Menu
▾
▴
Re: [Opensc-devel] How to create minidriver on OpenSC
|
From: Douglas E E. <dee...@gm...> - 2022-11-26 03:27:00
|
On 11/25/2022 4:51 PM, Cui Alan wrote: > Hi, >> for OpenSC, you need to modify the registry so that your token is >> recognized by the OpenSC MD, see > Yes, I had motified the registry and OpenSC 0.22.0 Minidriver recognized my card correctly > But it still reported my card is read-only. NIST left it up the card vendor on how to initialize a card. NIST does not define how to write a key to the card, only how to generate a key on the card. And you need to authenticate to the card before writing using the 9B key, but many vendor's use non PIV commands to initialize their cards. So the OpenSC PIV driver and minidriver only support read only cards. NIST designed the PIV to be issued by government agencies using card vendor software. There is an OpenSC piv-tool that can do the minimum, but it does not use the minidriver. Yubico has a minidriver and a yubico-piv-tool https://developers.yubico.com/yubico-piv-tool/ > >> for PIV, you may need to disable the Windows' builtin MD for PIV. > I recently disabled it in gpedit.msc for OpenSC 0.23.0-rc2 > And >> Microsoft has it own PIV support by checking for PIV AID and and adding to registry. >> "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\PIV Device ATR Cache" >> You may need to remove it andd your registry entries before inserting it again. > I actually cannot understand what to do, but I motified the entry from uuid to my card name. Not sure what you mean. > It still not works. Read-only is still reported. > >> Every piv vendor I have seen has their own minidriver and they are installed via plug-and-play. > Yes, I'm the vendor of the card and going to make minidriver by OpenSC. That piece of the puzzle was never added to the OpenSC PIV code. > > Thanks for all of you. > > Alan. -- Douglas E. Engert <DEE...@gm...> |
