question please

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

question please

Gabryella Menezes
Good Morning!

I'm having a big question:

Currently I use a combination of PCSC-lite CCID and diver.
Studying on the matter and discover the OpenSC OpenCT and wondered
what the main differences between them? It's the same interface?

Thank you very much for your help.

--
Gabryella Menezes
9291623288

Tecnóloga em Desenvolvimento de Software - IFAM
Analista/Pesquisadora da Plataforma ANDROID SO
Analista/Pesquisadora C/C++ Instituto Certi Amazônia
http://twitter.com/_GabyMenezes
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Martin Paljak-4
Hello,

On Thu, May 19, 2011 at 17:36, Gabryella Menezes
<[hidden email]> wrote:
> Good Morning!
>
> I'm having a big question:
The answer is short and simple

>
> Currently I use a combination of PCSC-lite CCID and diver.
> Studying on the matter and discover the OpenSC OpenCT and wondered
> what the main differences between them? It's the same interface?


No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
use CCID devices and everything works for you now, do not bother with
OpenCT.

Martin
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Breno Jacinto Duarte da Costa
Hello,

   I have a follow-up on this question. I actually have CCID devices working pretty fine on Linux, but I'm unable to reach them from the browser (which would need PKCS#11, openSC, etc). The point is, CCID is able to use the reader, but apparently OpenSC does not (it does not recognize it). So, basically, is there anyway to access a CCID device from the browser, without OpenSC?

    I'm sorry if I'm making any confusion here - just started playing with this and currently we are using a lot of smart cards and digital certificates in Brazil, but users are being forced to use Windows to do that, simply because there is no reader "working" (which means the driver is fine and an interface from the browser to the device is fine, which is not the case up to now).

best regards,


---> Breno Jacinto
---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas (IFAL)
-----> http://www.ifal.edu.br
--> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
-----> http://www.iconis.org.br
---> Life is Choice. You can choose to be a victim, or anything else you want to be. (Sócrates - Peaceful Warrior) <--

CAMPANHA ACABE COM O SPAM:
1. Proteja o meu endereço e o de seus amigos como estou protegendo o seu.
2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc" (blind carbon copy). Assim, TODOS os endereços estarão preservados.
3. E, claro, antes de encaminhar um e-mail, delete todas as informações que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por hackers.





2011/5/19 Martin Paljak <[hidden email]>
Hello,

On Thu, May 19, 2011 at 17:36, Gabryella Menezes
<[hidden email]> wrote:
> Good Morning!
>
> I'm having a big question:
The answer is short and simple

>
> Currently I use a combination of PCSC-lite CCID and diver.
> Studying on the matter and discover the OpenSC OpenCT and wondered
> what the main differences between them? It's the same interface?


No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
use CCID devices and everything works for you now, do not bother with
OpenCT.

Martin
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Felipe Blauth
2011/5/19 Breno Jacinto <[hidden email]>
Hello,

   I have a follow-up on this question. I actually have CCID devices working pretty fine on Linux, but I'm unable to reach them from the browser (which would need PKCS#11, openSC, etc). The point is, CCID is able to use the reader, but apparently OpenSC does not (it does not recognize it). So, basically, is there anyway to access a CCID device from the browser, without OpenSC?
 
What do you mean with working pretty fine on Linux? A CCID device stands for a device that uses the USB interface and understand the PC/SC interface for IFDs (readers). Since PC/SC is a standard, then any reader that is PC/SC compliant can be used with a generic driver, named CCID. But that is only the bottom part of the communication.

If you say you can use these devices, you are probably using some software that talks directly to the middleware, wich talks to the CCID driver that finally talks to the reader (or other PC/SC devices). 

The communication between any interface and the midleware is made by low level commands called APDUs. Most of PKCS #11 modules map PKCS #11 commands directly to APDUs. OpenSC can work this way or by using OpenCT, which has nothing to do with PC/SC, or CCID or any of those standards, but it works on its own way (someone correct me if I'm wrong).

For OpenSC understand your device, it needs to know what kind of APDUs it uses. OpenSC tryes to standarize that by using some ways like PKCS #15, but in pratice every supported
card or device needs to have it's own driver. OpenSC probably does not recognize it because there's no driver for it.

Answering your questions, many CCID devices can be accessed from the browser. But you'll need a PKCS #11 module that understands it for firefox or a csp for internet explorer, since those browsers expect those formats.

    I'm sorry if I'm making any confusion here - just started playing with this and currently we are using a lot of smart cards and digital certificates in Brazil, but users are being forced to use Windows to do that, simply because there is no reader "working" (which means the driver is fine and an interface from the browser to the device is fine, which is not the case up to now).
 
No problem , I have bothered this list a lot when I was also learning the basics. Now I try to answer some questions = ).

