Menu
▾
▴
opensc-devel
|
From: Alex S. <ml...@os...> - 2013-07-20 10:04:13
|
Hi, After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not working anymore. I was able to find and fix the reason, could someone from developers please take a look on this? https://github.com/OpenSC/OpenSC/issues/173 |
|
From: Douglas E. E. <dee...@an...> - 2013-07-22 14:26:14
|
On 7/20/2013 5:03 AM, Alex Samorukov wrote: > Hi, > > After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not > working anymore. I was able to find and fix the reason, could someone > from developers please take a look on this? > > https://github.com/OpenSC/OpenSC/issues/173 This sounds more like a problem with your card, or the way your card was initialized. Your fix does not fix the basic problem, of why when the card was initialized, the two Auth IDs are different. Have you looked at how your card was initialization was done? Can you find where the two authIDs are created? Why are they different lengths? > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
|
From: Alex S. <ml...@os...> - 2013-07-22 17:53:44
|
On 07/22/2013 04:26 PM, Douglas E. Engert wrote: >> Hi, >> >> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not >> working anymore. I was able to find and fix the reason, could someone >> from developers please take a look on this? >> >> https://github.com/OpenSC/OpenSC/issues/173 > This sounds more like a problem with your card, or the way your > card was initialized. > > Your fix does not fix the basic problem, of why when the card > was initialized, the two Auth IDs are different. > > Have you looked at how your card was initialization was done? > > Can you find where the two authIDs are created? > > Why are they different lengths? > > This card was formatted by official windows software for Fetian and it works correctly with it. I cant reformat the card with OpenSC now but i will ask for dumps in the official forum. |
|
From: Douglas E. E. <dee...@an...> - 2013-07-22 19:21:46
|
On 7/22/2013 12:53 PM, Alex Samorukov wrote: > On 07/22/2013 04:26 PM, Douglas E. Engert wrote: >>> Hi, >>> >>> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not >>> working anymore. I was able to find and fix the reason, could someone >>> from developers please take a look on this? >>> >>> https://github.com/OpenSC/OpenSC/issues/173 >> This sounds more like a problem with your card, or the way your >> card was initialized. >> >> Your fix does not fix the basic problem, of why when the card >> was initialized, the two Auth IDs are different. >> >> Have you looked at how your card was initialization was done? >> >> Can you find where the two authIDs are created? >> >> Why are they different lengths? >> >> > This card was formatted by official windows software for Fetian and it works correctly with it. I cant reformat the card with OpenSC now but i will ask for dumps in the official forum. > So should this fix be in the Fetian drive only? The problem I have with your patch is it applies to all cards but the problem appears to be in the Fetian card or maybe in the driver. When you run the test on 0.12, do the AuthID show up as two different lengths? -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
|
From: Alex S. <ml...@os...> - 2013-07-23 09:31:16
|
On 07/22/2013 11:27 PM, Douglas E. Engert wrote: > >>> When you run the test on 0.12, do the AuthID show up as >>> two different lengths? >> Yes, it is. Only difference in .12 is that code logic will add all >> keys anyway (and this code was removed in .13). But this check will >> fail as well. >> > > So the change should be to add all the keys back in, and try and > accommodate the > difference for the Fetian card? Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested this patch and it works for me. I don`t think that we need to add all keys like before because it does looks to be good. This workaround addressing only this specific issue. |
|
From: Douglas E. E. <dee...@an...> - 2013-07-23 14:10:09
|
OK, your mod looks better. I will let others continue the review and update process. On 7/23/2013 4:31 AM, Alex Samorukov wrote: > On 07/22/2013 11:27 PM, Douglas E. Engert wrote: >> >>>> When you run the test on 0.12, do the AuthID show up as >>>> two different lengths? >>> Yes, it is. Only difference in .12 is that code logic will add all >>> keys anyway (and this code was removed in .13). But this check will >>> fail as well. >>> >> >> So the change should be to add all the keys back in, and try and >> accommodate the >> difference for the Fetian card? > Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested this > patch and it works for me. I don`t think that we need to add all keys > like before because it does looks to be good. This workaround addressing > only this specific issue. > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
|
From: Jean-Michel P. - G. <jm...@go...> - 2013-08-03 09:07:18
Attachments:
smime.p7s
|
Le mardi 23 juillet 2013 à 11:31 +0200, Alex Samorukov a écrit : > Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested > this > patch and it works for me. I don`t think that we need to add all keys > like before because it does looks to be good. This workaround > addressing > only this specific issue. Thanks for this patch. I will try and report. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu |
|
From: Alex S. <ml...@os...> - 2013-08-03 20:33:04
|
On 08/03/2013 10:47 AM, Jean-Michel Pouré - GOOZE wrote: > Le mardi 23 juillet 2013 à 11:31 +0200, Alex Samorukov a écrit : >> Done, in https://github.com/OpenSC/OpenSC/pull/174/files. I tested >> this >> patch and it works for me. I don`t think that we need to add all keys >> like before because it does looks to be good. This workaround >> addressing >> only this specific issue. > Thanks for this patch. > I will try and report. > > Thank you. Please also see notes in [1], it would be great to get it resolved somehow. Now i reformatted card using OpenSC but at least website claim r/o compatibility with Windows tool, so it would be great to have it in recent version. [1] https://github.com/OpenSC/OpenSC/issues/173 |
|
From: Anders R. <and...@te...> - 2013-07-22 14:45:02
|
On 2013-07-20 12:03, Alex Samorukov wrote: > Hi, > > After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not > working anymore. I was able to find and fix the reason, could someone > from developers please take a look on this? > > https://github.com/OpenSC/OpenSC/issues/173 We should be happy that for example the disk industry didn't adopt the concept that "all hard drives are unique and needs unique settings and/or middleware". Anders > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Alex S. <ml...@os...> - 2013-07-22 17:49:21
|
On 07/22/2013 04:44 PM, Anders Rundgren wrote: > On 2013-07-20 12:03, Alex Samorukov wrote: >> Hi, >> >> After upgrading to OpenSC 0.13 i found that pkcs11 auth in FF is not >> working anymore. I was able to find and fix the reason, could someone >> from developers please take a look on this? >> >> https://github.com/OpenSC/OpenSC/issues/173 > We should be happy that for example the disk industry didn't adopt the concept > that "all hard drives are unique and needs unique settings and/or middleware". Thank you for reply: 1) Card was formatted using Windows utility and working correctly in it. 2) Card was working in 0.12.2 because we were adding _all_ keys, not only matched. 3) Card is working good in Windows with native drivers, so it is kind of "designed" behavior. Now situation is very simple - there is a regression in the Fetian card support. I am completely agree that it does not look right (different length), but its the way it was working before. Unfortunately we cant compare situation with hard drives, because with smart-cards situation is very different. I cant now reformat this card (because i am storing private key in it) but i will ask seller to provide dump from the card formatted in the OpenSC. May be we should add some kind of quirks to the driver definition? It would be great to have this fixed. Without this fix it is not possible to use card in Java apps or Firefox/Thunderbird. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X