-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathREADME
244 lines (184 loc) · 9.51 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
-*- indented-text -*-
GPKCS11
What: pure software implementation of the PKCS11 API as
specified by the document of the same name issued by RSA
Security Laboritories. A HTMLified
copy of version 2.01 is in the docs directory, since
there are free software tools in existence to view HTML,
but not Microsoft Word dokuments
Version: 2.11 Cryptoki Standard
0.8.0 Library
0.2.0 Ceay token
Status: beta. A core of the functions have been
implemented, but still need a lot of testing. The
following features are lacking at this time (03/01), but
will be implemented ASAP:
- propper SO/token reset support
- thread save
- multi session/multi app support
If you have need for another feature not yet
implemented, give me a holler. Even though I will
probably ask for your cooperation, I might bump it up on
my feature list. But I consider this library only of use
to the hardened crypto developer, therefore will assume
that you are able to help further the development.
This code is now usable with the Netscape Communicator!
I found out that it is due to a collision between symbols
in the libcrypto and symbols within the Communicator.
Therefore this release now does some magic to the OpenSSL
code before compiling and linking it to the ceay token.
Runs on: Solaris 2.5.x (tested on SPARC)
Linux 2.x.y, glibc2
It compiles on my Windows system, but there has happened
virtually no testing by me of the actual token (I do use
libgpkcs11 a lot). But others have reported regular use
of the library under Windows NT
Requirements: At this time you will need OpenSSL (the crypto
library therein) as the crypto backend. It is availiable
from every good ftp archive or
http://www.openssl.org/source/openssl-0.9.x.tar.gz
(current version at the time of writing is 0.9.6)
I will probably never distribute the crypto back-end
with the library as this frees me of all the legalities
that we have come to love in this little corner of the
IT community.
In order to compile the Java code in the package you
also need a java compiler installed. Setting up the
proper path has to be done by hand at this time.
For completely installing the stuff with the Netscape
Communicator you need the NS object signing package.
Docs: There is virtually none. Use the source Luke. B-) If you
are writing code for a new token the function
definitions in 'internal.h' might give you some
insight. The texinfo documentation is that is in the
docs directory is a skeleton for docs to come.
I have cobbled together some information on the internal
interface in the texinfo documentation that you will
find in the doc subdirectory.
Licence: (c) 1999,2000,2001 TC TrustCenter GmbH. The code to
libgpkcs11 and the ceay-token are released under the
Lesser GNU Public License (LGPL) (this is all code in
the ligpkcs11 and ceay_token subdiretories), the terms
of which are detailed in the file COPYING.LIB, that must
accompany this document. All other code in this package
is released under the GNU Public License (GPL), the
terms of which are detailed in the file COPYING, that
must accompany this document.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
(deep breath. I dispise writing on the top of my lungs)
Other Stuff included
--------------------
The package also includes a PKCS-11 shell that enables libraries to
be tested from the command line and with automatic testing tools
like DejaGNU. You need Guile 1.3 or higher to compile it
with. The path to you installation of guile needs to be given
when calling './configure'. issue a './configure --help' to
display information on how this is done.
Two small test programms are supplied as well. They run through
a typical session of Netscape Communicator when calling a PKCS-11
library. There is also some code and notes for using and
installing this library with the Communicator, inlcuding the
nessecary ECMA-Script and Java code.
The library is furthermore implemented in such a way that it should
make implementing the support of real chip-/smart-card easier.
INSTALLATION
------------
after unpacking the package and READING THE TOKEN DOCUMENTATION simply type
./configure --enable-<name>-token [<further configure options>]
make && make install
to create the library set. The files will be installed according to
the GNU installation guidelines. You can change this behavior by
setting options when calling configure. See INSTALL for more
information.
Note however that currently all token require some prior preparation,
so you should rather read on to avoid problems B-)
TOKEN SPECIFIC INFORMATION
--------------------------
ceay_token:
-----------
If you are using the software-only token you need to prepare the
OpenSSL-Library before compiling. This preparation is not nessecary if
you know that you will use the token with netscape. But it is likely
that the same symbol clash might apear with other applications this
generation of a special version of the libcrypto is the default
behavior.
After unpacking: (replace the x's with the version you have)
cd gpkcs11-0.x.y/ceay_token
tar xvzf /your/path/to/openssl-0.9.x.tar.gz
ln -s openssl-0.9.x openssl
# prepare the local symbols to avoid clashes with Netscape Products
# you might have the change the perl path
perl ./symbol_transform.pl symbol_list.txt openssl-0.9.x CI_Ceay_
cd ..
now continue with the above configuration and make step.
The default PIN for the ceay token is "12345678".
Login as SO is disabled at the moment.
Warning: the native patch(1) on Solaris chokes on the diff file, since
it has to have the full count of trailing lines on a context diff.
Rather use the GNU replacement, part of the GNU diff utilities.
DEVELOPING APPLICATIONS FOR PKCS#11
-----------------------------------
if you are developing new applications you also need to copy the files
supplied by RSA Labs:
pkcs11.h
pkcs11f.h
pkcs11t.h
CODING STANDARD
---------------
If you are submitting source code for the inclusion into the library, I am
in general very gratefull. But I am outright happy if you stick to some
basic rules:
- The code has to be layouted according to the GNU Coding Standard.
It is described on http://www.gnu.org/prep/standards_toc.html
- The code contains marks for the emacs folding mode (my way of handling
source files of more then 9K lines B-}). They look like this:
/* {{{ <some explanation> */
:
: <your code here>
:
/* }}} */
please ensure that there is an equal number of opening and closing marks
as I hate grepping through the code looking for the missing one.
- Submit diffs as context diffs with _at least_ 3 lines of context. chances
are that my code is not at the same line as you code and I have a really
tough time deciding into which line the lonely 'foo++;' belongs.
- If you are changing more than one file, please submit the changes as a
patch input with the proper file marks in place. If you are using CVS
it will even put the in place with the right version and revision
information for me to help understand what you changed.
- As far as possible I try to stick to the GNU coding standards. Please try
to do so as well.
CONTACT
-------
There are four mailing lists in existence that are supposed to help the
work on the package. For details on how to subscribe, please check the
project pages on sourceforge
gpkcs11-announce Announcements about new releases or other items for
all interested
gpkcs11-dev discussion about the state of things as far as
the actual package is concerned.
gpkcs11-users discussion for making use of gpkcs11 in
applications.
gpkcs11-submit sends an email each time a submission to the CVS
repository is made.
All MLs are of rather low traffic right now, but that will hopefully change.
For further questions, delivery of quantities of beer (no english, australian,
dutch (except for Palm) or belgium lager please) or patches contact me at
Lutz Behnke
email: [email protected]
TC TrustCenter for Security GmbH
Sonninstrasse 24-28
20097 Hamburg, Germany