PS: Saudações do Brasil 


best regards,


---> Breno Jacinto
---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas (IFAL)
-----> http://www.ifal.edu.br
--> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
-----> http://www.iconis.org.br
---> Life is Choice. You can choose to be a victim, or anything else you want to be. (Sócrates - Peaceful Warrior) <--

CAMPANHA ACABE COM O SPAM:
1. Proteja o meu endereço e o de seus amigos como estou protegendo o seu.
2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc" (blind carbon copy). Assim, TODOS os endereços estarão preservados.
3. E, claro, antes de encaminhar um e-mail, delete todas as informações que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por hackers.





2011/5/19 Martin Paljak <[hidden email]>
Hello,

On Thu, May 19, 2011 at 17:36, Gabryella Menezes
<[hidden email]> wrote:
> Good Morning!
>
> I'm having a big question:
The answer is short and simple

>
> Currently I use a combination of PCSC-lite CCID and diver.
> Studying on the matter and discover the OpenSC OpenCT and wondered
> what the main differences between them? It's the same interface?


No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
use CCID devices and everything works for you now, do not bother with
OpenCT.

Martin
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

--
Felipe Menegola Blauth

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Rafael Coninck Teigão-2
Hello,

If you are using a smartcard supplied by one of the Brazilians CAs, you are probably using a card from G&D. In this case, they've probably given you a manager for it called SafeSign. This manager is available for Windows, Linux and Mac, but sometimes you have to strong-arm it out of the supplier if you want the Linux or Mac variant.

Anyway, the two CAs I've dealt with (Serasa and Certisign) both have given me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is installed on /usr/lib/libaetpkss.so (if not use locate or find to search for it.) You can use this lib directly in Firefox or Thunderbird.

Cheers,
Rafael.

On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]> wrote:
2011/5/19 Breno Jacinto <[hidden email]>
Hello,

   I have a follow-up on this question. I actually have CCID devices working pretty fine on Linux, but I'm unable to reach them from the browser (which would need PKCS#11, openSC, etc). The point is, CCID is able to use the reader, but apparently OpenSC does not (it does not recognize it). So, basically, is there anyway to access a CCID device from the browser, without OpenSC?
 
What do you mean with working pretty fine on Linux? A CCID device stands for a device that uses the USB interface and understand the PC/SC interface for IFDs (readers). Since PC/SC is a standard, then any reader that is PC/SC compliant can be used with a generic driver, named CCID. But that is only the bottom part of the communication.

If you say you can use these devices, you are probably using some software that talks directly to the middleware, wich talks to the CCID driver that finally talks to the reader (or other PC/SC devices). 

The communication between any interface and the midleware is made by low level commands called APDUs. Most of PKCS #11 modules map PKCS #11 commands directly to APDUs. OpenSC can work this way or by using OpenCT, which has nothing to do with PC/SC, or CCID or any of those standards, but it works on its own way (someone correct me if I'm wrong).

For OpenSC understand your device, it needs to know what kind of APDUs it uses. OpenSC tryes to standarize that by using some ways like PKCS #15, but in pratice every supported
card or device needs to have it's own driver. OpenSC probably does not recognize it because there's no driver for it.

Answering your questions, many CCID devices can be accessed from the browser. But you'll need a PKCS #11 module that understands it for firefox or a csp for internet explorer, since those browsers expect those formats.

    I'm sorry if I'm making any confusion here - just started playing with this and currently we are using a lot of smart cards and digital certificates in Brazil, but users are being forced to use Windows to do that, simply because there is no reader "working" (which means the driver is fine and an interface from the browser to the device is fine, which is not the case up to now).
 
No problem , I have bothered this list a lot when I was also learning the basics. Now I try to answer some questions = ).

PS: Saudações do Brasil 


best regards,


---> Breno Jacinto
---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas (IFAL)
-----> http://www.ifal.edu.br
--> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
-----> http://www.iconis.org.br
---> Life is Choice. You can choose to be a victim, or anything else you want to be. (Sócrates - Peaceful Warrior) <--

CAMPANHA ACABE COM O SPAM:
1. Proteja o meu endereço e o de seus amigos como estou protegendo o seu.
2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc" (blind carbon copy). Assim, TODOS os endereços estarão preservados.
3. E, claro, antes de encaminhar um e-mail, delete todas as informações que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por hackers.





2011/5/19 Martin Paljak <[hidden email]>
Hello,

On Thu, May 19, 2011 at 17:36, Gabryella Menezes
<[hidden email]> wrote:
> Good Morning!
>
> I'm having a big question:
The answer is short and simple

>
> Currently I use a combination of PCSC-lite CCID and diver.
> Studying on the matter and discover the OpenSC OpenCT and wondered
> what the main differences between them? It's the same interface?


No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
use CCID devices and everything works for you now, do not bother with
OpenCT.

