Supporting DNIe 3.0 inside OpenSC keeps improving. Some days ago some users reported a problem at the creation of the secure channel. The problems semmed to be related to a reset of the card that is done just before starting the process. That reset has been talked about several times since I am involved inside the DNIe driver development, it seemed unnecessary but it still remained there. I had also experienced the same issue previously but, in my case, it was very very rare (for what I understand to the affected people it was just a blocker, it never worked). Another pull was submitted for deleting the call to the reset function but some refactoring was also included.
The pull request has been accepted but at that time I asked German to check it too (four eyes see more than two). He found some problems with the signature (which I think were related to his environment and not produced by my changes, mainly because the modifications with DNIe 3.0 always affect the secure channel creation -login- and no other parts). Currently I just test code changes with my tester, I did it just for that purpose and it is very fast and (I think) complete. Besides the old page that I used to test (@firma demo page) has been removed and now you are redirected to download a new AutoFirma application. This new application does not work (at least for me) but I cannot pass the first window that asks me to introduce the DNIe (although it is there). So I finally tested the singing process using the pkcs11-tool command, my dnie-pkcs11-tester, jsignpdf as explained in this Spanish entry and the signer daemon I presented in a previous entry. All of them worked. But I had downloaded previously the @firma applet and I even tested the library with the old official application. (I knew that I had some problem because my local @firma did not work. But the problem was previous to all the DNIe 3.0 changes. This time I spent some time trying to figure out what was happening and finally I discovered that the applet used the system OpenSC library, not the compiled one. Removing the package was enough and the old @firma worked again.)
In order to not lose it (because I cannot find @firma application again) I have uploaded it to my blog. You can test it here. But I needed to change the manifest file (it was fixed to only work in the official test site) and, therefore, I also had to re-sign the applet. I did it with a self-signed certificate so it is going to be problematic for sure. In my case it works with the icedtea-plugin inside firefox (I do not know if I configured something weird in the past to make it work). Do not trust in me and do not sign anything real with it. It is just for me, to not lose it and have access to it from everywhere.
That is all. I just want to upload the @firma to the blog. As I said at the beginning the pull request is now accepted and the changes are in the master branch. So the DNIe will work better in the next OpenSC stable version.
Spiral out! Keep going!
Comments