See "PyKCS11 introduction".
Changes:
1.5.1 - March 2018, Ludovic Rousseau- Fix "pip install"
Friday, March 30, 2018
New PyKCS11 1.5.1 available
I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.
See "PyKCS11 introduction".
See "PyKCS11 introduction".
Monday, March 26, 2018
New PyKCS11 1.5.0 available
I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.
See "PyKCS11 introduction".
See "PyKCS11 introduction".
Changes:
1.5.0 - March 2018, Ludovic Rousseau- Python 3: use strings instead of binary buffers for
CK_UTF8CHARPKCS#11 types. The behaviour is now the same as with Python 2 - allow non string PIN values (binary PIN) for login(), initToken(), initPin(), setPin()
- fix support of RSA PKCS PSS mechanism
The mechanism object now uses a parameter "mechanism" instead of hard coding the mechanism value toCKM_RSA_PKCS_PSS. - add support of Python 2.7 on Windows
- add AppVeyor configuration (automatic Windows builds)
ckbytelist: remove possibility to give a initial sizesamples/getinfo : do not list the mechanisms by defaultsamples/events :- do not list the mechanisms by default
- add support of pinpad readers
- some minor improvements
Windows
If you are a Windows user and you want binary packages then please work on the AppVeyor configuration:- Configuration file: appveyor.yml
- Results: PyKCS11
Sunday, March 18, 2018
MUSCLE web sites moved to .apdu.fr
With the decommissioning of alioth.debian.org I had to move the web site to a new place.
Update your bookmarks.
I also upgraded the HTML pages to Boostrap 4.0.
Please report any issue you may find.
- https://pcsclite.alioth.debian.org/ moved to https://muscle.apdu.fr/
- https://pcsclite.alioth.debian.org/pcsclite.html moved to https://pcsclite.apdu.fr/
- https://pcsclite.alioth.debian.org/ccid.html moved to https://ccid.apdu.fr/
Update your bookmarks.
I also upgraded the HTML pages to Boostrap 4.0.
Please report any issue you may find.
Thursday, March 1, 2018
Level 1.5 smart card support on macOS
In a previous article "Level 1 smart card support on Mac OS X" I described some simple commands to check if the smart card stack is working correctly on a macOS system.
By re-reading the presentation "Working with Smart Cards: macOS and Security" by Richard Purves I discovered a new command.
I already knew "
You get a lot of useful information:
What you can see in my example:
In this second example I installed SAC (SafeNet Authentication Client) from Gemalto. You can see some differences:
You know what drivers (for readers and for cards) are installed.
By re-reading the presentation "Working with Smart Cards: macOS and Security" by Richard Purves I discovered a new command.
I already knew "
system_profiler SPUSBDataType" to list the USB devices. I mentioned it in "Level 1 smart card support on Mac OS X" to check the USB reader is seen by the system. But system_profiler provides a better command for smart cards.SPSmartCardsDataType
system_profiler has another very interesting command:system_profiler SPSmartCardsDataTypeClean macOS installation
Example 1:$ system_profiler SPSmartCardsDataType
SmartCards:
Readers:
#01: Cherry KC 1000 SC (ATR:<3b7f9600 00803180 65b08441 3df612ff fe829000>)
Reader Drivers:
#01: org.debian.alioth.pcsclite.smartcardccid:1.4.27 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)
Tokend Drivers:
SmartCard Drivers:
#01: com.apple.CryptoTokenKit.pivtoken:1.0 (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)
Available SmartCards (keychain):
Available SmartCards (token):
You get a lot of useful information:
- list of smart card readers
- list of installed reader drivers
- list of tokend drivers
- list of smart card drivers
- available smart cards (keychain)
- available smart cards (token)
What you can see in my example:
- I use a Cherry KC 1000 SC reader. A card is inserted in the reader and you see the ATR.
