You can subscribe to this list here.
2012 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2013 |
Jan
(26) |
Feb
(64) |
Mar
(78) |
Apr
(36) |
May
(51) |
Jun
(40) |
Jul
(43) |
Aug
(102) |
Sep
(50) |
Oct
(71) |
Nov
(42) |
Dec
(29) |
2014 |
Jan
(49) |
Feb
(52) |
Mar
(56) |
Apr
(30) |
May
(31) |
Jun
(52) |
Jul
(76) |
Aug
(19) |
Sep
(82) |
Oct
(95) |
Nov
(58) |
Dec
(76) |
2015 |
Jan
(135) |
Feb
(43) |
Mar
(47) |
Apr
(72) |
May
(59) |
Jun
(20) |
Jul
(17) |
Aug
(14) |
Sep
(34) |
Oct
(62) |
Nov
(48) |
Dec
(23) |
2016 |
Jan
(18) |
Feb
(55) |
Mar
(24) |
Apr
(20) |
May
(33) |
Jun
(29) |
Jul
(18) |
Aug
(15) |
Sep
(8) |
Oct
(21) |
Nov
(5) |
Dec
(23) |
2017 |
Jan
(3) |
Feb
|
Mar
(17) |
Apr
(4) |
May
|
Jun
(5) |
Jul
(1) |
Aug
(20) |
Sep
(17) |
Oct
(21) |
Nov
|
Dec
(3) |
2018 |
Jan
(62) |
Feb
(4) |
Mar
(4) |
Apr
(20) |
May
(16) |
Jun
|
Jul
(1) |
Aug
(9) |
Sep
(3) |
Oct
(11) |
Nov
|
Dec
(9) |
2019 |
Jan
(1) |
Feb
(1) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
(5) |
Nov
|
Dec
(5) |
2020 |
Jan
(11) |
Feb
(14) |
Mar
(7) |
Apr
|
May
|
Jun
(3) |
Jul
(3) |
Aug
(6) |
Sep
(2) |
Oct
(15) |
Nov
(11) |
Dec
(7) |
2021 |
Jan
(14) |
Feb
(21) |
Mar
(3) |
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
|
Dec
|
2022 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
(12) |
Dec
|
2023 |
Jan
(2) |
Feb
(4) |
Mar
|
Apr
(8) |
May
|
Jun
(2) |
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
(1) |
2024 |
Jan
|
Feb
(2) |
Mar
(6) |
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(4) |
Dec
|
2025 |
Jan
(1) |
Feb
|
Mar
|
Apr
(5) |
May
|
Jun
|
Jul
(11) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Douglas E. E. <dee...@an...> - 2013-04-11 18:25:17
|
On 4/11/2013 12:15 PM, Charlie Bancroft wrote: > Hello, > I was wondering if there was a way to initialize/personalize an Oberthur ID-One PIV (Type A) using opensc? The intent of the OpenSC modifications was to implement NIST 800-73-3 for the client. The PIV card is not designed to be updated by a user, and card vendors can implement their own card management commands. The piv-tool was created to allow for testing of cards using what was defined in NIST 800-73-3. It was not intended to be used as a card management system. Additional commands may be needed that are vendor specific to finalize the card. For example NIST 800-73-3 only defines how to generate a key on the card. It does not define how to write a key to the. That said the piv-tool has the -A and -s options that can be used to authenticate to the card. The put_cert.sh uses this. If you have the Oberthur documentation you should have the 9B keys, any GlobaPlatform keys and additional commands needed to initialize/personalize the cards. > I have blank (just the PIV applet) cards that I have been fighting with trying to initialize > to no avail. I have seen that some people have been able to initialize the card with piv-tool but I have not seen any detailed instruction as to how it was done. If I recall those Obether ID-ONE cards are based on Globlaplatform 2.1.1. NIST insists that the cards be sent with ISD status SECURED and locked. Two mods were made to gpshell to not stop on a select with return of card locked, and to globalplatform.c to use the different bytes of the ISD and keyDerivationData returned from the card. The vendor document would indicate the changes needed. I can send you these mods, but you have to get the keys and documentation from the vendor. > > Thanks, > Charles Bancroft > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
From: Charlie B. <cha...@gm...> - 2013-04-11 17:15:43
|
Hello, I was wondering if there was a way to initialize/personalize an Oberthur ID-One PIV (Type A) using opensc? I have blank (just the PIV applet) cards that I have been fighting with trying to initialize to no avail. I have seen that some people have been able to initialize the card with piv-tool but I have not seen any detailed instruction as to how it was done. Thanks, Charles Bancroft |
From: Andreas S. (ML) <and...@ca...> - 2013-04-11 14:10:50
|
Am 11.04.2013 15:49, schrieb J.W...@mi...: > Hi Andreas, > > Ok, that should imply that there might be a version-mismatch of the AET-software, when using the pkcs-tool. > So I'll ask our client which version they are using! > However, it does not explain why a simple "opensc-tool --atr" does not work. It actually does explain it: opensc-tool is not using the PKCS#11 module, but the same build-in card drivers that are used by the opensc-pkcs11 module. If the card is not supported by this internal drivers (not to confuse with the AET-PKCS#11 module) then opensc-tool will not report your card type. And opensc-pkcs11 will report empty slots. With pkcs11-tool to either talk to the AET-PKCS#11 module which should know the card or (without --module) to the opensc-pkcs11 module. Andreas > > Tnx, Hans. > > -----Original Message----- > From: Andreas Schwier (ML) [mailto:and...@ca...] > Sent: Thursday, April 11, 2013 3:27 PM > To: ope...