Re: [Opensc-devel] opensc-0.18.0-rc1 tests with MyEID card

[Frank M. <fra...@gm...>]

Hi, Peter,

thanks for having a look into this! Please add your intermediate results to
https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Release-Testing#opensc-0180.
<https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Release-Testing#opensc-0180>

With https://github.com/OpenSC/OpenSC/pull/1339, the opensc-pkcs11.dll
should be found by pkcs11-tool.exe...

Regarding certutil.exe, did your card ever work in the minidriver? If so
open a Github issue, adding an old log (functional) and a new log
(disfunctional) and we can check what's going on. Even if you want to see
this done without having tested this once successfully, we at least need a
log to see what's wrong...

Regards, Frank.

2018-04-19 15:05 GMT+02:00 Peter Popovec <pop...@gm...>:

>
> Hi
>
> I found some problems with  opensc 0.18.0-rc1 (in Win 10, 64 bit).
>
> (0. deinstallation of opensc 0.17... seems to be without errors)
> 1. Installation 0.18.0-rc1 - seems to work correctly ("complete"
> installation selected).
> 2. I disconnect computer from internet (to disallow automatic installation
> of
>    aventra driver for MyEID card)
> 3. pkcs15-tool -D  work as expected
> 4. pkcs11-tool --login --test  fail with:
>    Failed to load pkcs11 module
> 5. certutil -scinfo  fail with:
>
> C:\WINDOWS\system32>certutil -scinfo
> The Microsoft Smart Card Resource Manager is running.
> Current reader/card status:
> Readers: 1
>   0: Generic EMV Smartcard Reader 0
> --- Reader: Generic EMV Smartcard Reader 0
> --- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
> --- Status: The card is available for use.
> ---   Card:
> ---    ATR:
>         3b f5 18 00 00 81 31 fe  45 4d 79 45 49 44 9a      ;.....1.EMyEID.
>
>
> =======================================================
> Analyzing card in reader: Generic EMV Smartcard Reader 0
> SCardGetCardTypeProviderName: The system cannot find the file specified.
> 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
> Cannot retrieve Provider Name for SCardGetCardTypeProviderName: The system
> cannot find the file specified. 0x2 (WIN32: 2 ERRO
> Cannot retrieve Provider Name for
> --------------===========================--------------
> CertUtil: -SCInfo command FAILED: 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
> CertUtil: The system cannot find the file specified.
>
>
>
> I can manualy add opensc-minidriver.dll with card ATR into register file
> but
> certutil --scinfo  still fails:
> C:\>certutil -scinfo
> The Microsoft Smart Card Resource Manager is running.
> Current reader/card status:
> Readers: 1
>   0: Generic EMV Smartcard Reader 0
> --- Reader: Generic EMV Smartcard Reader 0
> --- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
> --- Status: The card is available for use.
> ---   Card: MyEID-opensc
> ---    ATR:
>         3b f5 18 00 00 81 31 fe  45 4d 79 45 49 44 9a      ;.....1.EMyEID.
>
>
> =======================================================
> Analyzing card in reader: Generic EMV Smartcard Reader 0
>
> --------------===========================--------------
> ================ Certificate 0 ================
> --- Reader: Generic EMV Smartcard Reader 0
> ---   Card: MyEID-opensc
> Provider = OpenSC CSP
> Key Container = (null) [Default Container]
>
> Cannot open the AT_SIGNATURE key for reader: Generic EMV Smartcard Reader 0
> Cannot open the AT_KEYEXCHANGE key for reader: Generic EMV Smartcard
> Reader 0
>
> --------------===========================--------------
> ================ Certificate 0 ================
> --- Reader: Generic EMV Smartcard Reader 0
> ---   Card: MyEID-opensc
> Provider = Microsoft Smart Card Key Storage Provider
> Key Container = (null) [Default Container]
>
> Cannot open the  key for reader: Generic EMV Smartcard Reader 0
>
> --------------===========================--------------
> Linux (debian 9.4) tests
> ------------------------
>
>
> driver | tested smart card
> myeid  | MyEID cards with PKCS#15 applet
>
> Token info from: pkcs11-tool -T
>
> Available slots:
> Slot 0 (0x0): Alcor Micro AU9560 00 00
>   token label        : MyEID
>   token manufacturer : Aventra Ltd.
>   token model        : PKCS#15
>   token flags        : login required, rng, token initialized, PIN
> initialized
>   hardware version   : 0.0
>   firmware version   : 33.3
>   serial num         : 5003002081976737
>   pin min/max        : 4/8
> $ pkcs11-tool --login --test
> Using slot 0 with a present token (0x0)
> Logging in to "MyEID".
> Please enter User PIN:
> C_SeedRandom() and C_GenerateRandom():
>   seeding (C_SeedRandom) not supported
>   seems to be OK
> Digests:
>   all 4 digest functions seem to work
>   MD5: OK
>   SHA-1: OK
>   RIPEMD160: OK
> Signatures (currently only for RSA)
>   testing key 0 (Certificate)
>   all 4 signature functions seem to work
>   testing signature mechanisms:
>     RSA-X-509: OK
>     RSA-PKCS: OK
>     SHA1-RSA-PKCS: OK
>   testing key 1 (1536 bits, label=key_1536) with 1 signature mechanism
>     RSA-X-509: OK
>   testing key 2 (2048 bits, label=key_2048) with 1 signature mechanism
>     RSA-X-509: OK
>   testing key 3 (512 bits, label=key_512) with 1 signature mechanism
>     RSA-X-509: OK
>   testing key 4 (768 bits, label=key_768) with 1 signature mechanism
>     RSA-X-509: OK
> Verify (currently only for RSA)
>   testing key 0 (Certificate)
>     RSA-X-509: OK
>     RSA-PKCS: OK
>     SHA1-RSA-PKCS: OK
>   testing key 1 (key_1536) with 1 mechanism
>     RSA-X-509: OK
>   testing key 2 (key_2048) with 1 mechanism
>     RSA-X-509: OK
>   testing key 3 (key_512) with 1 mechanism
>     RSA-X-509: OK
>   testing key 4 (key_768) with 1 mechanism
>     RSA-X-509: OK
> Unwrap: not implemented
> Decryption (currently only for RSA)
>   testing key 0 (Certificate)
>     RSA-X-509: OK
>     RSA-PKCS: OK
>   testing key 1 (key_1536)
>     RSA-X-509: OK
>     RSA-PKCS: OK
>   testing key 2 (key_2048)
>     RSA-X-509: OK
>     RSA-PKCS: OK
>   testing key 3 (key_512)
>     RSA-X-509: OK
>     RSA-PKCS: OK
>   testing key 4 (key_768)
>     RSA-X-509: OK
>     RSA-PKCS: OK
> No errors
>
> Firefox (Linux, debian 9.4)
> Load OpenSC PKCS#11 Module ... Working
> PIN Verification.............. Working
> TLS Client Authentication......Working
>
> openssh-client            (Linux, debian 9.4)
> OpenSSH (without ssh-agent) ...Working
> OpenSSH (with    ssh-agent) ...Working
>
>
>
>
> ---
> Peter
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>