You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
(18) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(15) |
Nov
|
Dec
(2) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
2010 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2012 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
2014 |
Jan
|
Feb
(4) |
Mar
(2) |
Apr
|
May
(2) |
Jun
(3) |
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
2016 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(3) |
Oct
(3) |
Nov
|
Dec
|
2017 |
Jan
|
Feb
(2) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
|
Nov
|
Dec
|
2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(4) |
From: Karsten O. <wid...@t-...> - 2016-04-20 14:12:33
|
Hi Kim, Try to modify the file types.h: #ifndef _WIN32 #include <PCSC/wintypes.h> *#define **LPCTSTR LPCSTR* #endif ** There is already the section: #ifndef _WIN32 #include <PCSC/wintypes.h>** #endif Add *#define **LPCTSTR LPCSTR*to it like indicated above and see if it helps.If this helps I will commit it.* *Best Regards,* *Karsten* * Am 20.04.2016 um 11:17 schrieb juya Kim: > Dear Karsten, > > I am now working to compile globalplatform but, compile error is shown > and I do not really what the problem is. > > Platform : Mac OS X El Capitan > Cmake : ver 2.8.12.2 > zlib : used pre-installed lib from Mac > openssl : > This is compile error as below > > Thanks for your help in advance! > BR > > -- The C compiler identification is Clang 7.0.0 > -- Check for working C compiler: /usr/bin/cc > -- Check for working C compiler: /usr/bin/cc -- works > -- Detecting C compiler ABI info > -- Detecting C compiler ABI info - done > -- Found Doxygen: /Applications/Doxygen.app/Contents/Resources/doxygen > (found version "1.8.10") > -- Found DOXYFILE_IN: > /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/Doxyfile.in > > -- Found PkgConfig: /usr/local/bin/pkg-config (found version "0.29") > -- checking for module 'libpcsclite' > -- found libpcsclite, version 1.8.16 > -- Found PCSC: pcsclite > -- Found OpenSSL: > /usr/local/lib/libssl.dylib;/usr/local/lib/libcrypto.dylib (found > version "1.1.0-pre4") > -- Found ZLIB: /usr/local/lib/libz.dylib (found version "1.2.8") > -- Configuring done > -- Generating done > -- Build files have been written to: > /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake > Marcs-MacBook-Pro:globalplatform-code-471-branches-libglobalplatform_cmake > juyakim$ make > *Scanning dependencies of target globalplatform* > [ 10%] Building C object src/CMakeFiles/globalplatform.dir/connection.c.o > In file included from > /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:19: > */Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/dyn_generic.h:42:57: > **error: **unknown type name 'LPCTSTR'; did you mean 'LPCSTR'?* > OPGP_ERROR_STATUS DYN_LoadLibrary(PVOID *libraryHandle, LPCTSTR > libraryName, LPCTSTR version); > * ^~~~~~~* > LPCSTR > */usr/local/include/PCSC/wintypes.h:69:25: note: *'LPCSTR' declared here > typedef const char *LPCSTR; > * ^* > In file included from > /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:19: > */Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/dyn_generic.h:42:78: > **error: **unknown type name 'LPCTSTR'; did you mean 'LPCSTR'?* > OPGP_ERROR_STATUS DYN_LoadLibrary(PVOID *libraryHandle, LPCTSTR > libraryName, LPCTSTR version); > * > ^~~~~~~* > > LPCSTR > */usr/local/include/PCSC/wintypes.h:69:25: note: *'LPCSTR' declared here > typedef const char *LPCSTR; > * ^* > In file included from > /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:19: > */Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/dyn_generic.h:50:78: > **error: **unknown type name 'LPCTSTR'; did you mean 'LPCSTR'?* > OPGP_ERROR_STATUS DYN_GetAddress(PVOID libraryHandle, PVOID > *functionHandle, LPCTSTR functionName); > * > ^~~~~~~* > > LPCSTR > */usr/local/include/PCSC/wintypes.h:69:25: note: *'LPCSTR' declared here > typedef const char *LPCSTR; > * ^* > */Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:61:70: > **error: **expected ')'* > errorStatus = DYN_LoadLibrary(&cardContext->libraryHandle, > (LPCTSTR)cardContext->libraryName, (LPCTSTR)cardContext->libraryVersion); > * > ^* > */Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:61:31: > note: *to match this '(' > errorStatus = DYN_LoadLibrary(&cardContext->libraryHandle, > (LPCTSTR)cardContext->libraryName, (LPCTSTR)cardContext->libraryVersion); > * ^* > 4 errors generated. > make[2]: *** [src/CMakeFiles/globalplatform.dir/connection.c.o] Error 1 > make[1]: *** [src/CMakeFiles/globalplatform.dir/all] Error 2 > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
