Menu
▾
▴
Re: [Opensc-devel] opensc-explorer, PIN length 10 / sequel
|
From: Viktor T. <vik...@gm...> - 2013-08-03 19:28:08
|
Hello, Le 26/07/2013 14:17, Johannes Becker a écrit : > > > finally I found time to produce log files for the following problem: > > > > chipcard CardOS V4.3B > > OpenSC 0.13.0 > > > > opensc-explorer fails to verify the PIN: > > > > $ opensc-explorer > > OpenSC Explorer version 0.13.0 > > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > > OpenSC [3F00]> cd 5015 > > OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF:FF:FF > > Unable to verify PIN code: Invalid arguments > > OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF > > Incorrect code. > > OpenSC [3F00/5015]> exit > > > > On the other hand pkcs15-tool has no problems with the command > > pkcs15-tool --change-pin --pin 234567 --new-pin 234567 > > > > The log files are > > http://www.uni-giessen.de/~g013/opensc/opensc-explorer.log > > http://www.uni-giessen.de/~g013/opensc/pkcs15-tool.log > > > > Below the output of pkcs15-tool --dump > As it currently implemented, in opensc-explorer, you cannot use 'verify' command to verify CardOS PIN with the length other then 8 bytes. At the low (card driver) level, when there is no info about the PIN max/min, the padding length is set to 8. Card itself do not support (afaik) the 'get-pin-info' facility and the only way to get this info is the PKCS#15 data. That's why it works when PIN is verified in PKCS#15 context. 'Opensc-explorer' is the low level tool, and it do not parse the on-card PKCS#15 data. In opensc-explorer I propose you to not use the 'verify' command but direct 'apdu' one. So that you pass-by the formatting of the PIN data by cardos driver. vtarasov@sequoia:~/projects/sc/github/viktorTarasov-OpenSC$ ./build/bin/opensc-explorer OpenSC Explorer version 0.13.0 Using reader with a card: OmniKey CardMan 3121 01 00 OpenSC [3F00]> cd 5015 OpenSC [3F00/5015]> apdu 00 20 00 83 0A 39 39 39 39 00 00 00 00 00 00 Sending: 00 20 00 83 0A 39 39 39 39 00 00 00 00 00 00 Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/5015]> > > Regards > > Johannes > Kind wishes, Viktor. > > > > > > > pkcs15-tool --dump > > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > > PKCS#15 Card [Test Card]: > > Version : 0 > > Serial number : 7BFF203BF6052E35 > > Manufacturer ID: cv cryptovision gmbh (c) v1.0n > > Flags : Login required, PRN generation, EID compliant > > > > PIN [User Pin] > > Object Flags : [0x3], private, modifiable > > Auth ID : 02 > > ID : 01 > > Flags : [0x133], case-sensitive, local, initialized, needs-padding, disable_allowed > > Length : min_len:4, max_len:10, stored_len:10 > > Pad char : 0xFF > > Reference : 129 (0x81) > > Type : ascii-numeric > > Path : 3f005015 > > > > PIN [SO Pin] > > Object Flags : [0x3], private, modifiable > > ID : 02 > > Flags : [0x1BB], case-sensitive, local, unblock-disabled, initialized, needs-padding, soPin, disable_allowed > > Length : min_len:4, max_len:10, stored_len:10 > > Pad char : 0xFF > > Reference : 130 (0x82) > > Type : ascii-numeric > > Path : 3f005015 > > > > AuthKey [Challenge Response Key] > > Object Flags : [0x3], private, modifiable > > ID : 02 > > Derived : 1 > > SecretKeyID : 01 > > > > Private RSA Key [JLUSIGNCERT] > > Object Flags : [0x3], private, modifiable > > Usage : [0x6], decrypt, sign > > Access Flags : [0x9], sensitive, neverExtract > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : yes > > Path : 3f00501550724b21 > > Auth ID : 01 > > ID : 45 > > GUID : {6c9dc6ad-b7fa-c10c-0ff7-c385ad72d3f0} > > > > Private RSA Key [JLUAUTHCERT] > > Object Flags : [0x3], private, modifiable > > Usage : [0x6], decrypt, sign > > Access Flags : [0x9], sensitive, neverExtract > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : yes > > Path : 3f00501550724b22 > > Auth ID : 01 > > ID : 46 > > GUID : {d9fe0a11-3ec7-eda5-ac52-9a721aff8e70} > > > > Public RSA Key [JLUSIGNCERT] > > Object Flags : [0x2], modifiable > > Usage : [0x41], encrypt, verify > > Access Flags : [0x0] > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : no > > Path : 3f00501550754b21 > > ID : 45 > > DirectValue : <absent> > > > > Public RSA Key [JLUAUTHCERT] > > Object Flags : [0x2], modifiable > > Usage : [0x41], encrypt, verify > > Access Flags : [0x0] > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : no > > Path : 3f00501550754b22 > > ID : 46 > > DirectValue : <absent> > > > > X.509 Certificate [JLUSIGNCERT] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044301 > > ID : 45 > > GUID : {6c9dc6ad-b7fa-c10c-0ff7-c385ad72d3f0} > > Encoded serial : 02 07 1599ED6129A5C1 > > X.509 Certificate [JLUAUTHCERT] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044302 > > ID : 46 > > GUID : {d9fe0a11-3ec7-eda5-ac52-9a721aff8e70} > > Encoded serial : 02 07 1599ED65D8554B > > X.509 Certificate [Deutsche Telekom Root CA 2] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044303 > > ID : 50 > > GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} > > Encoded serial : 02 01 26 > > X.509 Certificate [DFN-Verein PCA Global - G01] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044304 > > ID : 50 > > GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} > > Encoded serial : 02 02 00C7 > > X.509 Certificate [JLUCACERT] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044305 > > ID : 50 > > GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} > > Encoded serial : 02 04 109C4834 > > Data object 'cardid' > > applicationName: cvmd > > Path: 3f0050156377 > > Data (16 bytes): 36ED3BC2D4AF7D41A4632F4026C27D6F > > Data object 'cardcf' > > applicationName: cvmd > > Path: 3f0050156378 > > Data (6 bytes): 010109000A00 > > Data object 'cardapps' > > applicationName: cvmd > > Path: 3f00501544444401 > > Data (8 bytes): 6D73637000000000 > > Data object 'mscp\' > > applicationName: cvmd > > Path: 3f00501544444402 > > Data (0 bytes): > > Data object 'mscp\cmapfile' > > applicationName: cvmd > > Path: 3f00501544444403 > > Data (0 bytes): > > Data object 'CARDVERSION' > > applicationName: > > Path: 3f00501544444404 > > Data (3 bytes): 322E30 > > > > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel |
