OpenSC-0.18.0

Binaries and release notes are available at the official OpenSC repository

2017-07-13_OpenSC-soc

New in 2017-07-13

General Improvements

• Added support for notifications on Windows

2017-07-04_OpenSC-soc

New in 2017-07-04

General Improvements

• Added support for notifications (macOS, Linux)

Minidriver

• Allow configuration of PIN pad dialog

SC-HSM

• Added compatibility with GoID 1.0

New in 0.17.0

Support for new Cards

• CAC (Common Access Card)
• GoID (SC-HSM with built-in PIN pad and fingerprint sensor)
• Coolkey
• JPKI (Japanese Individual Number Card)
• nPA (German ID card, eSign Application)

General Improvements

• PKCS#15
  • Implemented file caching based on card's contact-less UID
  • Cache EF.ODF and EF.TokenInfo
  • File caching is done transparently when the user sets the config option.
• opensc.conf
  • Added disable_popups for disabling internal UI
  • All Windows specific reader configuration is handled by the pcsc driver (cardmod driver was removed)
• Build Environment
  • Allow setting PKG_CONFIG_PATH for macOS build
  • Added compatibility with Visual Studio 2015
  • Allow building against LibreSSL
  • Allow building against OpenSSL 1.1.0
  • Allow building against WiX 3.11
  • Allow building minidriver with MinGW
  • Include OpenPACE library by default
  • Removed BUILD_ON/BUILD_FOR variable
• Simplified installer on macOS and Windows
• Added support for PIN commands via PC/SC escape commands
• Added support for card reader access via CryptoTokenKit
• Added support for PIN entry on card for verification/unblock/change
• Recognize T=0 limitation of sending 255 bytes
• Force T=1 for contactless cards
• Allow setting driver via OPENSC_DRIVER environment variable
• Fixed many bugs
• Fixed many compiler warnings
• Fixed possible issues (memory corruptions, memory leaks, double free, ...)
• Internal refactoring and cleanup

PKCS#11

• Move PIN type label front of description
• C_GetTokenInfo read the login status from the card if possible
• Don't use ':' in the token name (OpenSC#849)
• Install opensc-pkcs11.pc for usage with pkg-config
• Don't shrink the number of slots (OpenSC#629)
• Add session handle uniqueness check to PKCS#11 C_OpenSession()
• Activate functionality of C_WaitForSlot() for pcsc-lite >= 1.8.22

Minidriver

• Support PIN unblocking in minidriver via PUK as response
• Added support for Session PIN

Tokend

• Allow usage of readers PIN pad by entering an empty PIN

OpenSC Tools

• Fixed Bash completion (OpenSC#782)
• opensc-tool
  • Added --reset option
• opensc-explorer
  • Show tag 0x82 for unknown files
• pkcs15-tool
  • Fixed --read-ssh-key crash (OpenSC#788)
  • Added --clear-cache
  • Fixed locking the card on Windows (OpenSC#868)
  • Add --list-info option
  • Make --list-... messages consistent
  • Add --short option
  • --read-data-object: Do not print data to terminal when output file is given
  • Reword --no-prompt to --use-pinpad, old option still available as alias
  • Added --test-session-pin option
• pkcs15-init
  • Fix using PINPAD to verify PIN (OpenSC#856)
  • Fixed locking the card on Windows (OpenSC#868)
  • Added --secret-key-algorithm option
  • Print more detailed secret key information
• pkcs11-tool
  • Added keygen for secret key generation
  • Better handling of PIN (re-) validation
  • Fixed --id for C_GenerateKey, DES and DES3 keygen mechanism (OpenSC#857)
  • Added --derive-pass-der option
  • Added --generate-random option
  • Add GOSTR3410 keypair generation
• npa-tool (new)
  • Allows read/write access to EAC tokens
  • Allows PIN management for EAC tokens
• gids-tool
  • Fixed entering SN via command line
• sc-hsm-tool
  • Added --print-dkek-share (hidden from the user)
  • Fixed locking the card on Windows (OpenSC#868)

CardOS

• Better support for CardOS 5.3

DNIe

• Fixed interaction with DNIe UI
• Added support for DNIe 3.0

ePass2003

• Add new ATR for entersafe PKI card
• Solved Incorrect PIN raise wrong CKR error

GemsafeV1

• PTeid: add objects (SOD, TRACe, CA) and fix flags
• PTeid: Support PIN max tries and tries left report
• PTeid: Properly report cards with 2048b keys.

MyEID

• Fix to ECDH implementation (OpenSC#756)
• Added support for symmetric keys

OpenPGP

• Improve handling of OpenPGP card PIN change and unblock commands

PIV

• Some workarounds for PIV-alike cards (e.g. Yubikey)
• Change driver's short name to 'PIV-II'
• Use certificate's keyUsage to set PKCS#11 key attributes

SC-HSM

• Use PKCS#15 file cache
• Prevent unnecessary applet selection and state resets
• Added support for session pin
• Fixed forcing a card driver via opensc.conf

STARCOS

• Read the maximum transcive sice from the card's ATR (OpenSC#765)

2017-02-28_OpenSC-soc

This is a fork of OpenSC/OpenSC that includes some features usefull for communication with contact-less smart cards. The extended features include:

• Smart Card Support:
  • Support German ID card:
    • Use eSign for electronic signature (PKCS#11, Minidriver, Tokend)
    • Use PIN management tool for electronic identification (eID)
  • Smartcard-HSM:
    • Use Manufacturer PKI for verifying the card and establishing SM
    • Support for Bundesdruckerei System-on-Card architecture
    • Support for recovering the authentication status by verifying a session PIN
• Secure On-Card-Authentication:
  • Fingerprint verification on-card
  • PIN verification on-card
• Generic features for easier integration of new cards:
  • Generic Secure Messaging encoding according to ISO 7816-8
  • Secure Messaging establishment with Extended Access Control (EAC):
    • Password Authenticated Connection Establishment (PACE)
    • Terminal Authentication (TA)
    • Chip Authentication (CA)
  • Support for Session PIN generation according to Smart Card Minidriver Specification, v7.07