From: juya K. <sty...@gm...> - 2016-04-20 09:17:11
|
Dear Karsten, I am now working to compile globalplatform but, compile error is shown and I do not really what the problem is. Platform : Mac OS X El Capitan Cmake : ver 2.8.12.2 zlib : used pre-installed lib from Mac openssl : This is compile error as below Thanks for your help in advance! BR -- The C compiler identification is Clang 7.0.0 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Found Doxygen: /Applications/Doxygen.app/Contents/Resources/doxygen (found version "1.8.10") -- Found DOXYFILE_IN: /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/Doxyfile.in -- Found PkgConfig: /usr/local/bin/pkg-config (found version "0.29") -- checking for module 'libpcsclite' -- found libpcsclite, version 1.8.16 -- Found PCSC: pcsclite -- Found OpenSSL: /usr/local/lib/libssl.dylib;/usr/local/lib/libcrypto.dylib (found version "1.1.0-pre4") -- Found ZLIB: /usr/local/lib/libz.dylib (found version "1.2.8") -- Configuring done -- Generating done -- Build files have been written to: /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake Marcs-MacBook-Pro:globalplatform-code-471-branches-libglobalplatform_cmake juyakim$ make Scanning dependencies of target globalplatform [ 10%] Building C object src/CMakeFiles/globalplatform.dir/connection.c.o In file included from /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:19: /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/dyn_generic.h:42:57: error: unknown type name 'LPCTSTR'; did you mean 'LPCSTR'? OPGP_ERROR_STATUS DYN_LoadLibrary(PVOID *libraryHandle, LPCTSTR libraryName, LPCTSTR version); ^~~~~~~ LPCSTR /usr/local/include/PCSC/wintypes.h:69:25: note: 'LPCSTR' declared here typedef const char *LPCSTR; ^ In file included from /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:19: /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/dyn_generic.h:42:78: error: unknown type name 'LPCTSTR'; did you mean 'LPCSTR'? OPGP_ERROR_STATUS DYN_LoadLibrary(PVOID *libraryHandle, LPCTSTR libraryName, LPCTSTR version); ^~~~~~~ LPCSTR /usr/local/include/PCSC/wintypes.h:69:25: note: 'LPCSTR' declared here typedef const char *LPCSTR; ^ In file included from /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:19: /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/dyn_generic.h:50:78: error: unknown type name 'LPCTSTR'; did you mean 'LPCSTR'? OPGP_ERROR_STATUS DYN_GetAddress(PVOID libraryHandle, PVOID *functionHandle, LPCTSTR functionName); ^~~~~~~ LPCSTR /usr/local/include/PCSC/wintypes.h:69:25: note: 'LPCSTR' declared here typedef const char *LPCSTR; ^ /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:61:70: error: expected ')' errorStatus = DYN_LoadLibrary(&cardContext->libraryHandle, (LPCTSTR)cardContext->libraryName, (LPCTSTR)cardContext->libraryVersion); ^ /Users/juyakim/Downloads/globalplatform-code-471-branches-libglobalplatform_cmake/src/connection.c:61:31: note: to match this '(' errorStatus = DYN_LoadLibrary(&cardContext->libraryHandle, (LPCTSTR)cardContext->libraryName, (LPCTSTR)cardContext->libraryVersion); ^ 4 errors generated. make[2]: *** [src/CMakeFiles/globalplatform.dir/connection.c.o] Error 1 make[1]: *** [src/CMakeFiles/globalplatform.dir/all] Error 2 |
From: Karsten O. <wid...@t-...> - 2014-09-21 16:12:10
|
Hi Till, Due to the fact that multiple users had the problem of creating tickets, I have taken some time and examined this. The default setting was, that nobody could create a ticket. I have fixed this now. Can you please try again to use the ticket tool? Do you need some source code access? Will you also create package from the trunk, when the it is finished? Regards, Karsten Am 21.09.2014 08:58, schrieb Till Maas: > Hi, > > as proposed in > https://sourceforge.net/p/globalplatform/mailman/message/32805095/ > (since SourceForge does not expose the message id in the archive, I > cannot reply to the mail directly) > I started building packages for the following branch: > https://sourceforge.net/p/globalplatform/code/HEAD/tree/branches/globalplatform-nssgpkeys-rhcsdiversification/ > > It seems to me that the SF.net bug tracker for Globalplatform does not > allow me to create new bugs. Therefore I would like to report some > issues here: > > 1) gpshell installs its manpage into /usr/share/doc/gpshell instead of > /usr/share/man/man1 > > 2) The doc files include CMakeList.txt > > 3) Is it possible to specify the doc path to cmake? Because on Fedora 19 > the doc files should be installed to /usr/share/doc/gpshell-$VERSION > > Regards > Till > > ------------------------------------------------------------------------------ > Slashdot TV. Video for Nerds. Stuff that Matters. > http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers > |
From: Till M. <ope...@ti...> - 2014-09-21 06:58:39
|
Hi, as proposed in https://sourceforge.net/p/globalplatform/mailman/message/32805095/ (since SourceForge does not expose the message id in the archive, I cannot reply to the mail directly) I started building packages for the following branch: https://sourceforge.net/p/globalplatform/code/HEAD/tree/branches/globalplatform-nssgpkeys-rhcsdiversification/ It seems to me that the SF.net bug tracker for Globalplatform does not allow me to create new bugs. Therefore I would like to report some issues here: 1) gpshell installs its manpage into /usr/share/doc/gpshell instead of /usr/share/man/man1 2) The doc files include CMakeList.txt 3) Is it possible to specify the doc path to cmake? Because on Fedora 19 the doc files should be installed to /usr/share/doc/gpshell-$VERSION Regards Till |
From: Karsten O. <wid...@t-...> - 2014-09-07 13:26:09
|
Hi Till, I would prefer that you take the new code, so that from the new code when it is released a package can be easily build. You can also get SVNaccess so that you can put your package description files to it, if you like. BR, Karsten Am 07.09.2014 10:08, schrieb Till Maas: > Hi, > > I would like to get some experience using/programming JavaCard smart > cards. Therefore I would like to package GlobalPlatform for Fedora. > However I noticed that the latest releases are from 2010, but there are > recent commits in the SVN repositories. Can you please tell me, which is > the best code that should be packaged and can you maybe create a new > release to make packaging easier, if it is not the old code that should > be used? > > Kind regards > Till > > ------------------------------------------------------------------------------ > Slashdot TV. > Video for Nerds. Stuff that matters. > http://tv.slashdot.org/ > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers > |
From: Till M. <ope...@ti...> - 2014-09-07 08:43:42
|
Hi, I would like to get some experience using/programming JavaCard smart cards. Therefore I would like to package GlobalPlatform for Fedora. However I noticed that the latest releases are from 2010, but there are recent commits in the SVN repositories. Can you please tell me, which is the best code that should be packaged and can you maybe create a new release to make packaging easier, if it is not the old code that should be used? Kind regards Till |
From: Karsten O. <wid...@t-...> - 2014-06-25 17:46:49
|
Hi Aurélien, Thanks a lot for the patch. The bug is already fixed in the trunk. The SCP03 is still in development, with my card the problems begin with the card cryptogram, because my cards might be using some unknown key derivation. Another global platform user is helping me in the meanwhile with SCP03. Do you have a card supporting SCP03? Can you help here out? A complete sequence of a mutual authentication with the used keys would already by very helpful. Best, Karsten Am 25.06.2014 11:20, schrieb Aurelien Buhrig: > The message in plain text... > Aurelien >> Hi, >> >> Looking at the mutual_authentication code for SCP03, it seems that you >> calculate the host cryptogram using the S-ENC session key whereas SCP03 >> v1.1.0.2 specification stipulates it is computed using S-MAC session key. >> >> I cannot test the patch but hope it helps supporting SCP03. >> >> Cheers, >> Aurélien >> >> >> ------------------------------------------------------------------------------ >> Open source business process management suite built on Java and Eclipse >> Turn processes into business applications with Bonita BPM Community Edition >> Quickly connect people, data, and systems into organized workflows >> Winner of BOSSIE, CODIE, OW2 and Gartner awards >> http://p.sf.net/sfu/Bonitasoft >> >> >> _______________________________________________ >> Globalplatform-developers mailing list >> Glo...@li... >> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
