From 6a62578d23a78f228ddb1320a3875f76bf0c6815ffac9c136d1ae0362c9a1aa9 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 15 Jan 2007 23:28:14 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/opensc?expand=0&rev=1 --- .gitattributes | 23 +++ .gitignore | 1 + init_perso_guide.html | 466 ++++++++++++++++++++++++++++++++++++++++++ opensc-0.11.1.tar.bz2 | 3 + opensc.changes | 156 ++++++++++++++ opensc.spec | 193 +++++++++++++++++ ready | 0 7 files changed, 842 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 init_perso_guide.html create mode 100644 opensc-0.11.1.tar.bz2 create mode 100644 opensc.changes create mode 100644 opensc.spec create mode 100644 ready diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/init_perso_guide.html b/init_perso_guide.html new file mode 100644 index 0000000..59363bb --- /dev/null +++ b/init_perso_guide.html @@ -0,0 +1,466 @@ + + + init_perso_guide + + +

OpenSC card init and perso guide

+

1. Introduction

+
Nothing +is impossible for the man who doesn't
+  +have +to do it himself. -- A.H. Weiler
+
+
+This guide is about initialising and personalising (no distinction +made) cards with the OpenSC library and tools (mostly pkcs15-init).
+
+Some knowlegde about smart cards is assumed. Below is a short overview +of some key words and concepts. For more info, see the opensc.html +manual.
+
+Filesystem - MF - DF - EF - FID
+A smart cards has a non-volatile memory (EEPROM) in which usually +a PC-like file system is implemented. The directories are called +Dedicated Files (DF) and the files are called Elementary Files (EF). +They are +identified by a File ID (FID) on 2 bytes. For example, the root of +the file system +(called Master File or MF) has FID = 3F 00 (hex).
+
+Commands - APDUs
+It is possible to send commands (APDUs) to the card to select, read, +write, create, list, delete, ... EFs and DFs (not all cards allow all +commands).
+
+Access control, PIN, PUK
+The file system usually implements some sort of access control on EFs +and DFs.
+This is usually done by PINs or Keys: you have to provide a PIN or show +knowledge of a key before you can perform some command on some EF/DF. A +PIN is usually accompanied by a PUK (Pin Unblock Key), which can be +used to +reset (or unblock) that PIN.
+
+Cryptographic keys
+On crypto cards, it is also possible to sign, decrypt, key(pair) +generation (what can be done exactly depends on the card). on some +cards, key +and/or PINs are files in the filesystem, on other cards, they don't +exist in the filesystem but are referenced through an ID.
+
+Reader - PC/SC - OpenCT - CT-API
+Smart card readers come with a library that can be used on a PC to send +APDUs to the card. Commonly used APIs for those libraries are PC/SC, +OpenCT +and CT-API.
+
+PKCS15
+There are standards (e.g. ISO7816, parts 4-...) that specify how to +select, read, write, EFs and DFs, and how to sign, decrypt, login, ...
+However, there is also a need to know which files contain what, or +where the keys, PINs, .. can be found.
+For crypto cards, PCKS15 adresses this need by defining some files that +contain info on where to find keys, certificates, PINs, and other data. +For +example, there is a PrKDF (Private Key Directory File) that contains +the EFs or +ID of the private keys, what those keys can be used for, by which PINs +they +are protected, ... So a "PCKS15 card" is nothing but any other card on +which the right set +of files has been added.
+In short: PKCS15 allows you to describe where to find PINS, keys, +certificates and data on a card, plus all the info that is needed to +use them.
+

A little PKCS15 example:

+Here's the textual contents of 3 PKCS15 files: the AODF (Authentication +Object Directory File), PrKDF (Private Key Directory File) and CDF +(Certificate Directory File) that contain info on resp. the PINs, +private keys and certificates. Each of them contains 1 entry.
+
+AODF: +
    Com. Flags  : private, modifiable
    Auth ID     : 01
    Flags       : [0x32], local, initialized, needs-padding
    Length      : min_len:4, max_len:8, stored_len:8
    Pad char    : 0x00
    Reference   : 1
    Encoding    : ASCII-numeric
    Path        : 3F005015
+PrKDF: +
    Com. Flags  : private, modifiable
    Com. Auth ID: 01
    Usage       : [0x32E], decrypt, sign, signRecover, unwrap, derive, nonRep
    Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
    ModLength   : 1024
    Key ref     : 0
    Native      : yes
    Path        : 3F00501530450012
    ID          : 45
+X.509 Certificate [/C=BE/ST=...] +
    Com. Flags  : modifiable
    Authority   : no
    Path        : 3f0050154545
    ID          : 45
+Some things to note:
+ +Use the tests/p15dump tool to +see yourself what pkcs15 data is on your card, or tools/opensc-explorer to browse +through the files.
+
+Have the PKCS15 files a fixed place so everyone can find them? No, +there's only one: the EF(DIR) in the MF and with ID 2F00. That's the +starting +place.
+
+