@li... > Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume > > Hi Hans, > > I guess the answer is simple: > > Your card has the AET SafeSign applet on it, which is not supported by > OpenSC. > > If you use > > Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l > > then you actually use the AET PKCS#11 module and not the OpenSC PKCS#11. > Because both have the same PKCS#11 interface, the pkcs11-tool will > display how the respective module interprets connected card readers > (slots) and contained cards (token). > > For a JavaCard with PKI applet like ours (or our SmartCard-HSM card) you > will need a specific card driver that matches the applet and the command > implemented by it. > > Regards, > > Andreas > > > Am 11.04.2013 14:36, schrieb J.W...@mi...: >> -----Original Message----- >> From: NdK [mailto:ndk...@gm...] >> Sent: Wednesday, April 10, 2013 2:20 PM >> To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN >> Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume >> >> Il 09/04/2013 16:01, J.W...@mi... ha scritto: >> >>> May I presume that if they gave me a complete empty card (not only not personified, but also not initialized, applet-i-fied) I should have gotten some more info back? >>> If so, I need to swap an empty card, for a card personified for a test-user. And test again... >>> If not, what are my options for getting this card working >> The commands that the card can accept depends largely on the applet >> loaded on it. No applet results in no accepted commands, except ones >> directed to the card OS to load a new applet. >> >> Maybe you should ask if it supports GlobalPlatform and, if so, with >> which keys and which key-derivation scheme (not to forget GP version). >> With those info you could be able to load an applet you write. >> >> To be able to use an already loaded applet you need to know how to >> select it (if needed) and its command set (the high-level protocol it >> speaks on top of T=0, T=1 or T=CL). >> >> With protocol documentation you could have some chance to add support >> for that card in OpenSc. W/o it, no chance. >> >> PS: remember that after (usually) 10 failed auth tries against the card >> manager, it locks and the card must be replaced. >> >> BYtE, >> Diego. >> >> -----Original Message----- >> >> Thanks Diego, >> >> As of now, I can rule out some options :-( >> Spent half a day in my car to pick-up another card. (price of being too eager) >> Opensc-tool --atr still does not yield any info: so no broken card. >> >> This time they said they put a dummy user on it (at least his keys & certs) and gave me PIN + PUK >> So the card is loaded with the safesign applet. >> >> Between the two cards, I only see one difference, When I do: >> Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l >> With my first card, I get "token state: uninitialized" >> With my second card, I get a valid info for "token label", "token manuf", "token model", "token flags" and "serial number" >> Token model say: "19CB0206010D00C0" >> Token flags say: "rng, login required, token initialized" >> And it does specify four (empty) slots. >> Otoh, my own smartcard has an additional string in "token flags", saying: "PIN initialized", while this card does not! >> >> >> So, if this type of card is not supported, I am surprised that "pkcs11-tool --list-slots" is capable of producing anything at all. >> >> Furthermore, if I omit specifying the module, it just says "slot 0" .. "slot 15", while otoh if I _do_ specify the safesign module, pkcs11-tool known about "slot 52482" .. "slot 52485", just like on my own card. >> So it seems that my safesign-lib is working properly. >> >> >> Weird, very weird... >> >> ______________________________________________________________________ >> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. >> >> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. >> >> ------------------------------------------------------------------------------ >> Precog is a next-generation analytics platform capable of advanced >> analytics on semi-structured data. The platform includes APIs for building >> apps and a phenomenal toolset for data science. Developers can use >> our toolset for easy data analysis & visualization. Get a free account! >> http://www2.precog.com/precogplatform/slashdotnewsletter >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel > > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org |
From: <J.W...@mi...> - 2013-04-11 13:49:21
|