From: Aurelien B. <aur...@gm...> - 2014-06-25 09:20:35
|
The message in plain text... Aurelien > Hi, > > Looking at the mutual_authentication code for SCP03, it seems that you > calculate the host cryptogram using the S-ENC session key whereas SCP03 > v1.1.0.2 specification stipulates it is computed using S-MAC session key. > > I cannot test the patch but hope it helps supporting SCP03. > > Cheers, > Aurélien |
From: Karsten O. <wid...@t-...> - 2014-05-28 17:01:30
|
Hi Philip, yes, the problem is still unsolved. I had no success and have given up after several days without any progress. Maybe the problem is simple and only an unknown key derivation protocol, but every single bit has a avalanche affect in the encrypted result, so no chance for me to talk to the card. If you can help here this would be great. Please contact me directly for the details. BR, Karsten Am 28.05.2014 16:27, schrieb Philip Wendland: > Hi, > > I know this request is old, but I see SCP03 is still not working. Do you > still need help with this? > > Kind Regards, > Philip > > >> Hi all, >> >> I'm trying now for some time to get the secure channel protocol 03 >> working. This protocol is used with some newer cards like from G&D >> and Gemalto. G&D is not willing to help here, it is impossible to >> buy cards without signing an NDA and information are not given out, >> because the SF GlobalPlatform project compete with their own >> product was a statement I received. Gemalto cards can be ordered by >> anybody without signing anything, but I also cannot get it working. >> I have asked in the Gemalto bulletin board, but got no answer. I >> haven't asked Gemalto directly, I will try this as next. >> >> I have no manuals here so I don't know what causes the problems in >> my implementation. Can anybody help with some infos about these >> cards? I.e. what are the default keys, are some key derivation >> methods used, what are testing vectors with what key. >> >> Thanks, Karsten > ------------------------------------------------------------------------------ > Time is money. Stop wasting it! Get your web API in 5 minutes. > www.restlet.com/download > http://p.sf.net/sfu/restlet > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers > |
From: Philip W. <phi...@tu...> - 2014-05-28 14:27:52
|
Hi, I know this request is old, but I see SCP03 is still not working. Do you still need help with this? Kind Regards, Philip > Hi all, > > I'm trying now for some time to get the secure channel protocol 03 > working. This protocol is used with some newer cards like from G&D > and Gemalto. G&D is not willing to help here, it is impossible to > buy cards without signing an NDA and information are not given out, > because the SF GlobalPlatform project compete with their own > product was a statement I received. Gemalto cards can be ordered by > anybody without signing anything, but I also cannot get it working. > I have asked in the Gemalto bulletin board, but got no answer. I > haven't asked Gemalto directly, I will try this as next. > > I have no manuals here so I don't know what causes the problems in > my implementation. Can anybody help with some infos about these > cards? I.e. what are the default keys, are some key derivation > methods used, what are testing vectors with what key. > > Thanks, Karsten |
From: Karsten O. <wid...@t-...> - 2014-03-28 11:28:46
|
Hi, I have applied the path to the trunk. The bug tracker is here: https://sourceforge.net/p/globalplatform/bugs/ I have created a ticket. Can I included you and Douglas in the authors list for this bugfix? BR, Karsten Am 27.03.2014 16:54, schrieb Greg Troxel: > I couldn't find a bugtracker for gpshell. > Could someone integrate the following patch to gpshell? > > http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/security/gpshell/patches/patch-src_gpshell.c?rev=1.1&content-type=text/x-cvsweb-markup&only_with_tag=MAIN > > (Thanks to Douglas Engert for help figuring this out.) > > Greg > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
