Fix issues reported from Markdown lint and Codespell

.github/codespell_ignore_words.txt

@@ -1,4 +1,9 @@
-Feitian
-GOST
+feitian
 signatur
 lokale
+ist
+alle
+als
+theses
+widgits
+gost

.github/markdownlint-config.json

@@ -3,5 +3,6 @@
     "MD013": false,
     "MD041": false,
     "MD014": false,
-    "MD024": false
+    "MD024": false,
+    "MD010": false
 }

Aladdin-eToken-PRO.md

@@ -108,7 +108,7 @@ If you are only interested in the middleware (and not the proprietary key manage
 3. double-click on the following packages in this order so as to install them:
 
 * `etokenframework.pkg`: those are the shared libraries (that will go into `/Library/Frameworks/eToken.framework`) needed by all the other packages;
-* `etokendriversleopard.pkg` (for Mac OS 10.5.x) or `etokendriverstiger.pkg` (for Mac OS 10.4.x): this is the middleware, that goes under `/usr/libexec/SmartCardServices/drivers/eTokenIfdh.bundle/` .  It consists of an auxillary daemon that will be run by `pcscd` in order to perform the necessary USB I/O.
+* `etokendriversleopard.pkg` (for Mac OS 10.5.x) or `etokendriverstiger.pkg` (for Mac OS 10.4.x): this is the middleware, that goes under `/usr/libexec/SmartCardServices/drivers/eTokenIfdh.bundle/` .  It consists of an auxiliary daemon that will be run by `pcscd` in order to perform the necessary USB I/O.
 
 To test this setup, plug your token in, then open a terminal and type the following commands:
 

Aventra-MyEID-PKI-card.md

@@ -12,7 +12,7 @@ The cards can be personalized both visually and electrically by Aventra accordin
 
 MyEID is certified by Microsoft and supports Smart Card Plug and Play.
 
->  MyEID version 4 has been released, adding support for Elliptic Curve Cryptography and many other new features.
+> MyEID version 4 has been released, adding support for Elliptic Curve Cryptography and many other new features.
 
 ## Aventra MyEID PKI applet
 

Card-personalization.md

@@ -327,18 +327,24 @@ These libraries can be loaded in OpenSSL so you can do a certificate request wit
 
 * Run `openssl` command
 * On the `openssl` command prompt, type
-   ```bash
-   engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD
-   ```
+
+  ```bash
+  engine dynamic -pre SO_PATH:engine_pkcs11 -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD
+  ```
+
    to use the PKCS #11 engine
+
 * Then type (on the openssl command prompt)
-   ```bash
-   req -engine pkcs11 -new -key <ID> -keyform engine -out <cert_req>
-   ```
-   in which ID is the slot+ID in the following format:
-   ```bash
-   [slot_<slotID>][-][id_<ID>], e.g. id_45 or slot_0-id_45
-   ```
+
+    ```bash
+    req -engine pkcs11 -new -key <ID> -keyform engine -out <cert_req>
+    ```
+
+    in which ID is the slot+ID in the following format:
+
+    ```bash
+    [slot_<slotID>][-][id_<ID>], e.g. id_45 or slot_0-id_45
+    ```
 
 ### `pkcs11-tool` and Mozilla/Netscape
 

Compiling-on-Cygwin.md

@@ -4,6 +4,7 @@ If you want to use OpenSC with Cygwin OpenSSH utilities, such as `ssh-agent` or
 then OpenSC has to be compiled for Cygwin. To do this follow these steps:
 
 ## Prepare for a fresh Cygwin install
+
 When building OpenSC we're going to be running the reconfiguration step of the OpenSC build process.
 One side effect is that this step may try to incorporate additional features that are detected in
 your current Cygwin installation, which can complicate the package dependencies.
@@ -14,9 +15,9 @@ So these instructions are based on starting from a fresh Cygwin installation. Th
 3. Temporarily unset `CYGWIN` environment variable while building and installing.
    Currently having `CYGWIN` set causes make install to fail in the `install-exec-hook` stage.
 
-## Install Cygwin base 
+## Install Cygwin base
 
-1. Go to https://cygwin.com/install.html.
+1. Go to <https://cygwin.com/install.html>.
 2. Run `setup-x86_64.exe` & save it for running later.
 3. Install to `C:\cygwin64`.
 4. Select `All Users`.