Martin
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

--
Felipe Menegola Blauth

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Felipe Blauth


2011/5/19 Rafael Coninck Teigão <[hidden email]>
Hello,

If you are using a smartcard supplied by one of the Brazilians CAs, you are probably using a card from G&D. In this case, they've probably given you a manager for it called SafeSign. This manager is available for Windows, Linux and Mac, but sometimes you have to strong-arm it out of the supplier if you want the Linux or Mac variant.

Anyway, the two CAs I've dealt with (Serasa and Certisign) both have given me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is installed on /usr/lib/libaetpkss.so (if not use locate or find to search for it.) You can use this lib directly in Firefox or Thunderbird.
 
Just to complete, there are some versions of libaetpkss.so around. The latest I tested can be downloaded here, and works pretty well.

--
Felipe blauth
 

Cheers,
Rafael.


On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]> wrote:
2011/5/19 Breno Jacinto <[hidden email]>
Hello,

   I have a follow-up on this question. I actually have CCID devices working pretty fine on Linux, but I'm unable to reach them from the browser (which would need PKCS#11, openSC, etc). The point is, CCID is able to use the reader, but apparently OpenSC does not (it does not recognize it). So, basically, is there anyway to access a CCID device from the browser, without OpenSC?
 
What do you mean with working pretty fine on Linux? A CCID device stands for a device that uses the USB interface and understand the PC/SC interface for IFDs (readers). Since PC/SC is a standard, then any reader that is PC/SC compliant can be used with a generic driver, named CCID. But that is only the bottom part of the communication.

If you say you can use these devices, you are probably using some software that talks directly to the middleware, wich talks to the CCID driver that finally talks to the reader (or other PC/SC devices). 

The communication between any interface and the midleware is made by low level commands called APDUs. Most of PKCS #11 modules map PKCS #11 commands directly to APDUs. OpenSC can work this way or by using OpenCT, which has nothing to do with PC/SC, or CCID or any of those standards, but it works on its own way (someone correct me if I'm wrong).

For OpenSC understand your device, it needs to know what kind of APDUs it uses. OpenSC tryes to standarize that by using some ways like PKCS #15, but in pratice every supported
card or device needs to have it's own driver. OpenSC probably does not recognize it because there's no driver for it.

Answering your questions, many CCID devices can be accessed from the browser. But you'll need a PKCS #11 module that understands it for firefox or a csp for internet explorer, since those browsers expect those formats.

    I'm sorry if I'm making any confusion here - just started playing with this and currently we are using a lot of smart cards and digital certificates in Brazil, but users are being forced to use Windows to do that, simply because there is no reader "working" (which means the driver is fine and an interface from the browser to the device is fine, which is not the case up to now).
 
No problem , I have bothered this list a lot when I was also learning the basics. Now I try to answer some questions = ).

PS: Saudações do Brasil 


best regards,


---> Breno Jacinto
---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas (IFAL)
-----> http://www.ifal.edu.br
--> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
-----> http://www.iconis.org.br
---> Life is Choice. You can choose to be a victim, or anything else you want to be. (Sócrates - Peaceful Warrior) <--

CAMPANHA ACABE COM O SPAM:
1. Proteja o meu endereço e o de seus amigos como estou protegendo o seu.
2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc" (blind carbon copy). Assim, TODOS os endereços estarão preservados.
3. E, claro, antes de encaminhar um e-mail, delete todas as informações que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por hackers.





2011/5/19 Martin Paljak <[hidden email]>
Hello,

On Thu, May 19, 2011 at 17:36, Gabryella Menezes
<[hidden email]> wrote:
> Good Morning!
>
> I'm having a big question:
The answer is short and simple

>
> Currently I use a combination of PCSC-lite CCID and diver.
> Studying on the matter and discover the OpenSC OpenCT and wondered
> what the main differences between them? It's the same interface?


No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
use CCID devices and everything works for you now, do not bother with
OpenCT.

Martin
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

--
Felipe Menegola Blauth

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Jean-Michel Pouré - GOOZE
In reply to this post by Breno Jacinto Duarte da Costa
Le jeudi 19 mai 2011 à 16:17 -0300, Breno Jacinto a écrit :
> I'm sorry if I'm making any confusion here - just started playing with
> this and currently we are using a lot of smart cards and digital
> certificates in Brazil, but users are being forced to use Windows to
> do that, simply because there is no reader "working" (which means the
> driver is fine and an interface from the browser to the device is
> fine, which is not the case up to now).

You may try reading these HOWTOs:
http://www.gooze.eu/tutorials

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

helpcrypto helpcrypto
In reply to this post by Gabryella Menezes
I'll like to add some things to help you clarify. Martin & CO, don't
wait to correct me, if I'm wrong in anything.

There are many types of smartcards or cryptographic devices. These
devices are used, for example, to store your user certificates for
digital signing.
Of course this info can be related for non-cryptographic uses, but as
is the most common, ill like to continue using cryptography.

Older cards were used using "commands", like "read a file", "verify
this pin". These commands were designed and established by
manufacturer, and each one set their own.
To solve this, and help the portability and ease of use, a standard
was created: PCSC.
PCSC establish a format of command and many standard commands that can
be used in any smartcard that is PCSC compliant.

When a old card was used for authentication/cryptography, each
developer should have to read from card and use the proper tools to
crypt, wrap, hash...do the cryptographic functions by their own. And
for that, the programs that would like to use such functions, should
know the commands for read file, verify pin...
To solve this, and interface between cryptographic devices and
software was made: PKCS#11
PKCS#11 determines that, whatever the device is, it will contain
objects that can be keys, certificates...

Older cards store information "as the manufacturer designed". This
means, for example that your certificate could be on file "0x0015".
Other manufacturer will do another thing, and store it on another
place/file.
To solve this mix of filesystems, a standard was born PKCS#15.
PKCS#15 determines how the files are stored, or where a certificate,
private key, or "user multiple pins" should go.

Newer cards even do the cryptographic operations "inside" the card, so
functions like "sign with RSA256" will be done on hardware by the
card.
I suggest you to check all this names on wikipedia

Just to be more complete:
CCID is the standard at "driver-level" to communicate with the reader.
You can have a non-compliant CCID reader (quite a legacy and old one),
and still all the above stands right.

I hope it helps.
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Gabryella Menezes
In reply to this post by Felipe Blauth
Thank you to all who are helping me.

Someone has to explain to me how the communication and OpenCT OpenSC?
As the OpenCT directly accesses the reader?
I have such doubts. Maybe a diagram would be the best explanation if
someone had.

thanks.

2011/5/19, Felipe Blauth <[hidden email]>:

> 2011/5/19 Rafael Coninck Teigão <[hidden email]>
>
>> Hello,
>>
>> If you are using a smartcard supplied by one of the Brazilians CAs, you
>> are
>> probably using a card from G&D. In this case, they've probably given you a
>> manager for it called SafeSign. This manager is available for Windows,
>> Linux
>> and Mac, but sometimes you have to strong-arm it out of the supplier if
>> you
>> want the Linux or Mac variant.
>>
>> Anyway, the two CAs I've dealt with (Serasa and Certisign) both have given
>> me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is
>> installed on /usr/lib/libaetpkss.so (if not use locate or find to search
>> for
>> it.) You can use this lib directly in Firefox or Thunderbird.
>>
>
> Just to complete, there are some versions of libaetpkss.so around. The
> latest I tested can be downloaded
> here<http://icp.caixa.gov.br/_downloads/safesign_linux.zip>,
> and works pretty well.
>
> --
> Felipe blauth
>
>
>>
>> Cheers,
>> Rafael.
>>
>>
>> On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]> wrote:
>>
>>> 2011/5/19 Breno Jacinto <[hidden email]>
>>>
>>>> Hello,
>>>>
>>>>    I have a follow-up on this question. I actually have CCID devices
>>>> working pretty fine on Linux, but I'm unable to reach them from the
>>>> browser
>>>> (which would need PKCS#11, openSC, etc). The point is, CCID is able to
>>>> use
>>>> the reader, but apparently OpenSC does not (it does not recognize it).
>>>> So,
>>>> basically, is there anyway to access a CCID device from the browser,
>>>> without
>>>> OpenSC?
>>>>
>>>
>>> What do you mean with working pretty fine on Linux? A CCID device stands
>>> for a device that uses the USB interface and understand the PC/SC
>>> interface
>>> for IFDs (readers). Since PC/SC is a standard, then any reader that is
>>> PC/SC
>>> compliant can be used with a generic driver, named CCID. But that is only
>>> the bottom part of the communication.
>>>
>>> If you say you can use these devices, you are probably using some
>>> software
>>> that talks directly to the middleware, wich talks to the CCID driver that
>>> finally talks to the reader (or other PC/SC devices).
>>>
>>> The communication between any interface and the midleware is made by low
>>> level commands called APDUs. Most of PKCS #11 modules map PKCS #11
>>> commands
>>> directly to APDUs. OpenSC can work this way or by using OpenCT, which has
>>> nothing to do with PC/SC, or CCID or any of those standards, but it works
>>> on
>>> its own way (someone correct me if I'm wrong).
>>>
>>> For OpenSC understand your device, it needs to know what kind of APDUs it
>>> uses. OpenSC tryes to standarize that by using some ways like PKCS #15,
>>> but
>>> in pratice every supported
>>> card or device needs to have it's own driver. OpenSC probably does not
>>> recognize it because there's no driver for it.
>>>
>>> Answering your questions, many CCID devices can be accessed from the
>>> browser. But you'll need a PKCS #11 module that understands it for
>>> firefox
>>> or a csp for internet explorer, since those browsers expect those
>>> formats.
>>>
>>>     I'm sorry if I'm making any confusion here - just started playing
>>> with
>>>> this and currently we are using a lot of smart cards and digital
>>>> certificates in Brazil, but users are being forced to use Windows to do
>>>> that, simply because there is no reader "working" (which means the
>>>> driver is
>>>> fine and an interface from the browser to the device is fine, which is
>>>> not
>>>> the case up to now).
>>>>
>>>
>>> No problem , I have bothered this list a lot when I was also learning the
>>> basics. Now I try to answer some questions = ).
>>>
>>> PS: Saudações do Brasil
>>>
>>>
>>> best regards,
>>>>
>>>>
>>>> ---> Breno Jacinto
>>>> ---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas
>>>> (IFAL)
>>>> -----> http://www.ifal.edu.br
>>>> --> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
>>>> -----> http://www.iconis.org.br
>>>> ---> Life is Choice. You can choose to be a victim, or anything else you
>>>> want to be. (Sócrates - Peaceful Warrior) <--
>>>>
>>>> *CAMPANHA ACABE COM O SPAM**:
>>>> 1. Proteja o meu endereço e o de seus amigos como estou protegendo o
>>>> seu.
>>>> 2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc"
>>>> (blind
>>>> carbon copy). Assim, TODOS os endereços estarão preservados.
>>>> 3. E, claro, antes de encaminhar um e-mail, delete todas as informações
>>>> que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por
>>>> hackers.***
>>>>
>>>>
>>>>
>>>>
>>>> 2011/5/19 Martin Paljak <[hidden email]>
>>>>
>>>>> Hello,
>>>>>
>>>>> On Thu, May 19, 2011 at 17:36, Gabryella Menezes
>>>>> <[hidden email]> wrote:
>>>>> > Good Morning!
>>>>> >
>>>>> > I'm having a big question:
>>>>> The answer is short and simple
>>>>>
>>>>> >
>>>>> > Currently I use a combination of PCSC-lite CCID and diver.
>>>>> > Studying on the matter and discover the OpenSC OpenCT and wondered
>>>>> > what the main differences between them? It's the same interface?
>>>>>
>>>>>
>>>>> No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
>>>>> use CCID devices and everything works for you now, do not bother with
>>>>> OpenCT.
>>>>>
>>>>> Martin
>>>>> _______________________________________________
>>>>> opensc-user mailing list
>>>>> [hidden email]
>>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> opensc-user mailing list
>>>> [hidden email]
>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>
>>>
>>> --
>>> Felipe Menegola Blauth
>>>
>>> _______________________________________________
>>> opensc-user mailing list
>>> [hidden email]
>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>
>>
>>
>