From: Greg T. <gd...@ir...> - 2014-03-27 15:54:59
|
I couldn't find a bugtracker for gpshell. Could someone integrate the following patch to gpshell? http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/security/gpshell/patches/patch-src_gpshell.c?rev=1.1&content-type=text/x-cvsweb-markup&only_with_tag=MAIN (Thanks to Douglas Engert for help figuring this out.) Greg |
From: Aaron C. <ac...@gm...> - 2014-02-16 21:52:41
|
Hello, I just wanted to confirm - both GPShell and Globalplatform are under the terms of the LGPL, correct? The LICENSE file indicates LGPL, but the README file refers the user to COPYING, which (I think) indicates the regular GPL. I created a tool that decrypts saved GPSC sessions that are recorded in a file. This tool uses portions of the GlobalPlatform library's source code (specifically, mutual_authentication() and some crypto routines) and I was going to commit this tool to a new SourceForge project under the same license terms as GlobalPlatform. (I thought about branching GlobalPlatform instead, but reading APDUs from a file doesn't seem very compatible with the current GlobalPlatform library's model of directly interfacing with a smart card on behalf of the caller. So, new project it is - I think...) Just let me know. Also, are there any other licensing pitfalls I should be aware of? V/r, Aaron Curley |
From: Aaron C. <ac...@gm...> - 2014-02-01 22:39:39
|
Karsten, Thanks for the quick reply. My SF username is accwebs. My NSS experience is limited so I may be doing things incorrectly; however, the path that I'm currently following is to use NSS's PK11 library. So, as long as an HSM can be registered as a "slot" in the NSS database, I believe the HSM should be able to work with my code. Database path and slot name are configurable in the GP shell script although I'm still trying to work out the best possible command syntax. As for libopencryptoki, I *think* that NSS's "internal" slot may be implemented by libopencryptoki, so we may be thinking along the same lines. (Unfortunately, NSS's documentation is practically nonexistent so its hard to understand its architecture so I can speak intelligently on the subject.) V/r, Aaron On 2/1/2014 5:24 PM, Karsten Ohme wrote: > Hi, > > of course this is of interest. Nice would be a generic PKCS#11 > implementation, preferably using libopencryptoki, so every HSM can be > supported. Could you provide this? > > A separate branch created from the trunk is a good idea for the start, > and if everything is working this can be merged back. > > Please send me your SF account and you will get the access to the > repository. > > Thanks, > Karsten > > Am 01.02.2014 23:19, schrieb Aaron Curley: >> Hello, >> >> Over the past few days, I've implemented (very) basic >> GPShell/GlobalPlatform support for using an NSS token to establish GPSC >> sessions. The advantage of NSS support is that the GP secure channel >> keys can be stored in an HSM (rather than in plaintext in the script >> files). Using an HSM to store the GP keys is a requirement for me. >> >> Right now this support is very hackish and only works with SCP01; >> however, I'm (hopefully) going to be adding SCP02 support over the next >> few days. Things are a bit tricky because some of the crypto needs to >> be migrated to the NSS token, but on the plus side, due to the >> prevalence of session keys in the GP spec, most of the crypto code can >> remain openssl (only the session key generation functions need to be >> duplicated and ported to NSS). >> >> If there's any interest in me sharing this NSS implementation, can I get >> commit rights? I'm currently thinking that a separate branch is the >> best place to put this experimental code. I'm not sure of the >> granularity of the access controls you're allowed, but if it's possible >> to restrict my access to that a new "globalplatform-nss" branch that you >> create, that'd be fine with me. >> >> Anyways, just let me know if you're interested. >> >> V/r, >> Aaron >> >> ------------------------------------------------------------------------------ >> WatchGuard Dimension instantly turns raw network data into actionable >> security intelligence. It gives you real-time visual feedback on key >> security issues and trends. Skip the complicated setup - simply import >> a virtual appliance and go from zero to informed in seconds. >> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk >> _______________________________________________ >> Globalplatform-developers mailing list >> Glo...@li... >> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >> > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
From: Karsten O. <wid...@t-...> - 2014-02-01 22:24:24
|
Hi, of course this is of interest. Nice would be a generic PKCS#11 implementation, preferably using libopencryptoki, so every HSM can be supported. Could you provide this? A separate branch created from the trunk is a good idea for the start, and if everything is working this can be merged back. Please send me your SF account and you will get the access to the repository. Thanks, Karsten Am 01.02.2014 23:19, schrieb Aaron Curley: > Hello, > > Over the past few days, I've implemented (very) basic > GPShell/GlobalPlatform support for using an NSS token to establish GPSC > sessions. The advantage of NSS support is that the GP secure channel > keys can be stored in an HSM (rather than in plaintext in the script > files). Using an HSM to store the GP keys is a requirement for me. > > Right now this support is very hackish and only works with SCP01; > however, I'm (hopefully) going to be adding SCP02 support over the next > few days. Things are a bit tricky because some of the crypto needs to > be migrated to the NSS token, but on the plus side, due to the > prevalence of session keys in the GP spec, most of the crypto code can > remain openssl (only the session key generation functions need to be > duplicated and ported to NSS). > > If there's any interest in me sharing this NSS implementation, can I get > commit rights? I'm currently thinking that a separate branch is the > best place to put this experimental code. I'm not sure of the > granularity of the access controls you're allowed, but if it's possible > to restrict my access to that a new "globalplatform-nss" branch that you > create, that'd be fine with me. > > Anyways, just let me know if you're interested. > > V/r, > Aaron > > ------------------------------------------------------------------------------ > WatchGuard Dimension instantly turns raw network data into actionable > security intelligence. It gives you real-time visual feedback on key > security issues and trends. Skip the complicated setup - simply import > a virtual appliance and go from zero to informed in seconds. > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers > |
From: Aaron C. <ac...@gm...> - 2014-02-01 22:19:19
|
Hello, Over the past few days, I've implemented (very) basic GPShell/GlobalPlatform support for using an NSS token to establish GPSC sessions. The advantage of NSS support is that the GP secure channel keys can be stored in an HSM (rather than in plaintext in the script files). Using an HSM to store the GP keys is a requirement for me. Right now this support is very hackish and only works with SCP01; however, I'm (hopefully) going to be adding SCP02 support over the next few days. Things are a bit tricky because some of the crypto needs to be migrated to the NSS token, but on the plus side, due to the prevalence of session keys in the GP spec, most of the crypto code can remain openssl (only the session key generation functions need to be duplicated and ported to NSS). If there's any interest in me sharing this NSS implementation, can I get commit rights? I'm currently thinking that a separate branch is the best place to put this experimental code. I'm not sure of the granularity of the access controls you're allowed, but if it's possible to restrict my access to that a new "globalplatform-nss" branch that you create, that'd be fine with me. Anyways, just let me know if you're interested. V/r, Aaron |
From: Karsten O. <wid...@t-...> - 2013-11-11 20:45:08
|