Creating-applications-with-smart-card-support.md

@@ -21,7 +21,7 @@ These tools and libraries help in talking to PKCS#11 modules or integrate PKCS#1
 * [gp11](http://live.gnome.org/GnomeKeyring/Architecture) is a GObject based wrapper for PKCS#11, distributed with gnome-keyring.
 * [PaKChoiS](http://www.manyfish.co.uk/pakchois/) aims to provide a thin wrapper over the PKCS#11 interface.
 * [p11-kit](http://p11-glue.freedesktop.org/p11-kit.html) eases working with multiple PKCS#11 modules and includes support for [PKCS#11 URI scheme](http://tools.ietf.org/html/draft-pechanec-pkcs11uri-13).
-* [pkcs11-provider] (https://github.com/latchset/pkcs11-provider) is an Openssl 3.x provider to access Hardware or Software Tokens using the PKCS#11 Cryptographic Token Interface.
+* [pkcs11-provider](https://github.com/latchset/pkcs11-provider) is an Openssl 3.x provider to access Hardware or Software Tokens using the PKCS#11 Cryptographic Token Interface.
 
 ##### Python
 
@@ -59,7 +59,7 @@ Mac OS X implements CDSA as the cryptography API for the Mac platform (in theory
 [OpenSSL](http://www.openssl.org/) has an easy way to integrate smart card support.
 
 The [libp11](https://github.com/OpenSC/libp11/wiki) has code to make using OpenSC PKCS#11 module with OpenSSL quite easy and includes example code for using SSL with client certificate authentication using a smart card too.
-The use of engines in OpenSSL are deprecated fom the version 3.
+The use of engines in OpenSSL are deprecated from the version 3.
 
 The engine_pkcs11 project has an OpenSSL engine implementation so you can change any code using OpenSSL to move the crypto operation from your CPU to your smart card with only a few small changes.
 It was merged into libp11 project.
@@ -72,36 +72,36 @@ The [pkcs11-provider](https://github.com/latchset/pkcs11-provider) is an Openssl
 
 ### QCA
 
-[QCA](http://api.kde.org/kdesupport-api/kdesupport-apidocs/qca/html/) (Qt Cryptographic Architecture) adds cryptography support into Qt applications. QCA has PKCS#11 support since v2.0. See "http://sites.google.com/site/alonbarlev/qca-pkcs11":http://sites.google.com/site/alonbarlev/qca-pkcs11 for more information.
+[QCA](http://api.kde.org/kdesupport-api/kdesupport-apidocs/qca/html/) (Qt Cryptographic Architecture) adds cryptography support into Qt applications. QCA has PKCS#11 support since v2.0.
 
 ### GnuTLS
 
-"GnuTLS":http://www.gnutls.org includes native PKCS#11 smart card support using the PKCS#11 URI scheme..
-See "http://www.gnutls.org/manual":http://www.gnutls.org/manual for more information.
+[GnuTLS](http://www.gnutls.org) includes native PKCS#11 smart card support using the PKCS#11 URI scheme..
+See <http://www.gnutls.org/manual> for more information.
 
 ### cryptlib
 
-"cryptlib":http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ is a library by Peter Gutmann and claims support for SSL and PKCS#11 modules. 
+[cryptlib](https://www.cs.auckland.ac.nz/~pgut001/cryptlib/) is a library by Peter Gutmann and claims support for SSL and PKCS#11 modules.
 
 ## Low level smart card access
 
 OpenSC is for cryptographic smart cards and the preferred method for accessing such cards is via one of the high level cryptographic API-s listed above, which hides the details of actual card reader access via one of the interfaces described below. As a general rule, don't use the low level smart card API-s if the necessary functionality is implemented via a cryptographic API.
 
 ### PC/SC
 
-PC/SC is a standard from "PC/SC Workgroup":http://www.pcscworkgroup.com/ but the "reference implementation" is still "Windows winscard.dll":http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx#smart_card_functions. Linux uses the open source "pcsc-lite":http://pcsclite.alioth.debian.org/ package. And Mac OS X uses a fork of pcsc-lite included in the "SmartCardServices":http://smartcardservices.macosforge.org/ project.
+PC/SC is a standard from [PC/SC Workgroup](https://pcscworkgroup.com/) but the "reference implementation" is still [Windows winscard.dll](http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx#smart_card_functions). Linux uses the open source [pcsc-lite](https://pcsclite.apdu.fr/) package. And Mac OS X uses a fork of pcsc-lite included in the [SmartCardServices](http://smartcardservices.macosforge.org/) project.
 
