Starting on the proper place?
Hello and thanks in advance. Sorry if posted on the wrong place. Apart from that, i apologize if theres any typo or misunderstanding, my english is as best as i can. Check the conversation (1 message) that lead me here: http://www.opensc-project.org/pipermail/opensc-devel/2011-May/016640.html What ludovic sent to me, is a kind of bridge (That is expected to be included on OSX 10.7) from KeyChain/Tokend to PKCS11, which try to use all the pkcs11 libraries/files present on /usr/lib/pkcs11, to let Safari/Mail/etc. use my pkcs11 dylib to attack the smartcard. Im right? Im am absolutely wrong? I followed the instructions ludovic provide on his blog. i see theres a gemalto compiled version, but first i try to compile myself following http://smartcardservices.macosforge.org/trac/wiki/documentation/building I suppose, after compiling, it will generate a dylib or something that i can install/register on the system. So, hands on subject. "For example 10A432 is for Snow Leopard 10.6.0. 10C540 is for 10.6.2." Apart from that non-human notation, will a version compiled for 10.6 work on 10.6.2? Actually im on a 10.6.7, so maybe all the following errors are due to this. "#darwinbuild..." No one said what was this, but i installed macports and do "sudo port install darwinbuild +universal". Im use to "make" That was going so well, until i get "ERROR: project not found: SmartcardCCID" when executing "sudo darwinbuild SmartcardCCID" Any idea? Then i read: $ cd /Volumes/BuildRoot_*/SourceCache/SmartCardServices/SmartCardServices-36160 # darwinbuild -nosource SmartCardServices Are we compiling the sources for this computer, and replacing current smartcard service? wasnt tokend a proxy library? Anyway...i take the risk and invoke cd... and the darwinbuild lines: ERROR: please change your working directory to one initialized by: darwinbuild -init <build> Alternatively, you may set the DARWIN_BUILDROOT environment variable to the absolute path of that directory. Ok, it failed but im going to test if i got the packager tool sudo /usr/local/share/darwinbuild/packageRoots sudo: /usr/local/share/darwinbuild/packageRoots: command not found Now, i realize, that the manual/guide could be quite outdated. So, could you confirm this is a bridge, and if its, help me getting this work?
[1] http://ludovicrousseau.blogspot.com/2010/04/free-software-tokend-above-pkcs1...
2011/5/16 helpcrypto helpcrypto <helpcrypto@gmail.com>:
Hello and thanks in advance. Sorry if posted on the wrong place.
Apart from that, i apologize if theres any typo or misunderstanding, my english is as best as i can.
Check the conversation (1 message) that lead me here: http://www.opensc-project.org/pipermail/opensc-devel/2011-May/016640.html
What ludovic sent to me, is a kind of bridge (That is expected to be included on OSX 10.7) from KeyChain/Tokend to PKCS11, which try to use all the pkcs11 libraries/files present on /usr/lib/pkcs11, to let Safari/Mail/etc. use my pkcs11 dylib to attack the smartcard. Im right? Im am absolutely wrong?
I followed the instructions ludovic provide on his blog. i see theres a gemalto compiled version, but first i try to compile myself following http://smartcardservices.macosforge.org/trac/wiki/documentation/building
I suppose, after compiling, it will generate a dylib or something that i can install/register on the system.
So, hands on subject.
"For example 10A432 is for Snow Leopard 10.6.0. 10C540 is for 10.6.2." Apart from that non-human notation, will a version compiled for 10.6 work on 10.6.2? Actually im on a 10.6.7, so maybe all the following errors are due to this.
A build for 10.6 should work on any 10.6.x system.
"#darwinbuild..." No one said what was this, but i installed macports and do "sudo port install darwinbuild +universal". Im use to "make"
darwinbuild is at http://darwinbuild.macosforge.org/
That was going so well, until i get "ERROR: project not found: SmartcardCCID" when executing "sudo darwinbuild SmartcardCCID" Any idea?
Then i read: $ cd /Volumes/BuildRoot_*/SourceCache/SmartCardServices/SmartCardServices-36160 # darwinbuild -nosource SmartCardServices
Are we compiling the sources for this computer, and replacing current smartcard service? wasnt tokend a proxy library? Anyway...i take the risk and invoke cd... and the darwinbuild lines:
ERROR: please change your working directory to one initialized by: darwinbuild -init <build> Alternatively, you may set the DARWIN_BUILDROOT environment variable to the absolute path of that directory.
Ok, it failed but im going to test if i got the packager tool sudo /usr/local/share/darwinbuild/packageRoots sudo: /usr/local/share/darwinbuild/packageRoots: command not found
Now, i realize, that the manual/guide could be quite outdated.
So, could you confirm this is a bridge, and if its, help me getting this work?
Yes, it is a bridge.
[1] http://ludovicrousseau.blogspot.com/2010/04/free-software-tokend-above-pkcs1...
-- Dr. Ludovic Rousseau
Wow...that was a fast-reply.
A build for 10.6 should work on any 10.6.x system. OK.
darwinbuild is at http://darwinbuild.macosforge.org/ Already installed using port, and worked for # darwinbuild SmartCardServices # darwinbuild Tokend but not for SmartcardCCID.
"ERROR: project not found: SmartcardCCID" when executing "sudo darwinbuild SmartcardCCID" I dont know if i can continue safely beyond this point, but all i get are errors.
And also, if it were compiling ok, wiki says: "Edit source code & rebuild". Cant i just build the bridge and place pkcs#11 lib on /usr/lib/pkcs11? do i need to code?
Yes, it is a bridge. Happy to hear that.
By the way, do you know https://github.com/slushpupie/KeychainToken?
No one has said nothing about wrong list, so ill continue here. As wiki step-by-step failed, i tried another way. I did the svn checkout, get the code and opened the xcode project (altough i dont know xcode, cause all i do is plaintext+makefiles) Trying to compile the tokendpkcs11 failed due to headers/link errors. Apparently, the project is linking against security_utilities.framework, which i cant find on my computer. I look for it using Add->Framework, but couldnt find it either. It is optional? It is not present on 10.6.7? Any ideas to help me building this tokendPKCS11 which look on all libraries on /usr/lib/pkcs11 to succeed using our smartcard?
If i invoke these commands: mkdir src cd src sudo darwinbuild -init 10A432 sudo darwinbuild Tokend i get a EXIT STATUS: 139. I suppose this means an error, am i correct? Can u help me find out whats happening, looking on the attached log?
participants (2)
-
helpcrypto helpcrypto
-
Ludovic Rousseau