Comments (13)
Currently only one applet at a time can be active. I think this is an OpenSC limitation. To select an active applet, enable/disable the relevant application block in opensc.conf
(either E828BD080F014E585031
or E828BD080F014E585030
)`. However I think the pinless applet should, by default, be disabled, so I am not sure why you are only seeing the pinless applet/slot
from opensc.
I think this is a limitation of OpenSCToken, which expects all keys and certificates to be in the generic card application:
https://github.com/frankmorgner/OpenSCToken/blob/f860cabca2d99bd600eb2affb2a8ef0a2a9b4bc0/OpenSCToken/Token.m#L106-L108
Basically, that needs to be extended to the other applications on the card as well, which is similar to what is done in the PKCS#11 library:
Lines 347 to 361 in c354501
Interestingly, minidriver.c also only binds the generic application. Could you please check if this problem also occurs on Windows using certutil.exe -scinfo
?
from opensc.
Yes, it's the same on Windows. As I've said before, the solution, or rather workaround, (at least on Windows, I have no experience with Macs) is to enable just the applet you need...
from opensc.
I added multi-app support into OpenSCToken. Unfortunately, I can only do some basic tests. Would you mind testing the macOS package from here https://github.com/OpenSC/OpenSC/actions/runs/7653681110 ?
from opensc.
Would someone please test the macOS artifacts linked above? This adds support for all applications on the card, without the need for the mentioned workaround. thank you
from opensc.
Should this work on Linux?
from opensc.
@frankmorgner Sorry for the late reply, I have been hit with life as a truck. I tested this and am having issues with basic OpenSC usage. MacOS doesnt detect any smartcards and pkcs11-tool takes a suspiciously long time to list slots. What kind of logs would be useful to you?
Here is a log of OPENSC_DEBUG=9 pkcs11-tool --list-slots
: https://gist.github.com/craftbyte/02f689b04e8e45bfbb43b72e32c96f1b
from opensc.
Should this work on Linux?
It should... The pinless applet is disabled by default though and when/if enabled it erroneously asks for PIN, although it is not needed. See #2646 (comment)
from opensc.
Thank you @llogar. I was wondering about this modification @frankmorgner linked, because I was following this support and as I can see there are two features missing as "by desing as of now" in openSC:
- PINless is not there but with circumvention
- Support is there for just one app per card and the forementioned fix should add this. So all 3 apps on the card need to be enabled in config. One at a time.
from opensc.
There are only 2 applets of interest (well, the 3rd one is eMRTD applet, but I think it's irrelevant in this context). If both are enabled there are 3 virtual slots (1 slot for pinless applet and 2 slots for the signature applet (1 for NormPIN and 1 for SigPIN). I prefer to have only one applet enabled at a time, as If I remember correctly, firefox (or perhaps thunderbird) kept nagging me for PIN entry for the unneeded one. But ymmv.
from opensc.
I added multi-app support into OpenSCToken. Unfortunately, I can only do some basic tests. Would you mind testing the macOS package from here https://github.com/OpenSC/OpenSC/actions/runs/7653681110 ?
This modification should allow using all certificates from all applets in OpenSCToken at the same time without modifying the active applet in opensc.conf. To test this, download the build artifact (https://github.com/OpenSC/OpenSC/actions/runs/7653681110/artifacts/1194532843), install the dmg. sc_auth identities
should now show all certificates.
from opensc.
Related Issues (20)
- Potential use of an uninitialized pointer "registered_mt" HOT 1
- Prevents gnupg to work with a smartcard/yubikey HOT 14
- OpenSC 0.24.0 PKCS#11 + Firefox + TLS client-side auth via PIV = connection timeout HOT 34
- 0.24.0: is not gcc 14.x ready HOT 1
- opensc.config: defaults are overwriting specific apps' configuration HOT 2
- Incorrect Encoding of EC and EDDSA public keys HOT 2
- Problem while reading out certificate in browser or in SSH clent HOT 21
- reader configuration partially skipped If SCardControl missing HOT 7
- C_Login failed: rv = CKR_USER_PIN_NOT_INITIALIZED (0x102) HOT 1
- Towards new release 0.25.0 HOT 8
- Resetting library state HOT 23
- Possibility of another JPKI ATR HOT 8
- segmentation fault on linux using cherry reader with pinpad HOT 5
- Signing a PDF in Adobe Acrobat on macOS using the brand new driver for D-TRUST 4.1 Std. Card only works once. HOT 10
- Private Key Objects of D-TRUST Card 4.1 Multi ECC 2 are not regcognized HOT 1
- Error: Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation HOT 2
- New epass2003 token fails to initialize with error `Failed to create PKCS #15 meta structure: Card command failed` HOT 23
- Update Links in README.md before making a release HOT 2
- Building eOI (Slovenian eID) on ubuntu 22.04 HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.