Hi Andreas, Ok, that should imply that there might be a version-mismatch of the AET-software, when using the pkcs-tool. So I'll ask our client which version they are using! However, it does not explain why a simple "opensc-tool --atr" does not work. Tnx, Hans. -----Original Message----- From: Andreas Schwier (ML) [mailto:and...@ca...] Sent: Thursday, April 11, 2013 3:27 PM To: ope...@li... Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume Hi Hans, I guess the answer is simple: Your card has the AET SafeSign applet on it, which is not supported by OpenSC. If you use Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l then you actually use the AET PKCS#11 module and not the OpenSC PKCS#11. Because both have the same PKCS#11 interface, the pkcs11-tool will display how the respective module interprets connected card readers (slots) and contained cards (token). For a JavaCard with PKI applet like ours (or our SmartCard-HSM card) you will need a specific card driver that matches the applet and the command implemented by it. Regards, Andreas Am 11.04.2013 14:36, schrieb J.W...@mi...: > -----Original Message----- > From: NdK [mailto:ndk...@gm...] > Sent: Wednesday, April 10, 2013 2:20 PM > To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN > Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume > > Il 09/04/2013 16:01, J.W...@mi... ha scritto: > >> May I presume that if they gave me a complete empty card (not only not personified, but also not initialized, applet-i-fied) I should have gotten some more info back? >> If so, I need to swap an empty card, for a card personified for a test-user. And test again... >> If not, what are my options for getting this card working > The commands that the card can accept depends largely on the applet > loaded on it. No applet results in no accepted commands, except ones > directed to the card OS to load a new applet. > > Maybe you should ask if it supports GlobalPlatform and, if so, with > which keys and which key-derivation scheme (not to forget GP version). > With those info you could be able to load an applet you write. > > To be able to use an already loaded applet you need to know how to > select it (if needed) and its command set (the high-level protocol it > speaks on top of T=0, T=1 or T=CL). > > With protocol documentation you could have some chance to add support > for that card in OpenSc. W/o it, no chance. > > PS: remember that after (usually) 10 failed auth tries against the card > manager, it locks and the card must be replaced. > > BYtE, > Diego. > > -----Original Message----- > > Thanks Diego, > > As of now, I can rule out some options :-( > Spent half a day in my car to pick-up another card. (price of being too eager) > Opensc-tool --atr still does not yield any info: so no broken card. > > This time they said they put a dummy user on it (at least his keys & certs) and gave me PIN + PUK > So the card is loaded with the safesign applet. > > Between the two cards, I only see one difference, When I do: > Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l > With my first card, I get "token state: uninitialized" > With my second card, I get a valid info for "token label", "token manuf", "token model", "token flags" and "serial number" > Token model say: "19CB0206010D00C0" > Token flags say: "rng, login required, token initialized" > And it does specify four (empty) slots. > Otoh, my own smartcard has an additional string in "token flags", saying: "PIN initialized", while this card does not! > > > So, if this type of card is not supported, I am surprised that "pkcs11-tool --list-slots" is capable of producing anything at all. > > Furthermore, if I omit specifying the module, it just says "slot 0" .. "slot 15", while otoh if I _do_ specify the safesign module, pkcs11-tool known about "slot 52482" .. "slot 52485", just like on my own card. > So it seems that my safesign-lib is working properly. > > > Weird, very weird... > > ______________________________________________________________________ > Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. > > This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Opensc-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/opensc-devel |
From: Andreas S. (ML) <and...@ca...> - 2013-04-11 13:27:33
|
Hi Hans, I guess the answer is simple: Your card has the AET SafeSign applet on it, which is not supported by OpenSC. If you use Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l then you actually use the AET PKCS#11 module and not the OpenSC PKCS#11. Because both have the same PKCS#11 interface, the pkcs11-tool will display how the respective module interprets connected card readers (slots) and contained cards (token). For a JavaCard with PKI applet like ours (or our SmartCard-HSM card) you will need a specific card driver that matches the applet and the command implemented by it. Regards, Andreas Am 11.04.2013 14:36, schrieb J.W...@mi...: > -----Original Message----- > From: NdK [mailto:ndk...@gm...] > Sent: Wednesday, April 10, 2013 2:20 PM > To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN > Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume > > Il 09/04/2013 16:01, J.W...