Menu
▾
▴
Re: [Opensc-devel] SO PIN creation
|
From: Maksym T. <mr...@bu...> - 2018-04-19 21:31:39
|
Sounds like activation process is not so simple. I tried to upload 4401 from card with SO pin. I tried to upload 4401 and 5032 from card with SO pin. Without any success :( I see SO PIN in dump now: PIN [Security Officer PIN] Object Flags : [0x3], private, modifiable ID : ff Flags : [0xB0], initialized, needs-padding, soPin Length : min_len:4, max_len:8, stored_len:8 Pad char : 0xFF Reference : 3 (0x03) Type : ascii-numeric But when I try to activate this card I receive the same error: Failed to finalizing card: Not allowed WBR, Maksym On 04/18/18 23:05, Peter Popovec wrote: > Hi, > > IMHO this flag is only in file 5015/4401 .. you can initialize new > card, save file 5015/4401 (opensc-explorer, cd 5015, get 4401 > file_4401.bin ) and then overwrite file 5015/4401 on wrong generated > card by correct content from saved file (opensc-explorer, cd 5015, put > 4401 file_4401.bin). > > > > On Thu, Apr 19, 2018 at 7:34 AM, Maksym Tiurin <mr...@bu...> wrote: >> On 04/18/18 22:18, Peter Popovec wrote: >>> Hi >>> >>> IMHO, you can try to create SO-PIN by: >>> >>> $ pkcs15-init --store-pin --auth-id 03 --label 'Security Officer PIN' >>> --reader 0 --pin '12345678' --puk '87654321' >> Unfortunately, it doesn't work. >> I can create multiple PINs using --store-pin but these PINs don't have >> "soPin" flag. >> >> I get error when I try to activate card without real SO PIN (with flags >> " [0xB0], initialized, needs-padding, soPin"). >>> and then >>> >>> $ pkcs15-init -F -- reader 0 >>> >>> P. >>> >>> >>> >>> >>> >>> >>> On Thu, Apr 19, 2018 at 4:11 AM, Maksym Tiurin <mr...@bu...> wrote: >>>> Hi, >>>> >>>> Is it possible to create SO PIN & PUK codes for already created PKCS15? >>>> >>>> I have couple of Aventra MyEID v4. During card formatting I didn't set SO >>>> PIN & PUK codes. >>>> Unfortunately, I can't activate these cards. Since certificates are already >>>> imported into cards it would be painfull to erase these cards, reformat and >>>> import new certificates. >>>> >>>> Steps to reproduce (similar to described on >>>> https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card ): >>>> $ pkcs15-init --create-pkcs15 --label 'Firstname Lastname' --reader 0 >>>> --so-pin '' --so-puk '' --pin '12345678' --puk '87654321' >>>> $ pkcs15-init --store-pin --auth-id 01 --label 'nickname' --reader 0 --pin >>>> '12345678' --puk '87654321' >>>> $ pkcs15-init -F --reader 0 >>>> Failed to finalizing card: Not allowed >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel |
