giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* Update opensc-tool and opensc-explorer man pages 

* Remove not implemented pksign/pkdecrypt commands from opensc-explorer. Use pkcs15-crypt instead.


git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3843 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
martin 2009-11-13 14:51:32 +00:00
parent 0eac0fb14c
commit 533a33521f
3 changed files with 17 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/tools/opensc-explorer.xml
View File

@ -58,6 +58,10 @@
auto-detected.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--wait, -w</option></term>
<listitem><para>Wait for a card to be inserted</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--verbose, -v</option></term>
<listitem><para>
@ -152,18 +156,6 @@
and <varname>size</varname> is the size of the new file.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>pksign</option></term>
<listitem><para>create a public key signature. NOTE: This command is currently not implemented.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>pkdecrypt</option></term>
<listitem><para>perform a public key decryption. NOTE: This command is currently not implemented.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>erase</option></term>
<listitem><para>erase the card, if the card supports it.</para></listitem>

13
doc/tools/opensc-tool.xml
View File

@ -31,11 +31,20 @@
<title>Options</title>
<para>
<variablelist>
<varlistentry>
<term><option>--info, -i</option></term>
<listitem><para>Print information about OpenSC, such as version and enabled components</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--atr, -a</option></term>
<listitem><para>Print the Answer To Reset (ATR) of the card,
output is in hex byte format</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--name, -n</option></term>
<listitem><para>Print the name of the inserted card (driver)</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--serial</option></term>
<listitem><para>Print the card serial number (normally the ICCSN), output is in hex byte
@ -70,6 +79,10 @@ in the system.</para></listitem>
<term><option>--card-driver</option> driver, <option>-c</option> driver</term>
<listitem><para>Use the given card driver. The default is auto-detected.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--wait, -w</option></term>
<listitem><para>Wait for a card to be inserted</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--verbose, -v</option></term>
<listitem><para>Causes <command>opensc-tool</command> to be more verbose. Specify this flag several times

