max length of randomLen for C_GenerateRandom

classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

max length of randomLen for C_GenerateRandom

Florent Deybach
Hello,

I have in mind to use a smartcard or a hardware hsm as a random number generator via the PKCS#11 C_GenerateRandom function.

However I would need a large amount of bits. 
However the available examples on Internet use small values for the randomLen argument (<100 bits) e.g. https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/6n4f2qhq0/index.html

Is there a theoretical maximum value?
Could I ask for 1000000000 bits at one time for example ? Or will I have to call several times the function in a loop with small values?
I assume it would depend on the smartcard model, right?

Thanks for your feedback!

Cheers

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Ludovic Rousseau
2017-04-20 16:42 GMT+02:00 Florent <[hidden email]>:
Hello,

Hello,
 

I have in mind to use a smartcard or a hardware hsm as a random number generator via the PKCS#11 C_GenerateRandom function.

However I would need a large amount of bits. 
However the available examples on Internet use small values for the randomLen argument (<100 bits) e.g. https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/6n4f2qhq0/index.html

Is there a theoretical maximum value?
Could I ask for 1000000000 bits at one time for example ? Or will I have to call several times the function in a loop with small values?
I assume it would depend on the smartcard model, right?

I suggest you to use a hardware dedicated to random number generation.

A smart card may be too slow for you. Also I am not sure that the data returned by C_GenerateRandom() always comes from the smart card. It depends on the PKCS#11 library you use.

Bye

--
 Dr. Ludovic Rousseau

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Florent Deybach
Thanks for your answer Ludovic.
 
I suggest you to use a hardware dedicated to random number generation.

Yes, this is of course the main option I have in mind.
My question remains theoretical in the event we don't trust any of the TRNG vendors (https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators).
I may have more confidence in a certified card, like the JCOP 2.4.1r3 which has been evaluated according to the AIS 31 of the BSI.
 
A smart card may be too slow for you.

Yes, I am aware of that. But certified TRNG are also very slow (75 kbps for the Quantis AIS31 for example).
Let's just say that the time is not a issue for me :)
 
Also I am not sure that the data returned by C_GenerateRandom() always comes from the smart card. It depends on the PKCS#11 library you use.

Yes, you're right. Thanks for the warning. In order to be sure I would need the source code of the PKCS#11 library, right?

So by the content of your answer, I presume this hasn't been tested/considered yet? (assuming the data comes genuinely from the internal generator of the card).

Cheers


_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Ludovic Rousseau
2017-04-20 17:15 GMT+02:00 Florent <[hidden email]>:
Thanks for your answer Ludovic.
 
I suggest you to use a hardware dedicated to random number generation.

Yes, this is of course the main option I have in mind.
My question remains theoretical in the event we don't trust any of the TRNG vendors (https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators).
I may have more confidence in a certified card, like the JCOP 2.4.1r3 which has been evaluated according to the AIS 31 of the BSI.
 
A smart card may be too slow for you.

Yes, I am aware of that. But certified TRNG are also very slow (75 kbps for the Quantis AIS31 for example).
Let's just say that the time is not a issue for me :)
 
Also I am not sure that the data returned by C_GenerateRandom() always comes from the smart card. It depends on the PKCS#11 library you use.

Yes, you're right. Thanks for the warning. In order to be sure I would need the source code of the PKCS#11 library, right?

Yes. Or you have to trust the vendor :-)
 
So by the content of your answer, I presume this hasn't been tested/considered yet? (assuming the data comes genuinely from the internal generator of the card).

I guess that OpenSC is implementing C_GenerateRandom correctly (after a quick review of the code).

Another option is to use the ISO 7816-4 GET CHALLENGE command [1] if your card suport it.

Bye
--
 Dr. Ludovic Rousseau

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Michael StJohns-2
In reply to this post by Florent Deybach
On 4/20/2017 11:15 AM, Florent wrote:
Thanks for your answer Ludovic.
 
I suggest you to use a hardware dedicated to random number generation.

Yes, this is of course the main option I have in mind.
My question remains theoretical in the event we don't trust any of the TRNG vendors (https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators).
I may have more confidence in a certified card, like the JCOP 2.4.1r3 which has been evaluated according to the AIS 31 of the BSI.
 
A smart card may be too slow for you.

Yes, I am aware of that. But certified TRNG are also very slow (75 kbps for the Quantis AIS31 for example).
Let's just say that the time is not a issue for me :)

You want to marry your smart card as a source of entropy to a DBRG and reseed the DBRG from the smart card fairly often.   See NIST SP800-90A for the general form for a DBRG.