Hi, This is not supported in GPShell, but when the connections is secured, this is at least some kind of protection, so that no eavesropper can get the key. You are using encryptData and decryptData on the JavaCard GlobalPlatform API? Can you implement this kind of encryption, when you are getting access to the Sourceforge sources? Three things have to be implemented for this: * Extend the sendAPDU command to encrypt data * Add a parameter to GPShell to support this mode BR, Karsten Am 11.11.2013 17:22, schrieb Cazzatello Gaetano Francesco: > Hello, > I use your gpshell and I have some problem in order to send secure > messaging encypted with session dek key. > I do mutual authenticate and it is rigth. I can send clear apdu on > this secure session but how can encrypt some apdu with dek key? > > I send you my input file > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > mode_211 > enable_trace > establish_context > list_readers > enable_timer > > ################################################################################################## > # SIM > ################################################################################################## > card_connect -reader "Gemalto Prox-DU Contact_10B00200 1" > select -sdAID A000000151000000 // Select ISD > > open_sc -security 1 -keyver 0x20 -scp 2 -scpimpl 0x55 > -mac_key 404142434445464748494a4b4c4d4e4f -enc_key > 404142434445464748494a4b4c4d4e4f -kek_key > 404142434445464748494a4b4c4d4e4f // Open secure channel, 1:MAC > open_sc -security 3 -keyver 0x20 -scp 2 -scpimpl 0x55 -mac_key > 404142434445464748494a4b4c4d4e4f -enc_key > 404142434445464748494a4b4c4d4e4f -kek_key > 404142434445464748494a4b4c4d4e4f // Open secure channel, 3: MAC+ENC > send_apdu -sc 1 -APDU 84E2010003948400 // Get App Challenge - DGI > Application Challenge 9484) > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Thanks in advance > Questo messaggio e i suoi allegati sono indirizzati esclusivamente > alle persone indicate. La diffusione, copia o qualsiasi altra azione > derivante dalla conoscenza di queste informazioni sono rigorosamente > vietate. Qualora abbiate ricevuto questo documento per errore siete > cortesemente pregati di darne immediata comunicazione al mittente e di > provvedere alla sua distruzione, Grazie. > > /This e-mail and any attachments// is //confidential and may contain > privileged information intended for the addressee(s) only. > Dissemination, copying, printing or use by anybody else is > unauthorised. If you are not the intended recipient, please delete > this message and any attachments and advise the sender by return > e-mail, Thanks./ > > *rispetta l'ambienteRispetta l'ambiente. Non stampare questa mail se > non è necessario.* > > > > ------------------------------------------------------------------------------ > November Webinars for C, C++, Fortran Developers > Accelerate application performance with scalable programming models. Explore > techniques for threading, error checking, porting, and tuning. Get the most > from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk > > > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
From: Karsten O. <wid...@t-...> - 2013-10-17 15:13:31
|
Hi all, I'm trying now for some time to get the secure channel protocol 03 working. This protocol is used with some newer cards like from G&D and Gemalto. G&D is not willing to help here, it is impossible to buy cards without signing an NDA and information are not given out, because the SF GlobalPlatform project compete with their own product was a statement I received. Gemalto cards can be ordered by anybody without signing anything, but I also cannot get it working. I have asked in the Gemalto bulletin board, but got no answer. I haven't asked Gemalto directly, I will try this as next. I have no manuals here so I don't know what causes the problems in my implementation. Can anybody help with some infos about these cards? I.e. what are the default keys, are some key derivation methods used, what are testing vectors with what key. Thanks, Karsten |
From: Dmitry Eremin-S. <dba...@gm...> - 2012-02-02 17:21:10
|
Hello Karsten, While working on packaging globalplatform/gpshell for Debian, I noticed the following license problem which makes gpshell undistributable: gpshell is GPLv2+ licensed software which links to globalplatform library globalplatform library itself is an LGPLv2.1+ licensed library which links to OpenSSL library. In the end we have a GPLv2+ software linked with OpenSSL. However those two licenses are incompatible: see http://www.gnu.org/licenses/license-list.html#OpenSSL or http://people.gnome.org/~markmc/openssl-and-the-gpl.html This problem can be solved in several ways: 1) Add special expcetion to the gpshell (and ideally to globalplatform/gppcscconnector) to allow them to be linked with OpenSSL (see the second link for example of exact wording). 2) Rewrite ssl-related part to use libgcrypto or any other GPL-compatible library. Would you like/agree to add required exceptions to the gpshell license? Thank you for your time. P.S. During packaging I also produced several patches decoupling globalplatform library from libpcsclite/winscard, small fixes for build system, etc. Are you interested in them? -- With best wishes Dmitry |