@mi... ha scritto: > >> May I presume that if they gave me a complete empty card (not only not personified, but also not initialized, applet-i-fied) I should have gotten some more info back? >> If so, I need to swap an empty card, for a card personified for a test-user. And test again... >> If not, what are my options for getting this card working > The commands that the card can accept depends largely on the applet > loaded on it. No applet results in no accepted commands, except ones > directed to the card OS to load a new applet. > > Maybe you should ask if it supports GlobalPlatform and, if so, with > which keys and which key-derivation scheme (not to forget GP version). > With those info you could be able to load an applet you write. > > To be able to use an already loaded applet you need to know how to > select it (if needed) and its command set (the high-level protocol it > speaks on top of T=0, T=1 or T=CL). > > With protocol documentation you could have some chance to add support > for that card in OpenSc. W/o it, no chance. > > PS: remember that after (usually) 10 failed auth tries against the card > manager, it locks and the card must be replaced. > > BYtE, > Diego. > > -----Original Message----- > > Thanks Diego, > > As of now, I can rule out some options :-( > Spent half a day in my car to pick-up another card. (price of being too eager) > Opensc-tool --atr still does not yield any info: so no broken card. > > This time they said they put a dummy user on it (at least his keys & certs) and gave me PIN + PUK > So the card is loaded with the safesign applet. > > Between the two cards, I only see one difference, When I do: > Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l > With my first card, I get "token state: uninitialized" > With my second card, I get a valid info for "token label", "token manuf", "token model", "token flags" and "serial number" > Token model say: "19CB0206010D00C0" > Token flags say: "rng, login required, token initialized" > And it does specify four (empty) slots. > Otoh, my own smartcard has an additional string in "token flags", saying: "PIN initialized", while this card does not! > > > So, if this type of card is not supported, I am surprised that "pkcs11-tool --list-slots" is capable of producing anything at all. > > Furthermore, if I omit specifying the module, it just says "slot 0" .. "slot 15", while otoh if I _do_ specify the safesign module, pkcs11-tool known about "slot 52482" .. "slot 52485", just like on my own card. > So it seems that my safesign-lib is working properly. > > > Weird, very weird... > > ______________________________________________________________________ > Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. > > This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org |
From: <J.W...@mi...> - 2013-04-11 12:36:27
|
-----Original Message----- From: NdK [mailto:ndk...@gm...] Sent: Wednesday, April 10, 2013 2:20 PM To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume Il 09/04/2013 16:01, J.W...@mi... ha scritto: > May I presume that if they gave me a complete empty card (not only not personified, but also not initialized, applet-i-fied) I should have gotten some more info back? > If so, I need to swap an empty card, for a card personified for a test-user. And test again... > If not, what are my options for getting this card working The commands that the card can accept depends largely on the applet loaded on it. No applet results in no accepted commands, except ones directed to the card OS to load a new applet. Maybe you should ask if it supports GlobalPlatform and, if so, with which keys and which key-derivation scheme (not to forget GP version). With those info you could be able to load an applet you write. To be able to use an already loaded applet you need to know how to select it (if needed) and its command set (the high-level protocol it speaks on top of T=0, T=1 or T=CL). With protocol documentation you could have some chance to add support for that card in OpenSc. W/o it, no chance. PS: remember that after (usually) 10 failed auth tries against the card manager, it locks and the card must be replaced. BYtE, Diego. -----Original Message----- Thanks Diego, As of now, I can rule out some options :-( Spent half a day in my car to pick-up another card. (price of being too eager) Opensc-tool --atr still does not yield any info: so no broken card. This time they said they put a dummy user on it (at least his keys & certs) and gave me PIN + PUK So the card is loaded with the safesign applet. Between the two cards, I only see one difference, When I do: Pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 --list-slots -l With my first card, I get "token state: uninitialized" With my second card, I get a valid info for "token label", "token manuf", "token model", "token flags" and "serial number" Token model say: "19CB0206010D00C0" Token flags say: "rng, login required, token initialized" And it does specify four (empty) slots. Otoh, my own smartcard has an additional string in "token flags", saying: "PIN initialized", while this card does not! So, if this type of card is not supported, I am surprised that "pkcs11-tool --list-slots" is capable of producing anything at all. Furthermore, if I omit specifying the module, it just says "slot 0" .. "slot 15", while otoh if I _do_ specify the safesign module, pkcs11-tool known about "slot 52482" .. "slot 52485", just like on my own card. So it seems that my safesign-lib is working properly. Weird, very weird... ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