Alternately, you can use multiple sources of entropy - a smart card, a TPM, one of the TRNGs from above and use them to seed the DBRG.  That way you're not dependent on any of these being "trusted".  Simplest way to do this is XOR the N streams of TRNG data together to provide the seed and reseed data.  Oh yeah - most modern Intel motherboards and processors support the RDRAND and RDSEED instructions and there is software to expose those for use. (https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide)

As long as your TRNG can keep up with the reseed schedule, you can get a *lot* of bits out of the DRBG.

WRT to the smart card, my guess is there is a TRNG backing a DBRG of some sort.

I wouldn't trust a generic PKCS11 driver to do what you want.

Mike



 
Also I am not sure that the data returned by C_GenerateRandom() always comes from the smart card. It depends on the PKCS#11 library you use.

Yes, you're right. Thanks for the warning. In order to be sure I would need the source code of the PKCS#11 library, right?

So by the content of your answer, I presume this hasn't been tested/considered yet? (assuming the data comes genuinely from the internal generator of the card).

Cheers



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Carsten Blüggel
In reply to this post by Ludovic Rousseau
Hi,

for my private use with Linux, I bought the Moonbase Otago OneRNG
(delivery time ~3 month) and sufficient for me (haven't seen cat
/proc/sys/kernel/random/entropy_avail drop below ~3000).

Also, currently, there is free access to (high amounts of) quantum
random numbers of a quantum random number generator of the Humboldt
University of Berlin (HU Berlin), Faculty of Mathematics and Natural
Sciences I, Department of Physics. Their website:
https://qrng.physik.hu-berlin.de (downloadable as files e.g. 100 MB
random data each or in chunks via online-API library libQRNG; contact me
if You are comfortable with D language and want to use QRNG as an
extension to my sodium D-binding: this is yet unpublished but working
code, switching from sodium's default sysrandom (/dev/urandom) to a
random implementation fed by the QRNG online-service).

Cheers


_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Florent Deybach
Hi
 
for my private use with Linux, I bought the Moonbase Otago OneRNG (delivery time ~3 month) and sufficient for me (haven't seen cat /proc/sys/kernel/random/entropy_avail drop below ~3000).

Interesting product. However the "purchase" link seems broken :(
However I am looking for something more off-the-shelf. As a test/home product it may be useful indeed.
 
Also, currently, there is free access to (high amounts of) quantum random numbers of a quantum random number generator of the Humboldt University of Berlin (HU Berlin), Faculty of Mathematics and Natural Sciences I, Department of Physics. Their website: https://qrng.physik.hu-berlin.de (downloadable as files e.g. 100 MB random data each or in chunks via online-API library libQRNG; contact me if You are comfortable with D language and want to use QRNG as an extension to my sodium D-binding: this is yet unpublished but working code, switching from sodium's default sysrandom (/dev/urandom) to a random implementation fed by the QRNG online-service).

That is more what I am looking for, even if the online-API would be unacceptable for my paranoid company ;)
Their commercial product seems very promising http://www.picoquant.com/images/uploads/downloads/pqrng150.pdf
It is a pity I can't get my hand on their results (Applied Physics Letters, Vol. 098, 171105 (2011))

Thanks again

Cheers


_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Florent Deybach
In reply to this post by Michael StJohns-2
Hi
 
You want to marry your smart card as a source of entropy to a DBRG and reseed the DBRG from the smart card fairly often.   See NIST SP800-90A for the general form for a DBRG.

Since 2007 and 2013, the SP800-90A has been criticized ;)
All the controversy aside, the simultaneous use is a good idea, though.
 
Alternately, you can use multiple sources of entropy - a smart card, a TPM, one of the TRNGs from above and use them to seed the DBRG.  That way you're not dependent on any of these being "trusted".  Simplest way to do this is XOR the N streams of TRNG data together to provide the seed and reseed data.  Oh yeah - most modern Intel motherboards and processors support the RDRAND and RDSEED instructions and there is software to expose those for use. (https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide)

As long as your TRNG can keep up with the reseed schedule, you can get a *lot* of bits out of the DRBG.

I'll dig into that some more
 
WRT to the smart card, my guess is there is a TRNG backing a DBRG of some sort.

Again, this may be checked if I have the source code of the PKCS11 driver, yes? 

I wouldn't trust a generic PKCS11 driver to do what you want.