--
Gabryella Menezes
9291623288

Tecnóloga em Desenvolvimento de Software - IFAM
Analista/Pesquisadora da Plataforma ANDROID SO
Analista/Pesquisadora C/C++ Instituto Certi Amazônia
http://twitter.com/_GabyMenezes
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Breno Jacinto Duarte da Costa
Hey Gabryella,

    I was just searcing for this, and I found a good one here: http://www.opensc-project.org/opensc/wiki/OverView

    Now things start to make sense.

regards,
---> Breno Jacinto
---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas (IFAL)
-----> http://www.ifal.edu.br
--> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
-----> http://www.iconis.org.br
---> Life is Choice. You can choose to be a victim, or anything else you want to be. (Sócrates - Peaceful Warrior) <--

CAMPANHA ACABE COM O SPAM:
1. Proteja o meu endereço e o de seus amigos como estou protegendo o seu.
2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc" (blind carbon copy). Assim, TODOS os endereços estarão preservados.
3. E, claro, antes de encaminhar um e-mail, delete todas as informações que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por hackers.





2011/5/20 Gabryella Menezes <[hidden email]>
Thank you to all who are helping me.

Someone has to explain to me how the communication and OpenCT OpenSC?
As the OpenCT directly accesses the reader?
I have such doubts. Maybe a diagram would be the best explanation if
someone had.

thanks.