From: Login S. E. V. <no...@la...> - 2010-04-09 01:59:42
|
Hello We received a request from Karsten Ohme using email address k_...@us..., trying to validate the email address glo...@li... for use in the Launchpad Login Service service. If you made this request, please click on the link below and complete the process to add glo...@li... to your existing Launchpad Login Service service account. https://login.launchpad.net/token/B38rfRfTgPvrTQtxCLp7/ If you did not make this request, please ignore this message or report it on https://forms.canonical.com/sso-support/ as a possible attempt at a security attack on your data. Thank you, The Launchpad Login Service service team |
From: Karsten O. <wid...@t-...> - 2007-08-23 01:13:52
|
Hello, I proudly present a new release of the GlobalPlatform library and GPShell. Now the following cards should work: Oberthur CosmopoliC 32K (OP201) CosmopoliC 64K V5.2 (GP211, SCP01, Impl05) Axalto Cyberflex e-gate 32k GemXpresso R3.2 E64 IBM JCOP v2.2 41 IBM JCOP 31 (36k) Nokia 6131 NFC Phone Axalto Cyberflex Access 64k The release has some minor bugfixes and adds some new sample files to GPShell. The prebuilt releases for Windows should now really work (zlib library was missing). For developers now Windows/Unix and Cygwin is supported. Mac OS X/XCode is still on the the to do list. Regards, Karsten |
From: Karsten O. <wid...@t-...> - 2007-01-04 15:44:01
|
Ali Utku Selen wrote: > Hi, > > Does GlobalPlatform Library have an Java equivalent? Wrapper generator? http://www.swig.org/ > > Thanks, > -AUS |
From: Karsten O. <wid...@t-...> - 2007-01-04 15:40:29
|
Ali Utku Selen wrote: > Hi, > > Does GlobalPlatform Library have an Java equivalent? Not until now. But the former library (OpenPlatform) has one. So, if you only have a OpenPlatform card 2.0.1' you can give it a try. "Snit Mo" wanted to develop a wrapper, but it isn't done until now. If you want to contribute you can take the OpenPlatform wrapper as a base and contribute to this project. It is not so difficult but it is a lot of boring work to develop a wrapper. By the way do you know of an automatic wrapper generator? I believe it should be possible to build one automatically, but I have not found such a tool. This would be a cool project ... Do you want to use library functions directly or would be the functionality offered by GPShell enough? You can call the program form Java. Regards, Karsten > > Thanks, > -AUS |
From: Karsten O. <wid...@t-...> - 2006-12-29 05:33:56
|
The CAP format has changed in JavaCard 2.2x. The release of yesterday did not obey this. Please use the new version 4.1.3 at http://sourceforge.net/projects/globalplatform/ The GPShell zip for Windows did contain the buggy library. I have fixed this. I changed the files but it is still version 1.4.0. So update it. The source gz did not change, only the documentation is different, so there is no absolute need to update it. Regards, Karsten |
From: Karsten O. <wid...@t-...> - 2006-12-28 09:22:44
|
Hello, I have released new version of GlobalPlatform library in version 4.0.3 and GPShell 1.4.0 under http://sourceforge.net/projects/globalplatform/ CAP files are now supported. It is not more necessary to transform a CAP file manually into the IJC (.ijc or .bin) format. GemXpresso Pro card should work now (at least the R3.2 E64). There are prebuild packages for the library for Windows including the linking library and the header files. I have tested under Debian GNU Linux and Windows XP with the following cards: CosmopoliC 64K V5.2 Axalto CyberFlex e-gate 32k GemXpresso R3.2 E64 IBM JCOP v2.2 41 The library is compatible with previous versions. A new function cap_to_ijc is defined. New documentation in PDF, HTML and Windows help format (.chm) is also released. Regards, Karsten |