2. The OpenSC pkcs15-init library and profiles

+Reading and writing files, PIN verification, signing and decryption +happen in much the same way on all cards. Therefore, the "normal life" +commands have been implemented in OpenSC for all supported cards.
+
+However, creating and deleting files, PINs and keys is very card +specific and has not yet been implemented for all cards. +Currently, pkcs15-init is implemented for: Cryptoflex, Cyberflex, +CardOS (etoken), GPK, Miocos, Starcos JCOP and Oberthur. (Check +src/pkcs15-init/pkcs15-*.c for possible updates). Because of this, and +because +pkcs15-init is not necessary for "normal life" operations, it has been +put in a separate library and in a separate directory.
+
+Profile
+Because the initialisation/personalisation is so card-specific, it +would be very hard to make a tool or API that accepts all parameters +for all current and future cards.
+Therefore, a profile file has been made in OpenSC that contains all the +card-specific parameters. This card-specific profile is read by +card-specific code in the pkcs15-init library each time this library is +used on +that card.
+See the *.profile files in src/pkcs15-init/. There is one general file +(pkcs15.profile) and one card-specific profile for each card.
+
+Profile options
+There are currently 3 options you can specify to modify a profile:
+ +

3. pkcs15-init tool

+This is a command-line tool that uses the pkcs15-init library. It +allows you to do all the init/perso things, e.g. add/delete keys, +certificates, PINs and data, generate keys, ... while specifying key +usage, which PIN protects which key, ...
+
+As said before, not all cards are supported in the pkcs15-init library. +In +that case, the pkcs15-init tool won't work (top 5 questions on the +mailing list:-). To find out which card you have, try "opensc-tool -n"
+
+Below is explained how to do the operations that are supported by +pkcs15-tool.
+Not all options are explained (run "pkcs15-tool +-h" to see them) because some are card-specific or obsolete (or +we don't know about them). Feel free to experiment and explain them +here.
+
+So the things in this section are fairly general but not guaranteed to +work for all cards. See also the section on "card-specific issues".
+
+The --reader or -r can be given with any command. By default the first +reader is used. Do "opensc-tool -l" +to see the list of available readers.
+
+To see the results of what you did, you can do one of the following:
+   pkcs15-tool --list-pins +--list-public-keys -k -c -C
+   p15dump (in the +src/tests directory)
+To see/dump the content of any file, use the opensc-explorer tool.
+

* Create the PKCS15 files

+      pkcs15-init +-C {-T} {-p <profile>} --so-pin +<PIN> --so-puk <PUK> | --no-so-pin | --pin <PIN> +--puk <PUK>
+
+This will create the PKCS15 DF (5015) and all the PKCS15 files +(some of which will be empty until a key, PIN, ... will be added). It +must be done before you can do any of the operations below.
+ +

* Erase the card's content

+      pkcs15-init +-E {-T}
+
+This will delete all keys, PINS, certificates, data that were listed in +PKCS15 +files, along with the PKCS15 files themselves.
+ +Note: you can combine erase/create (-E -C or -EC) to erase and then +create
+the card's contents, except when you change the profile option.
+

* Add a PIN (not possible with the onepin profile option)

+      pkcs15-init +-P {-a <AuthID>} {--pin <PIN>} {--puk <PUK>} {-l +<label>}
+ +

* Generate a key pair (on card or in software on the PC)

+      pkcs15-init +-G <keyspec> -a <AuthID> --insecure {-i <ID>} +{--soft}{-u <keyusage>}{-l <privkeylabel>} +{--public-key-label <pubkeylabel>}
+
+This will generate a public and private key pair.
+ +NOTE: see the SSL engines (below) on how to make a certificate request +with the key you generated.
+

* Add a private key

+      pkcs15-init +-S <keyfile> {-f <keyformat>} -a <AuthID> --insecure +{-i <ID>} {-u <keyusage>} {--passphrase <password>} +{-l <label>}
+ +

* Add a private key + certificate(s) (in a pkcs12 file)