- by default Apple provides a CCID driver
- by default Apple provides a PIV CryptoTokenKit token to support Personal Identity Verification cards
Using SafeNet Authentication Client
Example 2:$ system_profiler SPSmartCardsDataType
SmartCards:
Readers:
#01: Gemalto PC Twin Reader (ATR:<3b7f9600 00803180 65b08503 00ef120f fe829000>)
Reader Drivers:
#01: org.debian.alioth.pcsclite.smartcardccid:1.4.27 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)
#02: com.SafeNet.eTokenIfdh:9.0.0.0 (/Library/Frameworks/eToken.framework/Versions/A/aks-ifdh.bundle)
#03: com.gemalto.ifd-bccid:1.0 (/usr/local/libexec/SmartCardServices/drivers/ifd-bccid.bundle)
#04: org.debian.alioth.pcsclite.smartcardccid:1.4.27 (/usr/local/libexec/SmartCardServices/drivers/ifd-ccid-SafeNet-eToken5300.bundle)
#05: (null):(null) (/Library/Frameworks/eToken.framework/Versions/A/ikey-ifdh.bundle)
Tokend Drivers:
#01: com.Safenet.eTokend:9.0 (/Library/Frameworks/eToken.framework/Versions/A/eTokend.tokend)
SmartCard Drivers:
#01: com.apple.CryptoTokenKit.pivtoken:1.0 (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)
#02: com.gemalto.Gemalto-Smart-Card-Token.PKCS11-Token:1.0 (/Library/Frameworks/eToken.framework/Versions/A/SafeNet Authentication Client.app/Contents/PlugIns/PKCS11 Token.appex)
Available SmartCards (keychain):
com.gemalto.Gemalto-Smart-Card-Token.PKCS11-Token:9A522A4489DFA3DE:
#01: Kind: private RSA 2048-bit, Certificate: <1cc4a99c 25e2b4eb 381850d2 e8e7a9a8 8d258b31>, Usage: Sign Decrypt Unwrap
#02: Kind: private RSA 2048-bit, Certificate: <425fa8c1 27ad75a1 aec73183 2b053b41 38befe7f>, Usage: Sign Decrypt Unwrap
#03: Kind: private RSA 4096-bit, Certificate: <16b5321b d4c7f3e0 e68ef3bd d2b03aee b23918d1>, Usage: Sign Decrypt Unwrap
#04: Kind: private RSA 4096-bit, Certificate: <16b5321b d4c7f3e0 e68ef3bd d2b03aee b23918d1>, Usage: Sign Decrypt Unwrap
#05: Kind: private RSA 2048-bit, Certificate: <31fde547 b4ca58d4 7b6231c2 62730efd 8c7538a1>, Usage: Sign Derive Decrypt Unwrap
Available SmartCards (token):
com.gemalto.Gemalto-Smart-Card-Token.PKCS11-Token:9A522A4489DFA3DE:
#01: Kind: private RSA 2048-bit, Certificate: <1cc4a99c 25e2b4eb 381850d2 e8e7a9a8 8d258b31>, Usage: Sign Decrypt Unwrap
#02: Kind: private RSA 2048-bit, Certificate: <425fa8c1 27ad75a1 aec73183 2b053b41 38befe7f>, Usage: Sign Decrypt Unwrap
#03: Kind: private RSA 4096-bit, Certificate: <16b5321b d4c7f3e0 e68ef3bd d2b03aee b23918d1>, Usage: Sign Decrypt Unwrap
#04: Kind: private RSA 2048-bit, Certificate: <31fde547 b4ca58d4 7b6231c2 62730efd 8c7538a1>, Usage: Sign Derive Decrypt Unwrap
#05: Certificate <1a222d8f 7458d082 d413fbdb 40c85f56 f48def63>
In this second example I installed SAC (SafeNet Authentication Client) from Gemalto. You can see some differences:
- more reader drivers are installed
- a tokend driver is installed
- another SmartCard (Crypto Token Kit or CTK) driver is installed
- the card inserted in the reader is available in the keychain
Conclusion
This command provides information of a higher level thatpcsctest.You know what drivers (for readers and for cards) are installed.
Subscribe to:
Posts (Atom)