows XP SP3, Debian Lenny and a current Ubuntu
>     version. Our focus is on PKCS#11 and integration with Firefox,
>     Thunderbird and XCA. We already tested minidriver with IE and Outlook,
>     but we do short regression tests with each new build.
>
>  
> Ok, thanks.
>
>
>     We've set up automated tests using our Smart Card Shell, which
>     interfaces with PKCS#11 using opensc-java. This way we test key
>     generation of all kinds (RSA/EC), certificates issuance and storing as
>     well as data element reading/writing. We also have a quick regression
>     test using a script with various pkcs11-tool commands. We've also done
>     tests using the IAIK PKCS#11 wrapper that worked well.
>
>
> Your automated tests are triggered-by/pulled-from your-branch/opensc-opensc github ?
>
> Do you see any interest in connecting your automated tests to the common OpenSC CI service ?
> https://opensc.fr/jenkins/
>
>
>
>     So far we're quite confident that the current code base is stable.
>
>     We have three things left on our list, but they are not pressing:
>
>     1. Adding support to have domain parameter at the PKCS#11 interface for
>     EC public keys after on card generation (i.e. serialize/ deserialize
>     public keys as spki)
>     2. Adding support for explicit domain parameter in EC_PARAMS
>     3. Fast-track C_Initialize and C_SetPIN into the card-driver (The
>     SmartCard-HSM uses a PKCS#11 like token initialization)
>
>     Given the fact, that these changes touch core code, we would schedule
>     this topics for the .14 release.
>
>     Andreas
>
>     Am 25.09.2012 17:04, schrieb Viktor Tarasov:
>     > Hi Andreas,
>     >
>     > On Tue, Sep 25, 2012 at 9:14 AM, Andreas Schwier
>     > <[hidden email] <mailto:[hidden email]>
>     > <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>     >
>     >     we've completed the development of write support for the SmartCard-HSM
>     >     and are in the middle of testing and bug-fixing.
>     >
>     >
>     > Fine,
>     > what part of the common OpenSC libraries are involved into your tests
>     > (pkcs11, minidriver, pkcs15, ...) ?
>     > What are the OSs?
>     >
>     >
>     >
>     >
>     >     The code is based on the latest version in OpenSC/staging and changes
>     >     mostly apply to our own code.
>     >
>     >     Is there a chance to get write support into the upcomin release ?
>     >
>     >     If yes, I would prepare a pull request against the CardContact/staging
>     >     branch.
>     >
>     >
>     > Ok,
>     > you can make pull request to 'staging' or 'master' of OpenSC/OpenSC --
>     > two branches are kept syncronized.
>     >
>     >
>     >     Andreas
>     >
>     >
>     > Kind wishes,
>     > Viktor.
>     >
>     >
>     >
>     >
>     >
>     >     Am 17.09.2012 22:00, schrieb Viktor Tarasov:
>     >     > Hello,
>     >     >
>     >     > Le 15/09/2012 16:52, Kalev Lember a écrit :
>     >     >> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>     >     >>> Hello,
>     >     >>>
>     >     >>> current github 'staging' is tagged as v0.13.0-pre1.
>     >     >>>
>     >     >>> If no objections, I will merge this branch into github
>     >     'master' -- it will be base version to test
>     >     >>> and to prepare the coming release candidate.
>     >     >> Very good idea. I think it makes a lot of sense to have just one
>     >     >> 'master' branch for development; this is what people coming
>     >     over from
>     >     >> other projects tend to expect.
>     >     >
>     >     > 'Master' and 'staging' are actually synchronized and for the new
>     >     pull requests I propose to create them relative to the 'master'
>     >     branch.
>     >     > Until the end of this release the pull requests to 'staging' are
>     >     also accepted.
>     >     >
>     >     > The tag name 'v0.13.0-pre1' has been changed (sorry) to
>     >     '0.13.0pre1' -- still cannot understand which common set of characters
>     >     > could be used for the release-version/tag-name to satisfy 'git',
>     >     'obs', 'dpkg-build', ...
>     >     >
>     >     > Commits to 'master' and new tags trigger the jenkins jobs of
>     >     build, packaging and some rudimentary test of package and unit
>     >     tests (for Suse).
>     >     > https://opensc.fr/jenkins/view/Open
>     >     <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/
>     >     <https://opensc.fr/jenkins/view/OpenSC-release/>
>     >     >
>     >     > The resulting packages are transfered to 'download' part of the
>     >     opensc-project.org <http://opensc-project.org> <http://opensc-project.org> file server:
>     >     >  - commits to
>     >     >     http://www.opensc-project.org/downloads/projects/opensc/nightly/
>     >     >  - releases to
>     >     >
>     >     http://www.opensc-project.org/downloads/projects/opensc/releases/
>     >     >
>     >     >
>     >     > For a while there are only source tarballs, MSIs for x32 and x64
>     >     and rpm i586 for opensSuSE 12.1 .
>     >     > Hope that rapidly the building of releases packages for some
>     >     debian/ubuntu distributions will be connected.
>     >     >
>     >     > It would be nice if you could look/test the tarball or packages
>     >     of the release 0.13.0pre1.
>     >     > Your remarks, proposals, contributions are heartily welcome.
>     >     >
>     >     > Kind regards,
>     >     > Viktor.
>     >     > _______________________________________________
>     >     > opensc-devel mailing list
>     >     > [hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     > http://www.opensc-project.org/mailman/listinfo/opensc-devel
>     >
>     >
>     >     --
>     >
>     >         ---------    CardContact Software & System Consulting
>     >        |.##> <##.|   Andreas Schwier
>     >        |#       #|   Schülerweg 38
>     >        |#       #|   32429 Minden, Germany
>     >        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149> <tel:%2B49%20571%2056149>
>     >         ---------    http://www.cardcontact.de
>     >                      http://www.tscons.de
>     >                      http://www.openscdp.org
>     >
>     >     _______________________________________________
>     >     opensc-devel mailing list
>     >     [hidden email] <mailto:[hidden email]>
>     >     <mailto:[hidden email] <mailto:[hidden email]>>
>     >     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>     >
>     >
>
>
>     --
>
>         ---------    CardContact Software & System Consulting
>        |.##> <##.|   Andreas Schwier
>        |#       #|   Schülerweg 38
>        |#       #|   32429 Minden, Germany
>        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149>
>         ---------    http://www.cardcontact.de
>                      http://www.tscons.de
>                      http://www.openscdp.org
>
>     _______________________________________________
>     opensc-devel mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
123