Igor Delovski Board Forum Index Igor Delovski Board
My Own Personal Slashdot!
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

PCSC

 
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> General Programming
General Programming  
Author Message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Sun Feb 12, 2017 3:13 am    Post subject: PCSC Reply with quote

Ludovic Rousseau - PCSC sample in Objective-C

Ludovic Rousseau - PCSC sample in C

"In Yosemite (Mac OS X 10.10) Apple introduced a new API to access smart
cards. See OS X Yosemite and smart cards status.

This API is not a wrapper above PC/SC. It is the native API to be used on Mac
OS X. You do not need to install it, it comes with the OS. "
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Sun Feb 12, 2017 3:57 am    Post subject: Reply with quote

Ludovic Rousseau - Differences between Apple pcsc-lite and the "official" pcsc-lite


Do not support USB devices with more than 1 CCID interface (bug #10469006)
Do not support extended APDU longer than 1958 bytes (bug #9983001 and #7334726)
Do not support more than 16 PCSC contexts per application (bug #10038432)
reader.h header file is not provided in the PCSC Framework (bug #7101554)
pcscd does not support TAG_IFD_THREAD_SAFE (bug #6584566)
pcscd crashes when the smart card reader is removed when in communication (bug #6114944)
PC/SC never returns the warm ATR of a dual-ATR card (bug #5964019)
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Tue Mar 28, 2017 4:50 pm    Post subject: Reply with quote

github - OpenSC - tools and libraries for smart cards

"OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
their use in security applications such as authentication, mail encryption and
digital signatures. OpenSC implements the PKCS#11 API so applications sup-
porting this API (such as Mozilla Firefox and Thunderbird) can use it. On the
card OpenSC implements the PKCS#15 standard and aims to be compatible
with every software/card that does so, too."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Mon May 08, 2017 9:35 am    Post subject: Reply with quote

LR - macOS Sierra and (legacy) smart card login

"It is easy to configure a user account to use a smartcard to login with macOS
Sierra. Some steps are not easy to guess so I wrote this documentation for me
to remember."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Mon May 22, 2017 12:21 pm    Post subject: Reply with quote

LR - pcsc-tools

"These tools are used to test a PC/SC driver, card or reader or send commands
in a friendly environment (text or graphical user interface)."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 24, 2017 8:36 am    Post subject: Reply with quote

so - Mac OS X El Capitan Smart Card Services PKCS#11 Tokend
compilation and installation


"I would like to install PKCS#11 Tokend to my Mac OS X El Capitan (10.11.2)
so I can access PKCS#11 enabled devices from Safari.

In my experience, you'd be better off using OpenSC with tokend fork. It builds
OK on Mac OS X 10.10 and 10.11, and supports RSA and ECC tokens (and SHA-2)."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 24, 2017 8:54 am    Post subject: Reply with quote

LR - Free software Tokend above PKCS#11 (for Mac OS X)

"Gemalto released the source code of its tokend.

PKCS#11 Tokend

The goal of this tokend is to be able to use any PKCS#11 library in CDSA and
then with native Apple Applications (Mail, Safari, Key Chain, File Vault, etc.)"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 24, 2017 10:43 am    Post subject: Reply with quote

so - How exactly does __attribute__((constructor)) work?

"Here is another concrete example.It is for a shared library. The shared
library's main function is to communicate with a smart card reader. But
it can also receive 'configuration information' at runtime over udp. The
udp is handled by a thread which MUST be started at init time."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 24, 2017 11:05 am    Post subject: Reply with quote

tools.ietf.org - The PKCS #11 URI Scheme

"This memo specifies a PKCS #11 Uniform Resource Identifier (URI) Scheme
for identifying PKCS #11 objects stored in PKCS #11 tokens and also for
identifying PKCS #11 tokens, slots, or libraries. The URI scheme is based on
how PKCS #11 objects, tokens, slots, and libraries are identified in 'PKCS #11
v2.20: Cryptographic Token Interface Standard'."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 24, 2017 11:52 am    Post subject: Reply with quote

oasis-open.org - PKCS #11 Cryptographic Token Interface Base Specification Version 2.40

"This document specifies the data types and functions available to an applica-
tion requiring cryptographic services using the ANSI C programming language.
The supplier of a Cryptoki library implementation typically provides these data
types and functions via ANSI C header files. Generic ANSI C header files for
Cryptoki are available from the PKCS#11 web page. This document and up-to-
date errata for Cryptoki will also be available from the same place."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 31, 2017 10:57 am    Post subject: Reply with quote

tech.springcard.com - PC/SC UNDER UNIX/LINUX/MAC WITH PCSC-LITE

"Starting with MacOS X version 10.4, the PCSC-Lite package and the CCID
driver are included in the system. We just need to add entries for SpringCard
readers into the configuration file of the CCID driver to have them supported.

CCID driver's Info.plist

/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 31, 2017 12:02 pm    Post subject: Reply with quote

appspot.com - Smart card ATR parsing

"Enter an ATR (Answer To Reset) and I will parse it for you."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed May 31, 2017 12:08 pm    Post subject: Reply with quote

gemalto.com - IDGo 800

"IDGo 800 is a cryptographic middleware suite supporting the IDPrime .NET
and MD smart cards and secure elements range.

The IDGo 800 suite includes several components:
- IDGo 800 Minidriver, available on Windows environments
- IDGo 800 Credential Provider, available on Windows environments
- IDGo 800 PKCS#11 libraries, available on Windows, Mac OS and Linux environments"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Mon Jun 05, 2017 2:59 pm    Post subject: Reply with quote

travis_fold:start:git.checkout

"[1mSetOwnerAndGroup travis:staff /Users/travis/build/OpenSC/OpenSC/target/Library/Security/tokend/OpenSC.tokend

cd /Users/travis/build/OpenSC/OpenSC/OpenSC.tokend

/usr/sbin/chown -RH travis:staff /Users/travis/build/OpenSC/OpenSC/target/Library/Security/tokend/OpenSC.tokend



SetMode u+w,go-w,a+rX /Users/travis/build/OpenSC/OpenSC/target/Library/Security/tokend/OpenSC.tokend

cd /Users/travis/build/OpenSC/OpenSC/OpenSC.tokend

/bin/chmod -RH u+w,go-w,a+rX /Users/travis/build/OpenSC/OpenSC/target/Library/Security/tokend/OpenSC.tokend



RegisterWithLaunchServices /Users/travis/build/OpenSC/OpenSC/target/Library/Security/tokend/OpenSC.tokend

cd /Users/travis/build/OpenSC/OpenSC/OpenSC.tokend

builtin-lsRegisterURL /Users/travis/build/OpenSC/OpenSC/target/Library/Security/tokend/OpenSC.tokend

note: Registration was skipped, code -10811"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed Jun 21, 2017 11:59 am    Post subject: Reply with quote

a - tokend: MAC OS 10.11 support

"<x-man-page://7/SmartCardServices>

Take a look at the SmartCardServices man page. Language was added in
OS X El Capitan to make it clear that tokend modules can be installed in
/Library/Security/tokend."


manpagez.com - man SmartCardServices-legacy

"DISABLING NEW SMART CARD SUPPORT

It is possible to turn of the new tokens by setting the global preference:

sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array com.apple.CryptoTokenKit.pivtoken"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed Jun 21, 2017 12:43 pm    Post subject: Reply with quote

LR - macOS Sierra: Smart Card Driver Extensions

"Support for Smart Card Driver Extensions
You can now create NSExtension-based smart card drivers, allowing the
contents of certain types of smart cards to be presented as part of the
system keychain. This mechanism is intended to replace the deprecated
Common Data Security Architecture, although for macOS 10.12, both
architectures are supported."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Mon Jun 26, 2017 8:46 am    Post subject: Reply with quote

piv-guides - Document Mac OS PIV tokend use and support

"Your PIV authentication key pair and public cert is exactly like using a self-
signed cert and key pair to SSH

The key pair and certificate are on hardware PIV card

Ensure your workstation or jump server can recognize the credential and
enabling the correct drivers on the client are included"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Thu Jul 06, 2017 9:03 am    Post subject: Reply with quote

lr - pcscd debug output on Mac OS X

"The important option here is -s. If you want to disable the automatic launch
of pcscd you need to start securityd with -s off. But you do not start securityd
yourself. securityd is started by another daemon: launchd.

/System/Library/LaunchDaemons/com.apple.securityd.plist."


Code:
<array>
  <string>/usr/sbin/securityd</string>
  <string>-i</string>
  <string>-s</string>
  <string>off</string>
 </array>


in terminal: pcscd --foreground --debug --apdu

Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Thu Jul 13, 2017 5:51 pm    Post subject: Reply with quote

Tokend-Dev -- Tokend Developer Discussions

"This Tokend-Dev list is intended for the discussion of all things related to the
development of Tokend modules to support various Smart Cards and emerging
token devices. You should send any questions you have on developing your
own Tokend module and issues specific to Tokend interaction with your Smart
Card(s)."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Jul 14, 2017 1:09 pm    Post subject: Reply with quote

scs - Gemalto Tokend problem on ElCapitain & Sierra

"token in reader ActivIdentity USB Reader V3 cannot be used (error 100002)"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Jul 14, 2017 1:10 pm    Post subject: Reply with quote

apple - PIVToken: Using CryptoTokenKit to add support for new types of tokens

"This sample demonstrates how to write an extension for CryptoTokenKit
framework to support new types of SmartCards or any other cryptographic
token."


apple - CryptoTokenKit Framework

"Access Smart Cards and manage user interactions."


Last edited by Ike on Mon Aug 07, 2017 8:52 am; edited 1 time in total
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Wed Jul 19, 2017 11:54 am    Post subject: Reply with quote

scs - CVE-2013-1867: tokend (Apple, Gemalto) - privacy leak & arbitrary file creation

"A telltale sign of this is the existence of directories with the card-label in
locations such as /var/db, /etc or /usr/share. In fact, a search for any file
or directory names that matches part of the label of the chipcard or any of
its tokens is propably a concern. See CVE-2013-1866 for related information."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Mon Jul 24, 2017 1:24 pm    Post subject: Reply with quote

fda - Running PIVToken example [SOLVED]

I have downloaded PIVToken example from here and trying to run it. I have
put several breakpoints in the source code, but when I run it from XCode,
none of them gets hit.
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Sep 01, 2017 12:21 pm    Post subject: Reply with quote

lists.apple - Multiple PIN Handling/On-Access PIN in TokenD

"I've tried using 2 PIN slots in the TokenD and assigning the relevant Records
and KeyHandles to use slot 1 for applet A's items and slot 2 for applet B's
items... and it seems to "get it" when it needs to authenticate for using applet
B's items the first time... however when it goes and checks for pinStatus the
second time around after it had authenticated once to B, it looks for the
pinStatus on slot 1... not the slot 2 that is assigned as the owner and the
necessary ACL authorizer for decrypt/sign..."
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Sep 01, 2017 1:17 pm    Post subject: Reply with quote

lists.apple.com - Apple-CDSA

"Apple's implementation of CDSA. (Common Data Security Architecture)"
Back to top
View user's profile Send private message
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Sep 01, 2017 2:57 pm    Post subject: Reply with quote

esteid-tokend - Known issues

"Only authentication certificate (only that certificate is registered in keychain
and only authentication related functions are supported) and PIN1 is supported
since keychain pin dialog does not identify which pin is asked from user (IB-4070)"
Back to top
View user's profile Send private message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Tue Oct 24, 2017 9:11 am    Post subject: Reply with quote

ars - Crippling crypto weakness opens millions of smartcards to cloning

"Gemalto IDPrime.NET almost certainly isn't the only smartcard vulnerable
to ROCA.

The vulnerability resides in all RSA keys generated by the faulty Infineon
library. To optimize speed, the library uses a structure of underlying prime
numbers that makes the keys much more susceptible to a mathematical
process known as factorization.

Identifying affected keys is quick and in expensive and requires only access
to a public key. Attackers can then run all vulnerable public keys through an
attack dubbed Return of the Coppersmith Attack, or ROCA, for the type of
factorization method it uses."
Back to top
View user's profile Send private message Visit poster's website
Ike
Kapetan


Joined: 17 Jun 2006
Posts: 3025
Location: Europe

PostPosted: Fri Nov 27, 2020 5:05 pm    Post subject: Reply with quote

git - Installing OpenSC PKCS#11 Module in Firefox, Step by Step

"This step by step description is can also be found in Mozilla's knowledge base."

see: 10.11.6 broke digital signing in Adobe?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> General Programming All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Delovski.hr
Powered by php-B.B. © 2001, 2005 php-B.B. Group