+      pkcs15-init +-S <pkcs12file> -f PKCS12 -a <AuthID> {--insecure} {-i +<ID>} {-u <keyusage>} {--passphrase <password>} {-l +<privkeylabel>} {--cert-label <usercertlabel>}
+
+This adds the private key and certificate chain to the card. If a +certificate already exists on the card, it won't be added again.
+ +

* Add a certificate

+      +pkcs15-init -W <certfile> {-f <certformat>} {-i <ID>} +{--authority}
+ +

* Add a public key

+      pkcs15-init +--store-public-key <keyfile> {-f <keyformat>} {-i +<ID>} {-l <label>}
+ +

* Add data

+      pkcs15-init +-W <datafile> {-i <ID>} {-l <label>}
+ +

4. Other tools

+

* SSL-engines

+These libraries can be loaded in OpenSSL so you can do a certificate +request with the openssl tool; the signature on the certificate request +will +then be made with the smart card. The result can then be sent to a CA +for certification, the resulting certificate can be put on the card +with +pkcs15-init or pkcs11-tool.
+ + +

* pkcs11-tool and Mozilla/Netscape

+You can use the OpenSC pkcs11 library to generate a keypair in Mozilla +or Netscape, and let the browser generate a certificate request that +is sent to an on-line CA to issue and send you a certificate that is +then added to the card.
+
+Just go to an online CA (Globalsign, Thawte, ...) and follow their +guidelines. Because such a request either costs you or at least +requires you to provide a valid mail address, it is advisable to first +try you card with "pkcs11-tool +--moz-cert +<cert_file_in_der_format> --login".
+
+NOTE: This can only be done with the onepin profile option (because the +browser won't ask for an SO PIN, only for the user PIN).
+
+