 #### Tools and libraries
 
 * Python
-  * "pyscard":http://pyscard.sourceforge.net/
+  * [pyscard](https://pyscard.sourceforge.io/)
 * Java
-  * See [[dedicated Java page|Using-smart-cards-with-Java-SE]] about javax.smartcardio in Java 1.6+
+  * See [[dedicated Java page|Using-smart-cards-with-Java-SE]] about `javax.smartcardio` in Java 1.6+
 
 ### CT-API
 
-"CT-API":https://www.tuvit.de/de/aktuelles/downloads/card-terminal-application-programing-interface-fuer-chipkartenanwendungen/ is an API for accessing smart card readers that is mostly used in Germany. It is not suited for modern multi-user environments, is not portable and not always available. New projects should avoid using CT-API and use PC/SC instead.
+CT-API is an API for accessing smart card readers that is mostly used in Germany. It is not suited for modern multi-user environments, is not portable and not always available. New projects should avoid using CT-API and use PC/SC instead.
 
 ### OpenCT
 
-"OpenCT":https://github.com/OpenSC/openct, like CT-API, is a Linux only API for accessing USB tokens (and smart card readers). Very few applications beside OpenSC can make use of OpenCT readers. New projects should try to avoid building against OpenCT and use PC/SC instead.
+[OpenCT](https://github.com/OpenSC/openct), like CT-API, is a Linux only API for accessing USB tokens (and smart card readers). Very few applications beside OpenSC can make use of OpenCT readers. New projects should try to avoid building against OpenCT and use PC/SC instead.

DNIe-(OpenDNIe).md

@@ -17,7 +17,7 @@ From the public administration point of view the card has been procured by the M
 
 Resources:
 
-* The [official home page](http://www.dnielectronico.es) for the Spanish DNIe 
+* The [official home page](http://www.dnielectronico.es) for the Spanish DNIe
 
 ## Card capabilities
 

Estonian-eID-(EstEID).md

@@ -103,7 +103,7 @@ X.509 Certificate [Allkirjastamine]
 
 ## Supported algorithms
 
-* Version 3.0 suports PKCS1 padding and SHA1, SHA-224 (not used as PKCS#11 does not support SHA-224 in v2.20) and SHA-256 hashes with 2048bit RSA keys
+* Version 3.0 supports PKCS1 padding and SHA1, SHA-224 (not used as PKCS#11 does not support SHA-224 in v2.20) and SHA-256 hashes with 2048bit RSA keys
 
 ## Known issues and incompatibilities
 

Eutron-CryptoIdentity-ITSEC-I-ITSEC-P.md

@@ -15,7 +15,7 @@ interface differs, the rest seems to be the same.
 One minor feature of the Siemens CardOS M4 is, that a RSA key cannot be used for both signing
 and decryption. OpenSC has implemented a workaround: software key generation and storing that
 key twice, once marked as decryption key and once marked as signing key. To enable this workaround
-specifiy `--split-key` on the command line, when creating the key.
+specify `--split-key` on the command line, when creating the key.
 
 Eutron has their own software for Windows. This software does not implement PKCS#15 and thus is not
 compatible with OpenSC. As long as the card has memory, you can initialize the card with both software

Feitian-ePass2003.md

@@ -60,8 +60,8 @@ Refer to issue [#1803](https://github.com/OpenSC/OpenSC/issues/1803);
 
 Links to the `Fix_Tool.tar.gz` archives:
 
-* With x86 and x64: "Download fix_tool":http://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz
-* With armhf arch:  "Download fix_tool":http://download.ftsafe.com/files/reader/SDK/Fix_Tool_20200604.zip
+* With x86 and x64: [Download fix_tool](http://download.ftsafe.com/files/ePass/Fix_Tool.tar.gz)
+* With armhf arch: [Download fix_tool](http://download.ftsafe.com/files/reader/SDK/Fix_Tool_20200604.zip)
 
 ## Thanks
 

Feitian-ePass3000.md

@@ -4,7 +4,7 @@
 
 The driver of ePass3000 in OpenSC is called "entersafe".
 
