Re: [Opensc-devel] MuscleCard not usable with OpenSC

[Martin P. <ma...@ma...>]

Hello,


Keep in mind that muscle applet and OpenSC don't match. If you crate
keys the "muscle way" they are not visible to OpenSC, which depends on
virtual objects that get mapped to file system and contain the
necessary directory files. Yet keys created by OpenSC should be usable
though muscle pkcs11.



--
Martin
+372 5156495


On Fri, Apr 19, 2013 at 6:56 PM, Florent Deybach <fde...@gm...> wrote:
> Hello,
>
> I am using a Javacard which is compliant with Java Card 2.2.1 /
> GlobalPlatform 2.1.1
>
> I am using opensc 0.13.0rc1.
>
> I successfully compiled the MuscleApplet 0.9.11 using the JDK 1.4.1 and the
> JavaCard Kit 2.2.1 from Sun.
> The applet was loaded into the card using GPJ and it is usable by
> muscleTool.
> Partially because it seems I cannot generate RSA keys (but that is another
> issue)
> As a proof:
>
>> root@ubuntu12-10:# muscleTool
>> MuscleCard shell - type "help" for help.
>> muscleTool > tokens
>>    1.    MuscleCard Applet
>>
>> ListTokens Success.
>> muscleTool > connect 1
>> Connect Success.
>> muscleTool [MuscleCard Applet] > status
>>  Protocol Version: 0.1
>>  Software Version: 0.6
>>       Free Memory: 5998
>>      Total Memory: 6000
>>         PINs Used: 2
>>         Keys Used: 0
>>        Logged IDs: NONE
>> GetStatus Successful
>> muscleTool [MuscleCard Applet] >resume
>> Functions             Supported
>> -------------------------------
>> MSCGenerateKeys
>> MSCImportKey
>> MSCExportKey
>> MSCComputeCrypt
>> MSCExternalAuthenticate
>> MSCListKeys
>> MSCCreatePIN
>> MSCVerifyPIN
>> MSCChangePIN             X
>> MSCUnblockPIN            X
>> MSCListPINs
>> MSCCreateObject
>> MSCDeleteObject
>> MSCWriteObject
>> MSCReadObject
>> MSCListObjects
>> MSCLogoutAll             X
>> MSCGetChallenge          X
>> GetCapabilities Successful
>>
>
> The thing is that I cannot use my card with OpenSC.
> I added the ATR card into the opensc.conf file in order to force the muscle
> driver :
>
>> card_atr 3B:F8:18:00:00:80:31:FE:45:00:73:C8:40:13:00:90:00:92 {
>>         driver = muscle;
>>
>> }
>
>
> However opensc tools don't work:
>
>> root@ubuntu12-10# pkcs15-tool -D
>> Using reader with a card: Gemalto USB Shell Token V2 00 00
>> PKCS#15 binding failed: Unsupported card
>
>
>>
>> root@ubuntu12-10:# pkcs15-tool --list-applications
>> Using reader with a card: Gemalto USB Shell Token V2 00 00
>> PKCS#15 binding failed: Unsupported card
>>
>
> The attached debug output shows that no pkcs15 emulator is found (no
> emulator list in config file, trying all builtin emulators)
>
> What is wrong?
> Should I upgrade my opensc installation (I am using the one provided by
> Gooze - http://www.gooze.eu/)?
>
> pkcs11-tool with libmusclepkcs11 seems to be a little more friendly:
>
>> root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1
>> -L
>> Available slots:
>> Slot 0 (0x1): Gemalto USB Shell Token V2 00 00
>>   token label        : MuscleCard Applet
>>   token manufacturer : Unknown MFR
>>   token model        : Unknown Model
>>   token flags        : rng, login required, PIN initialized, token
>> initialized
>>   hardware version   : 6.0
>>   firmware version   : 1.0
>>   serial num         : 1
>
>
>>
>> root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1
>> -M
>> Using slot 0 with a present token (0x1)
>> Supported mechanisms:
>>   RSA-PKCS, keySize={96,128}, encrypt, decrypt, sign, sign_recover,
>> verify, verify_recover, wrap, unwrap
>>   RSA-PKCS-KEY-PAIR-GEN, keySize={96,128}, generate, generate_key_pair
>>   SHA1-RSA-PKCS, encrypt, decrypt, sign, sign_recover, verify,
>> verify_recover, generate, generate_key_pair, wrap, unwrap
>
>
>
> But when it comes to generating keys:
>
>
>> root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1
>> -l -k --key-type rsa:2048 -p 00000000 --id 001
>> Using slot 0 with a present token (0x1)
>> Key pair generated:
>> Private Key Object; RSA
>> warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>>   ID:         4b45593030303030303030303030303030303030
>>   Usage:      decrypt, sign, unwrap
>> warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed:
>> rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> Public Key Object; RSA 0 bits
>> warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>>   ID:         4b45593030303030303030303030303030303031
>> warning: PKCS11 function C_GetAttributeValue(ENCRYPT) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> warning: PKCS11 function C_GetAttributeValue(VERIFY) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> warning: PKCS11 function C_GetAttributeValue(WRAP) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>>   Usage:      none
>
>
> Thanks is advance
>
> Cheers
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>