5. Card-specific issues

+
Experience +is that marvelous thing that enables you to recognize
+a mistake when you make it again. -- +Franklin P. Jones
+
+
+Cryptoflex:
+ +Starcos SPK 2.3:
+ +
+ diff --git a/opensc-0.11.1.tar.bz2 b/opensc-0.11.1.tar.bz2 new file mode 100644 index 0000000..3d35e70 --- /dev/null +++ b/opensc-0.11.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07ba76a02c5e470d41bb062255e9f3ac32d0ad6a571ccdacaa4d0161efe07adf +size 951680 diff --git a/opensc.changes b/opensc.changes new file mode 100644 index 0000000..6df222f --- /dev/null +++ b/opensc.changes @@ -0,0 +1,156 @@ +------------------------------------------------------------------- +Mon Oct 2 18:49:35 CEST 2006 - sbrabec@suse.cz + +- Updated to version 0.11.1: + * Update for piv pkcs#15 emulation + * Improved TCOS driver for Uni Giesen Card + * Handle size_t printf with "%lu" and (unsigned long) cast + * Add support for d-trust cards / improve micardo 2.1 driver + +------------------------------------------------------------------- +Thu May 25 16:13:02 CEST 2006 - sbrabec@suse.cz + +- Fixed build for old SuSE Linux versions. + +------------------------------------------------------------------- +Thu May 11 13:00:00 CEST 2006 - sbrabec@suse.cz + +- Fixed devel dependencies. + +------------------------------------------------------------------- +Wed May 10 16:58:12 CEST 2006 - sbrabec@suse.cz + +- Updated to version 0.11.0. + +------------------------------------------------------------------- +Wed Jan 25 21:39:06 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 5 02:05:11 CET 2006 - ro@suse.de + +- added unpackaged so-links to devel filelist + +------------------------------------------------------------------- +Tue Oct 25 15:30:04 CEST 2005 - rhafer@suse.de + +- added LDAP_DEPRECATED to CFLAGS to build correctly with· + OpenLDAP 2.3 + +------------------------------------------------------------------- +Fri Sep 2 12:56:14 CEST 2005 - okir@suse.de + +- Removed +x permissions on opensc.conf (#114849) + +------------------------------------------------------------------- +Thu Jul 14 16:11:56 CEST 2005 - okir@suse.de + +- Updated to latest upstream version +- Added missing documentation files (#75425) + +------------------------------------------------------------------- +Fri Mar 4 11:06:48 CET 2005 - meissner@suse.de + +- fixed gcc4 compilation. + +------------------------------------------------------------------- +Fri Jan 21 14:43:23 CET 2005 - okir@suse.de + +- Updated to latest upstream version (0.9.4) + +------------------------------------------------------------------- +Thu Nov 18 15:49:34 CET 2004 - ro@suse.de + +- use kerberos-devel-packages + +------------------------------------------------------------------- +Mon Jul 19 14:06:10 CEST 2004 - adrian@suse.de + +- fix file list + +------------------------------------------------------------------- +Mon Jul 12 17:26:31 CEST 2004 - adrian@suse.de + +- update to version 0.8.1 + +------------------------------------------------------------------- +Fri Mar 19 11:10:13 CET 2004 - okir@suse.de + +- Fixed permissions and path names of some include files (#36432) + +------------------------------------------------------------------- +Fri Jan 16 13:19:16 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Sat Jan 10 15:47:57 CET 2004 - adrian@suse.de + +- add %run_ldconfig and %defattr + +------------------------------------------------------------------- +Mon Aug 4 11:00:27 CEST 2003 - okir@suse.de + +- Build fixes for x86_64/ppc64 +- use a version string other than "CVS" (#28423) + +------------------------------------------------------------------- +Fri Aug 1 12:04:29 CEST 2003 - okir@suse.de + +- Updated to most recent upstream snapshot + +------------------------------------------------------------------- +Thu Jun 12 13:28:31 CEST 2003 - kukuk@suse.de + +- Fix filelist and permissions + +------------------------------------------------------------------- +Wed Jun 4 00:39:12 CEST 2003 - ro@suse.de + +- added rest of static libs to devel filelist +- remove unpackaged files from buildroot + +------------------------------------------------------------------- +Wed Jan 15 17:34:58 CET 2003 - ro@suse.de + +- use sasl2 + +------------------------------------------------------------------- +Thu Dec 5 11:22:44 CET 2002 - okir@suse.de + +- fixed x86_64 build problem +- updated to latest upstream + +------------------------------------------------------------------- +Fri Nov 29 10:01:14 CET 2002 - okir@suse.de + +- updated to current CVS snapshot + +------------------------------------------------------------------- +Fri Aug 9 21:35:43 CEST 2002 - okir@suse.de + +- added missing libs to files list + +------------------------------------------------------------------- +Thu Jul 4 17:48:11 CEST 2002 - ro@suse.de + +- added heimdal-devel to neededforbuild to make libtool happy + +------------------------------------------------------------------- +Fri Jun 28 17:34:49 CEST 2002 - schwab@suse.de + +- Fix bootstrap script. +- Use correct libtool macros. + +------------------------------------------------------------------- +Mon May 27 19:10:07 CEST 2002 - sf@suse.de + +- @libdir@ added to Makefile.am to use correct dirs for + */lib */lib64 + +------------------------------------------------------------------- +Tue Apr 30 16:05:12 CEST 2002 - okir@suse.de + +- Initial