Do you mean "generic" as in a driver not provided by the vendor itself? (i.e. OpenSC or Charismatics) 

Cheers


_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: max length of randomLen for C_GenerateRandom

Michael StJohns-2
On 4/21/2017 8:41 AM, Florent wrote:
Hi
 
You want to marry your smart card as a source of entropy to a DBRG and reseed the DBRG from the smart card fairly often.   See NIST SP800-90A for the general form for a DBRG.

Since 2007 and 2013, the SP800-90A has been criticized ;)

Actually - its just the Dual EC mode that was criticized.   AFAICT, the remaining modes are as secure as the underlying PRF.


All the controversy aside, the simultaneous use is a good idea, though.
 
Alternately, you can use multiple sources of entropy - a smart card, a TPM, one of the TRNGs from above and use them to seed the DBRG.  That way you're not dependent on any of these being "trusted".  Simplest way to do this is XOR the N streams of TRNG data together to provide the seed and reseed data.  Oh yeah - most modern Intel motherboards and processors support the RDRAND and RDSEED instructions and there is software to expose those for use. (https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide)

As long as your TRNG can keep up with the reseed schedule, you can get a *lot* of bits out of the DRBG.

I'll dig into that some more
 
WRT to the smart card, my guess is there is a TRNG backing a DBRG of some sort.

Again, this may be checked if I have the source code of the PKCS11 driver, yes? 

No - I've got the unredacted data sheets for the smart cards and they don't go any deeper than AIS31 compliant RNG. The PKCS11 driver has nothing to do with this. From conversations I had on the show floor at RSA many years ago, I believe there's some sort of noisy diode or some what as an entropy source, but I wouldn't make a bet on that belief.



I wouldn't trust a generic PKCS11 driver to do what you want.

Do you mean "generic" as in a driver not provided by the vendor itself? (i.e. OpenSC or Charismatics)

Sorry - I actually should have said "random" as in any given PKCS11 driver.  If you've got source you've got a better idea of what's happening, but even then if you don't have the detailed reality of the underlying HSM you may still be guessing wrong.

Mike


Cheers



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Cyberjack e-com on openSuse 42.2 fails

wully
In reply to this post by Ludovic Rousseau
Hi Experts

I am using the Reiner-SCT cyberjack e-com reader since 2008 and it runs nicely on my openSuse13.2 since 2014 without problems.
On the test machine, I have installed *debian jessie and the reader works perfectely*.
On the parallel installed openSuse 42.2, the same reader is not be recognized, as seen in the following output from pcscd.

linux:/etc/udev/rules.d # /usr/sbin/pcscd -d -a -f     
00000000 pcscdaemon.c:345:main() pcscd set to foreground with debug send to stdout
00000368 configfile.l:285:DBGetReaderListDir() Parsing conf directory: /etc/reader.conf.d
00000047 configfile.l:361:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/reader.conf
00000053 configfile.l:322:DBGetReaderListDir() Skipping non regular file: ..
00000008 configfile.l:322:DBGetReaderListDir() Skipping non regular file: .
00000012 pcscdaemon.c:658:main() pcsc-lite 1.8.22 daemon ready.
00002336 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000119 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000120 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x2109, PID: 0x2811, path: /dev/bus/usb/001/002
00000132 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x0557, PID: 0x8021, path: /dev/bus/usb/001/004
00000129 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x046D, PID: 0xC31C, path: /dev/bus/usb/001/005
00000127 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x046D, PID: 0xC31C, path: /dev/bus/usb/001/005
00000126 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x046D, PID: 0xC31C, path: /dev/bus/usb/001/005
00000120 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x0557, PID: 0x8021, path: /dev/bus/usb/001/004
00000113 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x2109, PID: 0x2811, path: /dev/bus/usb/001/002
00000105 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000122 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x0BDA, PID: 0x0129, path: /dev/bus/usb/001/003
00000166 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x1D6B, PID: 0x0003, path: /dev/bus/usb/002/001
31945767 hotplug_libudev.c:651:HPEstablishUSBNotifications() USB Device add
00000365 hotplug_libudev.c:297:get_driver() Looking for a driver for VID: 0x0C4B, PID: 0x0401, path: /dev/bus/usb/001/008
00000025 hotplug_libudev.c:436:HPAddDevice() Adding USB device: REINER SCT cyberJack pp_a2
00000163 readerfactory.c:1074:RFInitializeReader() Attempting startup of REINER SCT cyberJack pp_a2 (3865505373) 00 00 using /usr/lib64/readers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
CYBERJACK: Started
00003931 readerfactory.c:949:RFBindFunctions() Loading IFD Handler 3.0
00017693 readerfactory.c:1105:RFInitializeReader() Open Port 0x200000 Failed (usb:0c4b/0401:libudev:0:/dev/bus/usb/001/008)
00000015 readerfactory.c:376:RFAddReader() REINER SCT cyberJack pp_a2 (3865505373) init failed.
00000015 readerfactory.c:609:RFRemoveReader() UnrefReader() count was: 1
00000009 readerfactory.c:1125:RFUnInitializeReader() Attempting shutdown of REINER SCT cyberJack pp_a2 (3865505373) 00 00.
00000017 readerfactory.c:986:RFUnloadReader() Unloading reader driver.
00000069 hotplug_libudev.c:523:HPAddDevice() Failed adding USB device: REINER SCT cyberJack pp_a2
 


