Add "--reset" parameter with optional argument to opensc-tool which
resets a card in reader. Both cold or warm resets are possible
(cold is default).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
* pkcs11-tool: Add feature to get random data.
Getting random data is an essential part of the PKCS11 API.
This patch provides a new command line parameter to get
random data from the pkcs11-tool.
Tested with a Yubikey (PIV applet) and the following command line:
$ pkcs11-tool --slot=0 --generate-random=128 | hexdump -C
00000000 0c 35 85 2e 85 68 ab ce e8 56 b3 f6 f3 33 e6 37 |.5...h...V...3.7|
00000010 12 10 eb fd 8a 1e 75 b7 3f 4d fa 61 8f ab d8 bf |......u.?M.a....|
00000020 f7 2c 7d ba 07 a5 45 6e a7 85 1c 47 3b 46 01 2c |.,}...En...G;F.,|
00000030 79 18 6e 51 4d c4 ae 20 37 37 1d 7b 7e b0 d5 18 |y.nQM.. 77.{~...|
00000040 ef a4 3c 09 91 68 db dd 2a a8 fc b9 34 06 2a ee |..<..h..*...4.*.|
00000050 5a 86 55 54 11 1f ef 4e 07 73 79 27 0a e4 58 cf |Z.UT...N.sy'..X.|
00000060 f4 bd bc 2f ad 27 b1 a7 a4 fa c7 1a 7b 31 de a3 |.../.'......{1..|
00000070 e8 dc 85 28 18 82 00 45 3c f8 eb 48 a4 20 e4 3b |...(...E<..H. .;|
00000080
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
* pkcs11-tool: Add documenation for --generate-random.
Signed-off-by: Christoph Müllner <christophm30@gmail.com>
* pkcs15-init,pkcs15-tool: reword --no-prompt to --use-pinpad (close#944)
Wording was confusing for a novice user. Old option is mantained as an alias,
but will print to stderr a deprecation warning.
Deprecation related code is all marked with deprecated word to easy future removal.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
* pkcs15-init,pkcs15-tool: document --use-pinpad
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Unnecessarily strict regex was failing for some unknown reason on OS X. Easier to just relax the regex than understand what's wrong (and then relax the regex).
Fixes#782
Add a comment field to the ssh key output if a label is set on the key. Add RFC4716 compliant key output for the new breed of modern (mobile) SSH clients.
VTA: use short form of log call in iso7816
Experienced a problem with dnie-tool where I would receive a warning with the content of /etc/bash_completion.d/dnie-tool.
The cause of the error was a missing case label which in turn was caused by the formatting of the dnie-tool.1.xml.
Options were formatted like <term><option--xarg, -x</option></term> which were not handled by the sed regular expression in the makefiles.
Modified the dnie-tool.1.xml file to be consistent with the other doc files and to generate the dnie-tool file correctly.
This generates the scripts that lets bash do completion per specific tool.
It gets the options from the documentation XML files that are also the
source for the man pages and HTML.
'PACE' is extremely card specific protocol and has not to be ostensibly
present in the common part of OpenSC:
* currently in OpenSC there is no card driver that supports or uses this protocol;
* amazing content of the common 'sc_perform_pace' -- beside the verbose logs
the only substantial action is to call the card/reader specific handler.
According to the current sources and the pull request 83
this 'common' procedure is called by the card driver or
card specific tool/operation.
* currently the 'PACE' can be thouroghly tested only by one person (Frank Morgner),
and only using the OpenSSL patched with the PACE specific patch.
So, at least a dedicated configuration option could be introduced when comiting PACE to the common part.
* common 'sc_perfom_pace' has the same role as the 'initialize-SM' handler of the existing SM framework
and can be implemented as card specific SM, as the others cards do.
This confirmed by Frank Morgner, the author of PACE commits and nPA card driver, himself.
(https://github.com/OpenSC/OpenSC/pull/83)
'Id' option in the pkcs15-init commands to import/generate a new key
is deprecated. Better s to let the MW to derive an identifier from
the key material.
In VERIFY, allow the user to enter the PIN unteractively if it was not given
on the command line, and if the card reader does not support PIN input.
If it was not given on the command line and the card reader supports PIN input,
then the bahaviour is unchanged: enter PIN via card reader.
openpgp-tool: PIN verfication support.
openpgp-tool: Add notification in case of error.
openpgp-tool: Add manual for key generation and PIN verification.