2011/5/19, Felipe Blauth <[hidden email]>:
> 2011/5/19 Rafael Coninck Teigão <[hidden email]>
>
>> Hello,
>>
>> If you are using a smartcard supplied by one of the Brazilians CAs, you
>> are
>> probably using a card from G&D. In this case, they've probably given you a
>> manager for it called SafeSign. This manager is available for Windows,
>> Linux
>> and Mac, but sometimes you have to strong-arm it out of the supplier if
>> you
>> want the Linux or Mac variant.
>>
>> Anyway, the two CAs I've dealt with (Serasa and Certisign) both have given
>> me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is
>> installed on /usr/lib/libaetpkss.so (if not use locate or find to search
>> for
>> it.) You can use this lib directly in Firefox or Thunderbird.
>>
>
> Just to complete, there are some versions of libaetpkss.so around. The
> latest I tested can be downloaded
> here<http://icp.caixa.gov.br/_downloads/safesign_linux.zip>,
> and works pretty well.
>
> --
> Felipe blauth
>
>
>>
>> Cheers,
>> Rafael.
>>
>>
>> On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]> wrote:
>>
>>> 2011/5/19 Breno Jacinto <[hidden email]>
>>>
>>>> Hello,
>>>>
>>>>    I have a follow-up on this question. I actually have CCID devices
>>>> working pretty fine on Linux, but I'm unable to reach them from the
>>>> browser
>>>> (which would need PKCS#11, openSC, etc). The point is, CCID is able to
>>>> use
>>>> the reader, but apparently OpenSC does not (it does not recognize it).
>>>> So,
>>>> basically, is there anyway to access a CCID device from the browser,
>>>> without
>>>> OpenSC?
>>>>
>>>
>>> What do you mean with working pretty fine on Linux? A CCID device stands
>>> for a device that uses the USB interface and understand the PC/SC
>>> interface
>>> for IFDs (readers). Since PC/SC is a standard, then any reader that is
>>> PC/SC
>>> compliant can be used with a generic driver, named CCID. But that is only
>>> the bottom part of the communication.
>>>
>>> If you say you can use these devices, you are probably using some
>>> software
>>> that talks directly to the middleware, wich talks to the CCID driver that
>>> finally talks to the reader (or other PC/SC devices).
>>>
>>> The communication between any interface and the midleware is made by low
>>> level commands called APDUs. Most of PKCS #11 modules map PKCS #11
>>> commands
>>> directly to APDUs. OpenSC can work this way or by using OpenCT, which has
>>> nothing to do with PC/SC, or CCID or any of those standards, but it works
>>> on
>>> its own way (someone correct me if I'm wrong).
>>>
>>> For OpenSC understand your device, it needs to know what kind of APDUs it
>>> uses. OpenSC tryes to standarize that by using some ways like PKCS #15,
>>> but
>>> in pratice every supported
>>> card or device needs to have it's own driver. OpenSC probably does not
>>> recognize it because there's no driver for it.
>>>
>>> Answering your questions, many CCID devices can be accessed from the
>>> browser. But you'll need a PKCS #11 module that understands it for
>>> firefox
>>> or a csp for internet explorer, since those browsers expect those
>>> formats.
>>>
>>>     I'm sorry if I'm making any confusion here - just started playing
>>> with
>>>> this and currently we are using a lot of smart cards and digital
>>>> certificates in Brazil, but users are being forced to use Windows to do
>>>> that, simply because there is no reader "working" (which means the
>>>> driver is
>>>> fine and an interface from the browser to the device is fine, which is
>>>> not
>>>> the case up to now).
>>>>
>>>
>>> No problem , I have bothered this list a lot when I was also learning the
>>> basics. Now I try to answer some questions = ).
>>>
>>> PS: Saudações do Brasil
>>>
>>>
>>> best regards,
>>>>
>>>>
>>>> ---> Breno Jacinto
>>>> ---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas
>>>> (IFAL)
>>>> -----> http://www.ifal.edu.br
>>>> --> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
>>>> -----> http://www.iconis.org.br
>>>> ---> Life is Choice. You can choose to be a victim, or anything else you
>>>> want to be. (Sócrates - Peaceful Warrior) <--
>>>>
>>>> *CAMPANHA ACABE COM O SPAM**:
>>>> 1. Proteja o meu endereço e o de seus amigos como estou protegendo o
>>>> seu.
>>>> 2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc"
>>>> (blind
>>>> carbon copy). Assim, TODOS os endereços estarão preservados.
>>>> 3. E, claro, antes de encaminhar um e-mail, delete todas as informações
>>>> que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por
>>>> hackers.***
>>>>
>>>>
>>>>
>>>>
>>>> 2011/5/19 Martin Paljak <[hidden email]>
>>>>
>>>>> Hello,
>>>>>
>>>>> On Thu, May 19, 2011 at 17:36, Gabryella Menezes
>>>>> <[hidden email]> wrote:
>>>>> > Good Morning!
>>>>> >
>>>>> > I'm having a big question:
>>>>> The answer is short and simple
>>>>>
>>>>> >
>>>>> > Currently I use a combination of PCSC-lite CCID and diver.
>>>>> > Studying on the matter and discover the OpenSC OpenCT and wondered
>>>>> > what the main differences between them? It's the same interface?
>>>>>
>>>>>
>>>>> No. PC/SC is standard and cross-platform, OpenCT is Linux only. If you
>>>>> use CCID devices and everything works for you now, do not bother with
>>>>> OpenCT.
>>>>>
>>>>> Martin
>>>>> _______________________________________________
>>>>> opensc-user mailing list
>>>>> [hidden email]
>>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> opensc-user mailing list
>>>> [hidden email]
>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>>
>>>
>>> --
>>> Felipe Menegola Blauth
>>>
>>> _______________________________________________
>>> opensc-user mailing list
>>> [hidden email]
>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>>>
>>
>>
>


--
Gabryella Menezes
9291623288

Tecnóloga em Desenvolvimento de Software - IFAM
Analista/Pesquisadora da Plataforma ANDROID SO
Analista/Pesquisadora C/C++ Instituto Certi Amazônia
http://twitter.com/_GabyMenezes


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: question please

Gabryella Menezes
Thanks Breno.