According to other users of 42.2, the newer Cyberjack-Readers work without problems. I have the source package

pcsc-cyberjack_3.99.5final.SP10.tar

from Reiner and I am capable of building this with ./configure and make install. But the result of pcscd is the above.

Can you give me some hints, where I can make provisions in this source to understand why the my old Cyberjack does not work?

Any help is much apreciated

Wully



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

Ludovic Rousseau
2017-07-13 9:25 GMT+02:00 wully <[hidden email]>:
Hi Experts

Hello,
 

I am using the Reiner-SCT cyberjack e-com reader since 2008 and it runs nicely on my openSuse13.2 since 2014 without problems.
On the test machine, I have installed *debian jessie and the reader works perfectely*.
On the parallel installed openSuse 42.2, the same reader is not be recognized, as seen in the following output from pcscd.

Do you use the exact same driver for the working test machine (Debian Jessie)?

Bye

--
 Dr. Ludovic Rousseau

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully
Thank you for your very quick response!

No, I am using just the standard packages, as they come in debian
jessie. Should I make the cyberjack drivers in debian from the same
package as in 42.2?

greetings
wully

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully

Here the installed versions in debian:


On 13.07.2017 09:55, wully wrote:
Thank you for your very quick response!

No, I am using just the standard packages, as they come in debian jessie. Should I make the cyberjack drivers in debian from the same package as in 42.2?

greetings
wully


_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully
In reply to this post by wully
Here the same experiment on debian (the same machine, the same USB-port
etc.):

root@debian67:/# pcscd -d -a -f
00000000 pcscdaemon.c:263:main() pcscd set to foreground with debug send
to stdout
00000084 utils.c:84:GetDaemonPid() Can't open /var/run/pcscd/pcscd.pid:
No such file or directory
00000168 configfile.l:283:DBGetReaderListDir() Parsing conf directory:
/etc/reader.conf.d
00000037 configfile.l:317:DBGetReaderListDir() Skipping non regular file: ..
00000014 configfile.l:355:DBGetReaderList() Parsing conf file:
/etc/reader.conf.d/libccidtwin
00000067 configfile.l:317:DBGetReaderListDir() Skipping non regular file: .
00000021 pcscdaemon.c:569:main() pcsc-lite 1.8.13 daemon ready.
00002296 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000126 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000113 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x2109, PID: 0x2811, path: /dev/bus/usb/001/004
00000112 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x0557, PID: 0x8021, path: /dev/bus/usb/001/006
00000113 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x046D, PID: 0xC31C, path: /dev/bus/usb/001/007
00000108 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x046D, PID: 0xC31C, path: /dev/bus/usb/001/007
00000114 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x046D, PID: 0xC31C, path: /dev/bus/usb/001/007
00000105 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x0557, PID: 0x8021, path: /dev/bus/usb/001/006
00000101 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x2109, PID: 0x2811, path: /dev/bus/usb/001/004
00000096 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
00000119 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x0BDA, PID: 0x0129, path: /dev/bus/usb/001/005
00000134 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x1D6B, PID: 0x0003, path: /dev/bus/usb/002/001
07454515 hotplug_libudev.c:614:HPEstablishUSBNotifications() USB Device add
00000186 hotplug_libudev.c:296:get_driver() Looking for a driver for
VID: 0x0C4B, PID: 0x0401, path: /dev/bus/usb/001/008
00000015 hotplug_libudev.c:435:HPAddDevice() Adding USB device: REINER
SCT cyberJack pp_a2
00000062 readerfactory.c:1012:RFInitializeReader() Attempting startup of
REINER SCT cyberJack pp_a2 (3865505373) 00 00 using
/usr/lib/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
CYBERJACK: Started
00001513 readerfactory.c:897:RFBindFunctions() Loading IFD Handler 3.0
00828093 readerfactory.c:350:RFAddReader() Using the pcscd polling thread
00050552 eventhandler.c:289:EHStatusHandlerThread() powerState:
POWER_STATE_POWERED
00000048 Card ATR: 3B B7 94 00 81 31 FE 65 53 50 4B 32 33 90 00 D1
00404055 eventhandler.c:478:EHStatusHandlerThread() powerState:
POWER_STATE_UNPOWERED



