Menu
▾
▴
Re: [Opensc-devel] SO PIN creation
|
From: Maksym T. <mr...@bu...> - 2018-04-20 19:44:20
|
Hi, Debug output is attached: activation_without_SO_PIN: activation attempt without SO PIN activation_card_without_SO_PIN_overwrited_4401: activation attempt with overwrited 4401 file Following commands were used: pkcs15-init --erase-card --reader 0 pkcs15-init --create-pkcs15 --label 'Maksym Tiurin' --reader 0 --so-pin '11111111' --so-puk '22222222' --pin '' --puk '' pkcs15-init --store-pin --auth-id 01 --label 'mtiurin' --reader 0 --pin 12345678 --puk 87654321 --so-pin 11111111 cd /tmp rm -f 4401.bin 5032.bin opensc-explorer --reader 0 cd 5015 get 4401 4401.bin get 5032 5032.bin pkcs15-init --erase-card --reader 0 --so-pin '11111111' pkcs15-init --create-pkcs15 --label 'Firstname Lastname' --reader 0 --so-pin '' --so-puk '' --pin '' --puk '' pkcs15-init --store-pin --auth-id 01 --label 'nickname' --reader 0 --pin 12345678 --puk 87654321 OPENSC_DEBUG=255 pkcs15-init -F --reader 0 cd /tmp opensc-explorer --reader 0 cd 5015 put 4401 4401.bin OPENSC_DEBUG=255 pkcs15-init -F --reader 0 Also using this card I tried to activate it using opensc-explorer: pkcs15-tool --reader 0 --dump PKCS#15 Card [Firstname Lastname]: Version : 0 Serial number : 00007169017181987395 Manufacturer ID: Aventra Ltd. Last update : 20180420190330Z Flags : PRN generation, EID compliant PIN [Security Officer PIN] Object Flags : [0x3], private, modifiable ID : ff Flags : [0xB0], initialized, needs-padding, soPin Length : min_len:4, max_len:8, stored_len:8 Pad char : 0xFF Reference : 3 (0x03) Type : ascii-numeric PIN [mtiurin] Object Flags : [0x3], private, modifiable ID : 01 Flags : [0x30], initialized, needs-padding Length : min_len:4, max_len:8, stored_len:8 Pad char : 0xFF Reference : 1 (0x01) Type : ascii-numeric opensc-explorer --reader 0 OpenSC Explorer version 0.16.0 OpenSC [3F00]> verify CHV1 Please enter PIN: Code correct. OpenSC [3F00]> verify CHV3 Please enter PIN: Code correct. OpenSC [3F00]> apdu 00 44 04 00 0c A0 00 00 00 63 50 4B 43 53 2D 31 35 Sending: 00 44 04 00 0C A0 00 00 00 63 50 4B 43 53 2D 31 35 Received (SW1=0x69, SW2=0x85) Failure: Not allowed WBR, Maksym On 04/19/18 22:22, Peter Popovec wrote: > Hi, > > please check activation proces .. > > $ OPENSC_DEBUG=255 pkcs15-init -F > > (remove all sensitive information from output - PINs etc.. before > sending this output here, or directly to me) > > > > There is way to activate card directly by APDU .. > (https://webservices.aventra.fi/wordpress/wp-content/downloads/MyEID_PKI_JavaCard_Applet_Reference_Manual_2-1-4.pdf > , page 37) > (I can not guarantee you anything, maybe opensc fails with this card > after activation etc..). > > > 1. opensc-explorer, check if pin ID1 and 3 is functional > > OpenSC [3F00]> verify CHV1 > Please enter PIN: > Code correct. > OpenSC [3F00]> verify CHV3 > Please enter PIN: > Code correct. > > > 2. use APDU to card activation: > OpenSC [3F00]> apdu 00 44 04 00 0c A0 00 00 00 63 50 4B 43 53 2D 31 35 > Sending: 00 44 04 00 0C A0 00 00 00 63 50 4B 43 53 2D 31 35 > Received (SW1=0x90, SW2=0x00) > Success! > OpenSC [3F00]> > > > > On Thu, Apr 19, 2018 at 11:31 PM, Maksym Tiurin <mr...@bu... > <mailto:mr...@bu...>> wrote: > > Sounds like activation process is not so simple. > > I tried to upload 4401 from card with SO pin. > > I tried to upload 4401 and 5032 from card with SO pin. > > Without any success :( > > I see SO PIN in dump now: > > PIN [Security Officer PIN] > Object Flags : [0x3], private, modifiable > ID : ff > Flags : [0xB0], initialized, needs-padding, soPin > Length : min_len:4, max_len:8, stored_len:8 > Pad char : 0xFF > Reference : 3 (0x03) > Type : ascii-numeric > > But when I try to activate this card I receive the same error: > > Failed to finalizing card: Not allowed > > > > |