-Feitian has their own software for Windows, GNU/linux and MAC OSX. This software does not implement PKCS15 and thus is not compatible with OpenSC. Because Feitian's software reserves all storage, its data cannot be co-existed with OpenSC's in the USB token. In addition, there may be unexpected errors if both softwares exists in the operating system concurrently, since Feitian's software assumes there is one and only one software manipulates the token.
+Feitian has their own software for Windows, GNU/linux and MAC OSX. This software does not implement PKCS15 and thus is not compatible with OpenSC. Because Feitian's software reserves all storage, its data cannot be co-existed with OpenSC's in the USB token. In addition, there may be unexpected errors if both software exists in the operating system concurrently, since Feitian's software assumes there is one and only one software manipulates the token.
 
 Token initialized with Feitian's private format can not be directly used by OpenSC. Unless it is totally erased by command:
 

History-of-the-OpenSC-Project.md

@@ -37,7 +37,7 @@ to help the transition back from hal to `udev`. Engine_PKCS#11
 
 ### OpenSC 0.11.12
 
-On 2009-12-18 OpenSC 0.11.12 was released with a fix for a 
+On 2009-12-18 OpenSC 0.11.12 was released with a fix for a
 regression in OpenSC 0.11.5 and later, that made some cards
 initialized with older versions of OpenSC no longer work
 with newer versions.

IAS-ECC.md

@@ -47,7 +47,7 @@ Tested compatibility with the PKCS#11 and CSP from the other middlewares:
 
 ## To get the source code for SM
 
-**Not active project, changes already integrated in standard OpenSC distribution**
+**Not active project, changes already integrated in standard OpenSC distribution.**
 
 ```bash
 git clone https://github.com/viktorTarasov/OpenSC-SM.git

Installing-OpenSC-PKCS11-Module-in-Firefox,-Step-by-Step.md

@@ -1,7 +1,5 @@
 # Installing OpenSC PKCS#11 Module in Firefox, Step by Step
 
-This step by step description is can also be found in "Mozilla's knowledge base":https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Installation.
-
 1. Start Mozilla Firefox.
 
     ![Start Firefox](https://github.com/n8felton/OpenSC/wiki/attachments/wiki/MozillaSteps/firefox_64.png "Start Firefox")

Muscle-applet.md

@@ -46,7 +46,7 @@ MuscleApplet could be layered as follows:
 * APDU specification and implementation
 * Internal object layer and related machinery (ACL-s, Key objects, data objects) (also in CardEdge.java)
 * Object manager with helpers for dealing with objects, on same terms as they are exposed to the outside world
-* Memory manager that deals with allocating and re-allocating the memory, which is grabbed as a huge block when the applet is initialized. This is to overcome the absence of garbage collection in older JavaCard-s 
+* Memory manager that deals with allocating and re-allocating the memory, which is grabbed as a huge block when the applet is initialized. This is to overcome the absence of garbage collection in older JavaCard-s.
 
 #### Memory manager
 
@@ -68,7 +68,7 @@ In addition to data objects, MuscleApplet manages the following internal objects
 
 * PIN-s
   * And accompanying PUK-s
-    * MuscleApplet uses PIN0 as the "super PIN". The PIN is set to an initial value in source code, "Muscle00". 
+    * MuscleApplet uses PIN0 as the "super PIN". The PIN is set to an initial value in source code, "Muscle00".
 * Key pairs
   * Can be generated on the card or imported. Plaintext exporting is also possible.
 * Keys

OpenSC-Services.md

@@ -33,7 +33,7 @@ The mailing lists are hosted at the OpenSC project at SourceForge: [http://sourc
 ### MSIs and MacOS Apple Disk Image files
 
 <https://github.com/OpenSC/Nightly>
-* 
+
 **Old builds are removed time to time.**
 
 ## Tarball releases

Overview.md

@@ -88,7 +88,7 @@ For blank cards OpenSC has code to initialize the card in PKCS#15 format.
 You can't change initialized cards at all, or only with the software that
 was used to initialize it. But you can use the card with OpenSC if OpenSC
 knows the format. So the format has either to be PKCS#15 (very few
-softwares implement that standard, however), or maybe the format was published
+software implement that standard, however), or maybe the format was published
 and OpenSC contains an emulation for that format.
 
 Check the list on [wiki page](Supported-hardware-(smart-cards-and-USB-tokens)) to see

PuTTYcard.md

@@ -9,7 +9,7 @@ a "normal" Pageant.
 
 This only needed about 20 lines of codes within the source
 of pageant.exe and I was hoping that the PuTTY team would
-include this into future PuTTY-packages. They did not :-(
+include this into future PuTTY-packages. They did not.
 
 Therefore I merged the source code of PuTTYcard.dll with
 the source code of  pageant.exe and released a smart card
@@ -23,8 +23,6 @@ my smart card enabled version of pageant.exe with a new
 card or a new card reader I will send you a free license.
 Just let me know.
 
-## PuTTYcard
-
 PuTTYcard is an extension to PuTTY, the free SSH-client
 from Simon Tatham. With this extension PuTTY can use
 RSA-keys from external devices, ie. smart cards, usb-tokens.
@@ -64,7 +62,7 @@ your ppk-file should look like
 PuTTYcard,PuTTYiso7816.dll,<path>,AA,BB,CCCC
 ```
 
-<path> is the DF on your smart card that contains the RSA-key.
+The `<path>` is the DF on your smart card that contains the RSA-key.
 This must be specified as a 4,8,12 or 16digit hexadecimal
 number. Do NOT prefix the path with 3F00.
 AA is the key-reference of the private key, BB is the
@@ -74,7 +72,7 @@ public key. This file must either contain the public key
 as two ASN1-encoded records or it must be a certificate file
 from which the public key will be extracted.
 
-h3. How do I find the above mentions numbers?
+## How do I find the above mentions numbers?
 
 One of the first actions of PuTTYcard
 is to change its working DF to the DF given by the
@@ -253,7 +251,7 @@ certificates namely DF01:C100 and DF01:4371 so two other
 possible CCCC-values are C100 and 4371
 
 On a Netkey card a private key may be protected by more than
-one PIN. So instead of PIN-reference 81 (which references 
+one PIN. So instead of PIN-reference 81 (which references
 local PIN1) I may alternatively use PIN-reference 00 (which
 references global PIN0)
 

Quick-Start-with-OpenSC.md

@@ -1,6 +1,6 @@
 # Quick Start with OpenSC
 
-If you haven't already, please first take a look at our [[Overview|Overview]] page, the [[Operating Systems|Recent-test-results-for-various-smart-cards]] page and the [[Compiling and Installing on Unix flavors]] page. 
+If you haven't already, please first take a look at our [[Overview|Overview]] page, the [[Operating Systems|Recent-test-results-for-various-smart-cards]] page and the [[Compiling and Installing on Unix flavors]] page.
 
 ## Before we start
 

Schlumberger-Axalto-Cyberflex.md

@@ -2,7 +2,7 @@
 
 > Cryptoflex card are **deactivated**. For further usage, it is necessary to enable the card driver in `opensc.conf`.
 
-Earlier versions of Cyberflex cards have the same or a very similiar filesystem interface like the Cryptoflex cards.
+Earlier versions of Cyberflex cards have the same or a very similar filesystem interface like the Cryptoflex cards.
 Those cards work well with OpenSC.
 
 Newer versions however are pure JavaCards and will not work without a JavaApplet.

Security-Considerations.md

@@ -131,7 +131,7 @@ This means that your keys and sensitive data are safe against others (who know t
 
 However, depending on the smartcard os and the card profile anyone who knows the transport key and has access to your card can erase the card.
 
-On itself, that may be a good thing if you lost your card, but there's another problem: If your card contains trusted certificates, and an adversary steals your card, puts another pkcs15 dir with other certs on the card and puts it back without you knowing, you may not find out until you put trust in those untrusted certs. 
+On itself, that may be a good thing if you lost your card, but there's another problem: If your card contains trusted certificates, and an adversary steals your card, puts another pkcs15 dir with other certs on the card and puts it back without you knowing, you may not find out until you put trust in those untrusted certs.
 
 Be very careful when using the card as a tamper-resistant storage - make them PIN-protected for example.
 (Note: this if often not the case: the trusted certificates are usually stored in the applications using them.)