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

Ludovic Rousseau
2017-07-13 10:15 GMT+02:00 wully <[hidden email]>:
Here the same experiment on debian (the same machine, the same USB-port etc.):

Is it also the same driver version? pcsc-cyberjack_3.99.5final.SP10? I guess not.

Maybe Reiner removed the support of older readers in the latest driver. I think I have read something like that somewhere.

Try to build the 3.99.5final.sp09-1.1 driver source code from Debian on your OpenSuse system.

Bye

--
 Dr. Ludovic Rousseau

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully
Thank you very much. I will try and report.

wully

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully

I have downloaded the debian source-package

pcsc-cyberjack_3.99.5final.sp05.orig.tar.gz

Unfortunately, this can not be configured (./configure not found) and so also not make.


I am not proficient enough to cure this problem. So, I can not build this package under suse42.2.


The package


pcsc-cyberjack_3.99.5final.SP10.tar.gz


is much bigger and contains configure and make.


Sorry.


When comparing some of the sources, they look identical (e.g. ./libcyberjack/driver.cpp and ./libcyberjack/driver_pcsc.cpp).


The situation is quite desperate.

Greetings

Wully



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully
 From the modul ifd.cpp, I see, that the cyberjack-e-Com with PID 0x401
is included in the source.
So, I assume, that it is not that. Could one trace what happens when the
openPort is done?

wully

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

Wolfgang Rosenauer-6
In reply to this post by wully
Hi,

openSUSE Leap 42.2.contains originally SP9. Does it work with that one? Where did you get SP10?

Also you can download and install SP8 temporarily:
http://download.opensuse.org/distribution/leap/42.1/repo/oss/suse/x86_64/pcsc-cyberjack-3.99.5final.SP08-1.2.x86_64.rpm

to see if there is any difference.

Wolfgang

On Thu, Jul 13, 2017 at 1:21 PM, wully <[hidden email]> wrote:

I have downloaded the debian source-package

pcsc-cyberjack_3.99.5final.sp05.orig.tar.gz

Unfortunately, this can not be configured (./configure not found) and so also not make.


I am not proficient enough to cure this problem. So, I can not build this package under suse42.2.


The package


pcsc-cyberjack_3.99.5final.SP10.tar.gz


is much bigger and contains configure and make.


Sorry.


When comparing some of the sources, they look identical (e.g. ./libcyberjack/driver.cpp and ./libcyberjack/driver_pcsc.cpp).


The situation is quite desperate.

Greetings

Wully



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle


_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
Reply | Threaded
Open this post in threaded view
|

Re: Cyberjack e-com on openSuse 42.2 fails

wully

Hi Wolfgang

Thank you for your help! Very interesting: with this package, installed with zypper and forcing older version, the reader works!

I was using a fresh installation of 42.2, but the reader did not work.

I had a lengthy discussion on the openSuse-Forum about the reader not working, there were some suggestions about using different packages, so the SP10 came along (among others, I tried all, but none worked!).

So, where can I fiind the soure package, to compare the changes with the source, that I could build an install, but did not work?

For me, it is quite magic, why such a reader is so difficult! In openSuse 13.2, I have worked with this reader (with pkcs#11) since 2014 without any problem (Installed version:

3.99.5final.SP05-4.1.3

). Do you have any clue, where the critical difference lays? This could help for further problems with new openSuse-Versions.

Thank you again for your help!

wully

On 13.07.2017 13:57, Wolfgang Rosenauer wrote:
Hi,

openSUSE Leap 42.2.contains originally SP9. Does it work with that one?
Where did you get SP10?

Also you can download and install SP8 temporarily:
http://download.opensuse.org/distribution/leap/42.1/repo/oss/suse/x86_64/pcsc-cyberjack-3.99.5final.SP08-1.2.x86_64.rpm

to see if there is any difference.

Wolfgang



_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
12