172
src/tools/opensc-explorer.c
View File

@ -60,19 +60,6 @@ static const char *option_help[] = {
"Verbose operation. Use several times to enable debug output.",
};
#if 0 /* fixme: uncomment for use with pksign */
static u8 oid_md5[18] = /* MD5 OID is 1.2.840.113549.2.5 */
{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
static u8 oid_sha1[15] = /* SHA-1 OID 1.3.14.3.2.26 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
static u8 oid_rmd160[15] = /* RIPE MD-160 OID is 1.3.36.3.2.1 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
#endif
static size_t hex2binary(u8 *out, size_t outlen, const char *in);
struct command {
@ -1176,163 +1163,6 @@ static int do_debug(int argc, char **argv)
}
static int do_pksign(int argc, char **argv)
{
puts ("Not yet supported");
return -1;
#if 0
int i, ref, r;
u8 indata[128];
size_t indatalen = sizeof indata;
u8 outdata[128];
size_t outdatalen = sizeof outdata;
sc_security_env_t senv;
const u8 *oid;
int oidlen;
const char *s;
if (argc < 2 || argc > 3)
goto usage;
if (sscanf (argv[0], "%d", &ref) != 1 || ref < 0 || ref > 255) {
printf("Invalid key reference.\n");
goto usage;
}
if (argv[1][0] == '"') {
for (s = argv[1]+1, i = 0;
i < sizeof indata && *s && *s != '"'; i++)
indata[i] = *s++;
indatalen = i;
} else if (sc_hex_to_bin(argv[1], indata, &indatalen)) {
printf("Invalid data value.\n");
goto usage;
}
if (argc == 3) {
if (!strcasecmp(argv[2], "SHA1")) {
oid = oid_sha1; oidlen = sizeof oid_sha1;
}
else if (!strcasecmp (argv[2], "MD5")) {
oid = oid_md5; oidlen = sizeof oid_md5;
}
else if (!strcasecmp (argv[2], "RMD160")) {
oid = oid_rmd160; oidlen = sizeof oid_rmd160;
}
else {
goto usage;
}
}
else {
oid = ""; oidlen = 0;
}
if (indatalen + oidlen > sizeof indata) {
printf("Data value to long.\n");
goto usage;
}
memmove(indata + oidlen, indata, indatalen);
memcpy(indata, oid, oidlen);
indatalen += oidlen;
/* setup the security environment */
/* FIXME The values won't work for other cards. They do work
for TCOS because there is no need for a security
environment there */
memset(&senv, 0, sizeof senv);
senv.operation = SC_SEC_OPERATION_SIGN;
senv.algorithm = SC_ALGORITHM_RSA;
senv.key_ref_len = 1;
senv.key_ref[0] = ref;
senv.flags = (SC_SEC_ENV_KEY_REF_PRESENT | SC_SEC_ENV_ALG_PRESENT);
r = sc_set_security_env(card, &senv, 0);
if (r) {
printf("Failed to set the security environment: %s\n",
sc_strerror (r));
return -1;
}
/* Perform the actual sign. */
r = sc_compute_signature(card, indata, indatalen,
outdata, outdatalen);
if (r<0) {
printf("Signing failed: %s\n", sc_strerror (r));
return -1;
}
util_hex_dump_asc(stdout, outdata, r, -1);
printf ("Done.\n");
return 0;
usage:
printf ("Usage: pksign <key ref> <data> [MD5|SHA1|RMD160]\n");
return -1;
#endif
}
static int do_pkdecrypt(int argc, char **argv)
{
puts ("Not yet supported");
return -1;
#if 0
int i, ref, r;
u8 indata[128];
size_t indatalen = sizeof indata;
u8 outdata[128];
size_t outdatalen = sizeof outdata;
sc_security_env_t senv;
const char *s;
if (argc != 2)
goto usage;
if (sscanf(argv[0], "%d", &ref) != 1 || ref < 0 || ref > 255) {
printf("Invalid key reference.\n");
goto usage;
}
if (argv[1][0] == '"') {
for (s=argv[1]+1, i = 0;
i < sizeof indata && *s && *s != '"'; i++)
indata[i] = *s++;
indatalen = i;
} else if (sc_hex_to_bin (argv[1], indata, &indatalen)) {
printf("Invalid data value.\n");
goto usage;
}
/* setup the security environment */
memset (&senv, 0, sizeof senv);
senv.operation = SC_SEC_OPERATION_DECIPHER;
senv.algorithm = SC_ALGORITHM_RSA;
senv.key_ref_len = 1;
senv.key_ref[0] = ref;
senv.flags = (SC_SEC_ENV_KEY_REF_PRESENT | SC_SEC_ENV_ALG_PRESENT);
r = sc_set_security_env(card, &senv, 0);
if (r) {
printf("Failed to set the security environment: %s\n",
sc_strerror (r));
return -1;
}
/* perform the actual decryption */
/* FIXME: It is pretty useless to to this test padding :-; */
memmove(indata+(sizeof indata - indatalen), indata, indatalen);
memset(indata, 0, (sizeof indata - indatalen));
indatalen = sizeof indata;
r = sc_decipher(card, indata, indatalen, outdata, outdatalen);
if (r<0) {
printf("Decryption failed: %s\n", sc_strerror (r));
return -1;
}
util_hex_dump_asc (stdout, outdata, r, -1);
printf("Done.\n");
return 0;
usage:
printf("Usage: pkdecrypt <key ref> <data>\n");
return -1;
#endif
}
static int
do_erase(int argc, char **argv)
{
@ -1608,8 +1438,6 @@ static struct command cmds[] = {
{ "do_get", do_get_data, "get a data object" },
{ "do_put", do_put_data, "put a data object" },
{ "mkdir", do_mkdir, "create a DF" },
{ "pksign", do_pksign, "create a public key signature" },
{ "pkdecrypt", do_pkdecrypt, "perform a public key decryption" },
{ "erase", do_erase, "erase card" },
{ "random", do_random, "obtain N random bytes from card" },
{ "quit", do_quit, "quit this program" },