But still looking for something with more low-level definitions. I'ma
developer and I wonder how that communication takes place in the
final.

=)

2011/5/20, Breno Jacinto <[hidden email]>:

> Hey Gabryella,
>
>     I was just searcing for this, and I found a good one here:
> http://www.opensc-project.org/opensc/wiki/OverView
>
>     Now things start to make sense.
>
> regards,
> ---> Breno Jacinto
> ---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas (IFAL)
> -----> http://www.ifal.edu.br
> --> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
> -----> http://www.iconis.org.br
> ---> Life is Choice. You can choose to be a victim, or anything else you
> want to be. (Sócrates - Peaceful Warrior) <--
>
> *CAMPANHA ACABE COM O SPAM**:
> 1. Proteja o meu endereço e o de seus amigos como estou protegendo o seu.
> 2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc" (blind
> carbon copy). Assim, TODOS os endereços estarão preservados.
> 3. E, claro, antes de encaminhar um e-mail, delete todas as informações que
> apareçam no corpo do e-mail e que possam ser usadas (SPAM) por hackers.***
>
>
>
>
> 2011/5/20 Gabryella Menezes <[hidden email]>
>
>> Thank you to all who are helping me.
>>
>> Someone has to explain to me how the communication and OpenCT OpenSC?
>> As the OpenCT directly accesses the reader?
>> I have such doubts. Maybe a diagram would be the best explanation if
>> someone had.
>>
>> thanks.
>>
>> 2011/5/19, Felipe Blauth <[hidden email]>:
>> > 2011/5/19 Rafael Coninck Teigão <[hidden email]>
>> >
>> >> Hello,
>> >>
>> >> If you are using a smartcard supplied by one of the Brazilians CAs, you
>> >> are
>> >> probably using a card from G&D. In this case, they've probably given
>> >> you
>> a
>> >> manager for it called SafeSign. This manager is available for Windows,
>> >> Linux
>> >> and Mac, but sometimes you have to strong-arm it out of the supplier if
>> >> you
>> >> want the Linux or Mac variant.
>> >>
>> >> Anyway, the two CAs I've dealt with (Serasa and Certisign) both have
>> given
>> >> me the SafeSign for Linux. If you manage to get it, the PKCS#11 lib is
>> >> installed on /usr/lib/libaetpkss.so (if not use locate or find to
>> >> search
>> >> for
>> >> it.) You can use this lib directly in Firefox or Thunderbird.
>> >>
>> >
>> > Just to complete, there are some versions of libaetpkss.so around. The
>> > latest I tested can be downloaded
>> > here<http://icp.caixa.gov.br/_downloads/safesign_linux.zip>,
>> > and works pretty well.
>> >
>> > --
>> > Felipe blauth
>> >
>> >
>> >>
>> >> Cheers,
>> >> Rafael.
>> >>
>> >>
>> >> On Thu, May 19, 2011 at 10:20 PM, Felipe Blauth <[hidden email]>
>> wrote:
>> >>
>> >>> 2011/5/19 Breno Jacinto <[hidden email]>
>> >>>
>> >>>> Hello,
>> >>>>
>> >>>>    I have a follow-up on this question. I actually have CCID devices
>> >>>> working pretty fine on Linux, but I'm unable to reach them from the
>> >>>> browser
>> >>>> (which would need PKCS#11, openSC, etc). The point is, CCID is able
>> >>>> to
>> >>>> use
>> >>>> the reader, but apparently OpenSC does not (it does not recognize
>> >>>> it).
>> >>>> So,
>> >>>> basically, is there anyway to access a CCID device from the browser,
>> >>>> without
>> >>>> OpenSC?
>> >>>>
>> >>>
>> >>> What do you mean with working pretty fine on Linux? A CCID device
>> stands
>> >>> for a device that uses the USB interface and understand the PC/SC
>> >>> interface
>> >>> for IFDs (readers). Since PC/SC is a standard, then any reader that is
>> >>> PC/SC
>> >>> compliant can be used with a generic driver, named CCID. But that is
>> only
>> >>> the bottom part of the communication.
>> >>>
>> >>> If you say you can use these devices, you are probably using some
>> >>> software
>> >>> that talks directly to the middleware, wich talks to the CCID driver
>> that
>> >>> finally talks to the reader (or other PC/SC devices).
>> >>>
>> >>> The communication between any interface and the midleware is made by
>> low
>> >>> level commands called APDUs. Most of PKCS #11 modules map PKCS #11
>> >>> commands
>> >>> directly to APDUs. OpenSC can work this way or by using OpenCT, which
>> has
>> >>> nothing to do with PC/SC, or CCID or any of those standards, but it
