Welcome to the minimalistic home page of the CSP #11 projet.
The CSP#11 0.4.1 is available for end-users ! You can download it and use it for email and documents signing and for web authentication.
Downloads are available at the Files page of the project
Now the Cryptographic Service Provider #11 can be installed with a graphical user interface for Windows 9x, Me and NT and for Windows XP, 2000
The actual CSP #11 DLL is signed with the test and developpement purposes signature.
It will not work on a unmodified Windows.
If you are under Windows 9x, Me, or NT, you can download the MS CSPDK, in this package, you will find compressed version of modified ADVAPI32.DLL file. This file will permits you to test and use CSP #11.
If you are under Windows XP SP2, 2K SP4. You can use this poke and apply it with Hexedit for example.
More detailed news on the project page.
The NullSoft scripts used to generated the binaries installers are now included in the source distribution.
Icons updated.
The CSP Eleven certificate Installer will not quit if no usuable data were found.
Downloads are available at the Files page of the project
Now the Cryptographic Service Provider #11 can be installed with a graphical user interface for Windows 9x, Me and NT and for Windows XP, 2000
Added visual C workspace and projects in the distribution.
Added Fabio and Gambin mbstowcs modification in order to copy container name.
Now the tests program exits with an error code if there was an unexpected behavior in one of the test.
More information on this release on the release notes page.
Directs downloads:
Main news are:
More information on the release notes page.
Handle management scheme finaly debugged !
Because the proposed answer is perveted with the way of life of the coded algo and subjectives comments (my fault).
In fact, at the begining, the position of revoked handle had to be freed because, at the begining this system was mentaly designed with static allocation (tables). Then, it was quickly converted to dynamic allocation one. And that the primal pervertion. ;-)
The updated list is a new list (create with partial copy of the old list). The old one has to be totaly freed.
The handle will be freed by the calling function. The only utility of the handle management is tell if an handle came from the CSP or not; no more.
I was able then to test, developped and debug in detail ! This indication was the starting point ! I understood this perversion at this moment. So Fabio really helped me :-) , thanks.
I created a newList variable in order to return the address of the first element of the new list and not the address of his last one, or worse.
More detailed information in the diffences between csp11.c v1.14 and v1.15.
There are serious bugs causing bad CSP #11 behaviors.
I am working on it now. Thanks to everybody who helped me on this problem.
The first certificate installer implementation is commited to the CVS. Please have a look, and, I am needing help for this part.
According to GNU fanatism, I do not use neither Borland C, neither MS VC; more than that I hate Microsoft GUI C API.But the interface are home made, by hand, without any ressource editor etc..
In fact if somebody could enlight the certificate installer interface, it will be great !
At this moment, the certificate installer do not work (but is running). When the grant handle bugs will be slapped, I will investigate if nobody found the cause before. ;-)
If you update you csp-eleven repository copy, you will notice there is a new directory named 'imports'.
There is a 'readme.rst' file in it with all information about the why and how of this folder.
If somebody can confirms that the same key pair can be either AT_SIGNATURE and AT_KEYEXCHANGE, it will be great.
The fact is AT_KEYEXCHANGE user key are used by SSL X.509 negociation/identification...
AT_SIGNATURE could only be used by... I do not know...
It seems that in fact, it is possible to have key for encryption (AT_KEYEXCHANGE) and nother keys for signature (AT_SIGNATURE).
This second pair could be certified with non-repudation bit for example.
I will gather info, please feel free to send us here :)
Another problem is the container name. As you already know, its actual name follow the follow rule:
{token label}-{Signature key object ID}-{Signature key label}-{Signature key
modulus MD5 hash}-{KeyExchange object ID}-{KeyExchange key label}-{KeyExchange
MD5 Hash}
And the maximum cName length is equal to MAX_PATH, and MAX_PATH is equal to 260.
But, key label are not limited to a length of 32 chars, and in this rule, they are...
I am thinking of getting away key label, and using a hash algorithm identifier instead. It will be like that then,
{token label}-{sigkey ObjID}-{sig hash alg}-{hash}-{kxkey ID}-kx hash alg}-{hash}
The token label is <= 32 chars according to PKCS #11, the sigkey object ID could be, in most delirious dream, three characters length (unsigned char) but no more, the hash length depends on the hash algorithm. But now, how do we specify the hash alg ID ?
Poll open ! :)
New key management design and first implementation of get and set key parameters.
First hash functions complete implementation.
Advice to use the "unstable" version of OpenSC PKCS11 DLL.
Sad, some SC mech' resistanz !.
API/source doc updated.
Ok on the way !
News on labs site, updated UML-like graph on the explanation page.
I do not know where was my head, but that's it, lost. I tried to link instead of dynamicly load the OpenSC pkcs11 library.
Now IT IS WORKING ! In fact, not, you just can acquire a crypto context.
What we can already do:
Thanks to everybody who helped me, and a special thanks to novakv who gave me the final answer.
I cannot link the program under Windows®, if you know how to do it, please help me :)
I am trying to link it under cygwin environment using -mno-cygwin flag in order to produce pure Windows® DLL binary.
I compiled and installed OpenSC using these tree configuration:
Each time the same error: Here the problem log
Thanks :)