[Opensc-devel] ePass2003 custom so-pin profile

[Jean-Michel P. - G. <jm...@go...>]

Dear all,

The ePass2003 does not work when initialized with SO-PIN in OpenSC.

GOOZE requested technical documentation from Feitian, but never received
the list of APDU command or any useful documentation.

A GOOZE user did some research and found the following trick:

The issue is not in SO PIN itself. It's caused by incorrect ACL flags
arising from not using the ACL flags defined in "onepin" profile. If you
add a profile referring SOPIN into /usr/share/opensc/epass2003.profile
(e.g. before line "option onepin") and use it, pkcs15-init won't "brick"
token anymore:

option sopinacl {
macros {
so-pin-flags = local, initialized, soPin;
pin-flags = local, initialized, needs-padding;
df_acl = *=$SOPIN, CRYPTO=NONE, FILES=NONE, CREATE=NONE, DELETE=NONE;
ef_acl = *=NEVER, READ=NONE, UPDATE=NONE, WRITE=NONE, DELETE=NONE;
sf_acl = *=NEVER, UPDATE=NONE;
protected = *=NEVER,READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
}

I would welcome the feedback from OpenSC community and would like to
know if this works for you and/or would be useful in OpenSC itself.

Maybe Feitian itself could comment on this proposal of fix in reply on
OpenSC mailing list.

Kind regards,
Jean-Michel Pouré
-- 

                      GOOZE - http://www.gooze.eu
                   High quality cryptographic tools 
                  for GNU/Linux, Mac OS X and Windows
     POURE SASU - 17 rue Saint Jacques - 95160 Montmorency - France
       Tel : +33 (0)9 72 13 53 90 - Mobile : +33 (0)6 51 99 37 90
         Registry: FR 527 672 448 00018 - VAT: FR54527672448
     CAcert root certificate: http://www.cacert.org/index.php?id=3
                          ID PGP/GPG: 084F2584