>> works
>> >>> on
>> >>> its own way (someone correct me if I'm wrong).
>> >>>
>> >>> For OpenSC understand your device, it needs to know what kind of APDUs
>> it
>> >>> uses. OpenSC tryes to standarize that by using some ways like PKCS
>> >>> #15,
>> >>> but
>> >>> in pratice every supported
>> >>> card or device needs to have it's own driver. OpenSC probably does not
>> >>> recognize it because there's no driver for it.
>> >>>
>> >>> Answering your questions, many CCID devices can be accessed from the
>> >>> browser. But you'll need a PKCS #11 module that understands it for
>> >>> firefox
>> >>> or a csp for internet explorer, since those browsers expect those
>> >>> formats.
>> >>>
>> >>>     I'm sorry if I'm making any confusion here - just started playing
>> >>> with
>> >>>> this and currently we are using a lot of smart cards and digital
>> >>>> certificates in Brazil, but users are being forced to use Windows to
>> do
>> >>>> that, simply because there is no reader "working" (which means the
>> >>>> driver is
>> >>>> fine and an interface from the browser to the device is fine, which
>> >>>> is
>> >>>> not
>> >>>> the case up to now).
>> >>>>
>> >>>
>> >>> No problem , I have bothered this list a lot when I was also learning
>> the
>> >>> basics. Now I try to answer some questions = ).
>> >>>
>> >>> PS: Saudações do Brasil
>> >>>
>> >>>
>> >>> best regards,
>> >>>>
>> >>>>
>> >>>> ---> Breno Jacinto
>> >>>> ---> Instituto Federal de Educação, Ciência e Tecnologia de Alagoas
>> >>>> (IFAL)
>> >>>> -----> http://www.ifal.edu.br
>> >>>> --> Instituto Nacional do Conhecimento e da Inclusão Sócio-Digital
>> >>>> -----> http://www.iconis.org.br
>> >>>> ---> Life is Choice. You can choose to be a victim, or anything else
>> you
>> >>>> want to be. (Sócrates - Peaceful Warrior) <--
>> >>>>
>> >>>> *CAMPANHA ACABE COM O SPAM**:
>> >>>> 1. Proteja o meu endereço e o de seus amigos como estou protegendo o
>> >>>> seu.
>> >>>> 2. Ao enviar mensagens, use SEMPRE o "Cco" (cópia oculta) ou "Bcc"
>> >>>> (blind
>> >>>> carbon copy). Assim, TODOS os endereços estarão preservados.
>> >>>> 3. E, claro, antes de encaminhar um e-mail, delete todas as
>> informações
>> >>>> que apareçam no corpo do e-mail e que possam ser usadas (SPAM) por
>> >>>> hackers.***
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> 2011/5/19 Martin Paljak <[hidden email]>
>> >>>>
>> >>>>> Hello,
>> >>>>>
>> >>>>> On Thu, May 19, 2011 at 17:36, Gabryella Menezes
>> >>>>> <[hidden email]> wrote:
>> >>>>> > Good Morning!
>> >>>>> >
>> >>>>> > I'm having a big question:
>> >>>>> The answer is short and simple
>> >>>>>
>> >>>>> >
>> >>>>> > Currently I use a combination of PCSC-lite CCID and diver.
>> >>>>> > Studying on the matter and discover the OpenSC OpenCT and wondered
>> >>>>> > what the main differences between them? It's the same interface?
>> >>>>>
>> >>>>>
>> >>>>> No. PC/SC is standard and cross-platform, OpenCT is Linux only. If
>> you
>> >>>>> use CCID devices and everything works for you now, do not bother
>> >>>>> with
>> >>>>> OpenCT.
>> >>>>>
>> >>>>> Martin
>> >>>>> _______________________________________________
>> >>>>> opensc-user mailing list
>> >>>>> [hidden email]
>> >>>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>> >>>>>
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> opensc-user mailing list
>> >>>> [hidden email]
>> >>>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>> >>>>
>> >>>
>> >>> --
>> >>> Felipe Menegola Blauth
>> >>>
>> >>> _______________________________________________
>> >>> opensc-user mailing list
>> >>> [hidden email]
>> >>> http://www.opensc-project.org/mailman/listinfo/opensc-user
>> >>>
>> >>
>> >>
>> >
>>
>>
>> --
>> Gabryella Menezes
>> 9291623288
>>
>> Tecnóloga em Desenvolvimento de Software - IFAM
>> Analista/Pesquisadora da Plataforma ANDROID SO
>> Analista/Pesquisadora C/C++ Instituto Certi Amazônia
>> http://twitter.com/_GabyMenezes
>>
>


--
Gabryella Menezes
9291623288

Tecnóloga em Desenvolvimento de Software - IFAM
Analista/Pesquisadora da Plataforma ANDROID SO
Analista/Pesquisadora C/C++ Instituto Certi Amazônia
http://twitter.com/_GabyMenezes
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user