check-in + diff --git a/opensc.spec b/opensc.spec new file mode 100644 index 0000000..a50ed0f --- /dev/null +++ b/opensc.spec @@ -0,0 +1,193 @@ +# +# spec file for package opensc (Version 0.11.1) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: opensc +BuildRequires: openssl-devel pkgconfig readline-devel xorg-x11-devel +%if %suse_version > 1000 +BuildRequires: libassuan pcsc-lite-devel +%endif +%if %suse_version > 1010 +BuildRequires: openct-devel +%endif +URL: http://www.opensc-project.org/opensc/ +Version: 0.11.1 +Release: 1 +Group: Hardware/Other +Summary: OpenSC Smart Card Library +License: LGPL +Requires: pcsc-lite +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Source: opensc-%{version}.tar.bz2 +Source1: http://www.opensc.org/files/doc/init_perso_guide.html +AutoReqProv: on + +%description +OpenSC provides a set of libraries and utilities to access smart cards. +Its main focus is on cards that support cryptographic operations. It +facilitates their use in security applications such as mail encryption, +authentication, and digital signature. OpenSC implements the PKCS#11 +API so applications supporting this API, such as Mozilla Firefox and +Thunderbird, can use it. OpenSC implements the PKCS#15 standard and +aims to be compatible with every software that does so, too. + + + +Authors: +-------- + Juha Yrjölä + Antti Tapaninen + Timo Teräs + Olaf Kirch + +%package devel +Group: Development/Libraries/Other +Summary: Additional files needed for OpenSC development +Requires: %{name} = %{version} glibc-devel openct-devel openssl-devel pcsc-lite-devel + +%description devel +This package contains files required to develop applications using the +OpenSC framework. + + + +Authors: +-------- + Juha Yrjölä + Antti Tapaninen + Timo Teräs + Olaf Kirch + +%prep +%setup -q + +%build +rm -f aclocal/libtool.m4 +libtoolize --force +#./bootstrap +CFLAGS="$RPM_OPT_FLAGS" \ +./configure --prefix=/usr \ + --sysconfdir=%{_sysconfdir} \ + --mandir=%{_mandir} \ + --libdir=%{_libdir} +make %{?jobs:-j %jobs} + +%install +make install DESTDIR=$RPM_BUILD_ROOT +# Install opensc.conf +mkdir -p $RPM_BUILD_ROOT/etc +install -m 644 etc/opensc.conf $RPM_BUILD_ROOT/etc +# Copy init_perso.html to docs so it's installed +cp %{SOURCE1} . + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +%run_ldconfig + +%postun +%run_ldconfig + +%files +%defattr(-,root,root) +%doc COPYING NEWS README doc init_perso_guide.html +%config /etc/opensc.conf +/usr/bin/*-crypt +/usr/bin/*-explorer +/usr/bin/*-info +/usr/bin/*-init +/usr/bin/*-tool +/usr/bin/eidenv +%_libdir/*.so.* +# Note: Required by ltdl: +%_libdir/*.la +%_libdir/*.so +/usr/share/opensc +%_mandir/man?/* + +%files devel +%defattr(-,root,root) +/usr/bin/*-config +/usr/include/opensc +%_libdir/*.a +%_libdir/pkgconfig/*.pc + +%changelog -n opensc +* Mon Oct 02 2006 - sbrabec@suse.cz +- Updated to version 0.11.1: + * Update for piv pkcs#15 emulation + * Improved TCOS driver for Uni Giesen Card + * Handle size_t printf with "%%lu" and (unsigned long) cast + * Add support for d-trust cards / improve micardo 2.1 driver +* Thu May 25 2006 - sbrabec@suse.cz +- Fixed build for old SuSE Linux versions. +* Thu May 11 2006 - sbrabec@suse.cz +- Fixed devel dependencies. +* Wed May 10 2006 - sbrabec@suse.cz +- Updated to version 0.11.0. +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Thu Jan 05 2006 - ro@suse.de +- added unpackaged so-links to devel filelist +* Tue Oct 25 2005 - rhafer@suse.de +- added LDAP_DEPRECATED to CFLAGS to build correctly with· + OpenLDAP 2.3 +* Fri Sep 02 2005 - okir@suse.de +- Removed +x permissions on opensc.conf (#114849) +* Thu Jul 14 2005 - okir@suse.de +- Updated to latest upstream version +- Added missing documentation files (#75425) +* Fri Mar 04 2005 - meissner@suse.de +- fixed gcc4 compilation. +* Fri Jan 21 2005 - okir@suse.de +- Updated to latest upstream version (0.9.4) +* Thu Nov 18 2004 - ro@suse.de +- use kerberos-devel-packages +* Mon Jul 19 2004 - adrian@suse.de +- fix file list +* Mon Jul 12 2004 - adrian@suse.de +- update to version 0.8.1 +* Fri Mar 19 2004 - okir@suse.de +- Fixed permissions and path names of some include files (#36432) +* Fri Jan 16 2004 - kukuk@suse.de +- Add pam-devel to neededforbuild +* Sat Jan 10 2004 - adrian@suse.de +- add %%run_ldconfig and %%defattr +* Mon Aug 04 2003 - okir@suse.de +- Build fixes for x86_64/ppc64 +- use a version string other than "CVS" (#28423) +* Fri Aug 01 2003 - okir@suse.de +- Updated to most recent upstream snapshot +* Thu Jun 12 2003 - kukuk@suse.de +- Fix filelist and permissions +* Wed Jun 04 2003 - ro@suse.de +- added rest of static libs to devel filelist +- remove unpackaged files from buildroot +* Wed Jan 15 2003 - ro@suse.de +- use sasl2 +* Thu Dec 05 2002 - okir@suse.de +- fixed x86_64 build problem +- updated to latest upstream +* Fri Nov 29 2002 - okir@suse.de +- updated to current CVS snapshot +* Fri Aug 09 2002 - okir@suse.de +- added missing libs to files list +* Thu Jul 04 2002 - ro@suse.de +- added heimdal-devel to neededforbuild to make libtool happy +* Fri Jun 28 2002 - schwab@suse.de +- Fix bootstrap script. +- Use correct libtool macros. +* Mon May 27 2002 - sf@suse.de +- @libdir@ added to Makefile.am to use correct dirs for + */lib */lib64 +* Tue Apr 30 2002 - okir@suse.de +- Initial check-in diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4