Menu
▾
▴
Re: [Opensc-devel] SC-HSM under Windows 7 64-bit?
|
From: Douglas E. E. <dee...@an...> - 2013-08-27 21:54:41
|
On 8/27/2013 4:08 PM, Anthony Foiani wrote: > Douglas -- > > On Tue, Aug 27, 2013 at 9:20 AM, Douglas E. Engert <dee...@an...> wrote: >> >> >> On 8/27/2013 12:38 AM, Anthony Foiani wrote: >>> Greetings. >>> >>> I'm trying to chase down an interop bug with some utilities provided >>> by a group I'm doing work for. >>> >>> I've installed the latest nightly build of opensc on a >>> fully-up-to-date install of Windows 7 64-bit, and all the >>> opensc-provided command-line tools work fine: I can init the card with >>> sc-hsm-init, dump items with pkcs15-tool, etc. >>> >> >> Can you use the Microsoft command like utility: >> certutil -scinfo -v >> to read the smartcard, and verify the key. > > It sees the reader and the ATR matches the values given in the .reg > files I've tried. It then gives me 3-4 dialog boxes asking me to > insert a smart card, with the details being "A smart card was detected > but is not the one required for the current operation. The smart card > you are using may be missing required driver software or a required > certificate." > > Here's the output from certutil: > > C:\Windows\System32>certutil -scinfo -v > The Microsoft Smart Card Resource Manager is running. > Current reader/card status: > Readers: 1 > 0: SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 > --- Reader: SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 > --- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED > --- Status: The card is available for use. > --- Card: SmartCard-HSM > --- ATR: > 3b fe 18 00 00 81 31 fe 45 80 31 81 54 48 53 4d ;.....1.E.1.THSM > 31 73 80 21 40 81 07 fa 1s.!@... > There are some cards that change their ATR after they are plugged in. See: https://www.opensc-project.org/opensc/wiki/MiniDriver and the Caveats about warm and cold ATRs and http://support.microsoft.com/kb/981665 The OpenSC tools using the Open SC code may only be checking parts of the ATR. The Microsoft code using the base CSP uses the registry to match ATRs. Since you only have one card for now, you could play with the ATR and the ATRmask that you added to the registry to cover all the possibilities. and hopefully it will find your card. > > ======================================================= > Analyzing card in reader: SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 > > --------------===========================-------------- > ================ Certificate 0 ================ > --- Reader: SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 > --- Card: SmartCard-HSM > Provider = Microsoft Base Smart Card Crypto Provider > Key Container = (null) [Default Container] > > Cannot open the AT_SIGNATURE key for reader: SCM Microsystems Inc. > SCR35xx USB Smart Card Reader 0 > Cannot open the AT_KEYEXCHANGE key for reader: SCM Microsystems Inc. > SCR35xx USB Smart Card Reader 0 > > --------------===========================-------------- > ================ Certificate 0 ================ > --- Reader: SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 > --- Card: SmartCard-HSM > Provider = Microsoft Smart Card Key Storage Provider > Key Container = (null) [Default Container] > > Cannot open the key for reader: SCM Microsystems Inc. SCR35xx USB > Smart Card Reader 0 > > --------------===========================-------------- > > Done. > CertUtil: -SCInfo command completed successfully. > >> Do these utilities use PKCS#11 or the Microsoft CSP interface to the >> OpenSC minidriver? > > I don't know -- I'll have to get clarification from their author. > > As I mentioned in the first post, though, all the opensc command-line > tools seem to work. From what little I know about windows, I'm > assuming somehow the right driver isn't getting found -- but I have no > idea how to pursue that. :( > > Thanks for your help, regardless. > > Best regards, > Anthony Foiani > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
