Doug Engert comments

Results 472 comments of


                                            Doug Engert

How to avoid smartcard initialization on start?

One more option. rework sc-hsm-tool.c to hand handle multiple command lines, but only calling https://github.com/OpenSC/OpenSC/blob/master/src/tools/sc-hsm-tool.c#L2080-L2103 once. https://github.com/OpenSC/OpenSC/blob/master/src/tools/sc-hsm-tool.c#L2097-L2098 also selects the AID! Rename main() to main_loop() create a new main() the...

Writing privatekey to the pkcs11 capable token problem

The pkcs11-tool is designed to allow easy use of PKCS11 for many operations without having to know much about PKCS11, and is designed to be used with smartcards where the...

sc-hsm-tool unable to unwrap 4096 bit keys in SmartCard-HSM 4K chip card - crashes with "Card command failed"

Note that in `card.c` - `sc_read_binary`, is called by pkcs15 routines. `sc_read_binary` has a loop at https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card.c#L656-L675 to use multiple calls to `card->ops->read_binary` in your case `sc_hsm_read_binary`. But `sc_read_binary` bases...

sc-hsm-tool unable to unwrap 4096 bit keys in SmartCard-HSM 4K chip card - crashes with "Card command failed"

When you do open a new issue, have a look at https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-sc-hsm.c#L1694 Also see https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-sc-hsm.c#L378 This does not look big enough to return a 4096 bit pubkey + exponent in...

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

Are you saying a PIV card or PIV applet is required to verify the EC pubkey used as input to ECDH? I would read "5.6.2.3 Public Key Validation Routines" (see...

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

I modified a pub key note FF FF FF FF: ``` asn1parse -i -in /tmp/derive.3740.other.pubkey.der -inform DER -dump 0:d=0 hl=2 l= 118 cons: SEQUENCE 2:d=1 hl=2 l= 16 cons: SEQUENCE...

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

Here is a script [piv.test.ecdh.pub.valiation.sh.txt](https://github.com/makinako/OpenFIPS201/files/6102566/piv.test.ecdh.pub.valiation.sh.txt) with good and bad 256 and 384 APDUs for PIV. The pubkeys are from NIST demo cards 4 and 5. The bad 256 key has...

Doug Engert

How to avoid smartcard initialization on start?

Writing privatekey to the pkcs11 capable token problem

sc-hsm-tool unable to unwrap 4096 bit keys in SmartCard-HSM 4K chip card - crashes with "Card command failed"

sc-hsm-tool unable to unwrap 4096 bit keys in SmartCard-HSM 4K chip card - crashes with "Card command failed"

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

Card should check the presented public key to ensure that it is on the proper curve prior to ECDH

Keep up with the libressl releases

epass2003 elliptic cryptography support

epass2003 elliptic cryptography support