From: <J.W...@mi...> - 2013-04-09 14:01:26
|
-----Original Message----- From: Ludovic Rousseau [mailto:lud...@gm...] Sent: Tuesday, April 09, 2013 3:42 PM To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN Cc: OpenSC-devel Subject: Re: [Opensc-devel] Additional info: jcop-4.1 card, i presume 2013/4/9 <J.W...@mi...>: > To be brief, tested on ubuntu-10.10 and 12.10, openSUSE_12.1 All yield the same :-( > > Latest opensc version available from distro: 0.12.2 > > So, is this a card that is only supported since 0.13, or do I have a "bigger challenge" > As in: "not supported at all" OpenSC tried with different CLASS byte values (the first byte in the APDU) but could not find a command that returns something else than 6E 00 (Class not supported). After lots of efforts OpenSC decided it cant use the card. You card is not supported by OpenSC (even version 0.13) -----Original Message----- Thanks for ruling out the possibility of a defect card. :-) May I presume that if they gave me a complete empty card (not only not personified, but also not initialized, applet-i-fied) I should have gotten some more info back? If so, I need to swap an empty card, for a card personified for a test-user. And test again... If not, what are my options for getting this card working Hans ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
From: Ludovic R. <lud...@gm...> - 2013-04-09 13:42:45
|
2013/4/9 <J.W...@mi...>: > To be brief, tested on ubuntu-10.10 and 12.10, openSUSE_12.1 All yield the same :-( > > Latest opensc version available from distro: 0.12.2 > > So, is this a card that is only supported since 0.13, or do I have a "bigger challenge" > As in: "not supported at all" OpenSC tried with different CLASS byte values (the first byte in the APDU) but could not find a command that returns something else than 6E 00 (Class not supported). After lots of efforts OpenSC decided it cant use the card. You card is not supported by OpenSC (even version 0.13) Bye -- Dr. Ludovic Rousseau |
From: <J.W...@mi...> - 2013-04-09 12:14:08
|
See below -----Original Message----- From: Witvliet, J, CDC/IV/DCOPS/I&S/HIN Sent: Tuesday, April 09, 2013 12:10 PM To: Ope...@li... Cc: Hans Witvliet Subject: jcop-4.1 card, i presume Log attached.. -----Original Message----- From: Ludovic Rousseau [mailto:lud...@gm...] Sent: Tuesday, April 09, 2013 10:52 AM To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN Subject: Re: jcop-4.1 card, i presume 2013/4/8 <J.W...@mi...> > Hi Dr Rousseau, Hello, > Curious situation: > The pcscd log is able to determine the ATR, but opensc-tool -a not. That is strange. > pcsc-deamon log: > Apr 8 17:05:39 kc0064 pcscd: Card ATR: 3B FA 18 00 FF 81 31 FE 45 4A > 43 4F 50 34 31 56 32 33 31 63 [correct ATR-string, I presume, is said > to be "A jcop card"] > > But opensc: > (basic functionality) > > root@kc0064:~# opensc-tool -v -a > Using reader with a card: SCM SCR 355 00 00 Connecting to card in > reader SCM SCR 355 00 00... > [opensc-tool] card-default.c:113:default_init: unable to determine the > right class byte [opensc-tool] card.c:202:sc_connect_card: driver > 'Default driver for unknown cards' init() failed: Card is invalid or > cannot be handled [opensc-tool] card.c:213:sc_connect_card: unable to > find driver for inserted card [opensc-tool] > card.c:228:sc_connect_card: returning with: Card is invalid or cannot > be handled Failed to connect to card: Card is invalid or cannot be > handled > > > I know that I need AET's safe-sign drivers, but as even basic functionality (like asking ATR) fails... > According to your list, it is an "jcop41 V2.3.1 dual interface 72K nxp smartMX javacard-openplatform" > > Any suggestions? Increase the verbose level of opensc-tool using: opensc-tool -vvvvvvvv -a You should report the problem on the OpenSC-devel mailing list. ======================================================================= -----Original Message----- Ok, To be brief, tested on ubuntu-10.10 and 12.10, openSUSE_12.1 All yield the same :-( Latest opensc version available from distro: 0.12.2 So, is this a card that is only supported since 0.13, or do I have a "bigger challenge" As in: "not supported at all" Hans. -----Original Message----- Hi again, Just downloaded 0.13, and tested it on openSUSE_12.1 Seems this jcop isn't recognized in 0.13 (see log attached) What does puzzles me, is that when probing the card, the correct ATR is tested: [opensc-tool] card.c:829:match_atr_table: ATR : 3b:fa:18:00:ff:81:31:fe:45:4a:43:4f:50:34:31:56:32:33:31:63 I was given one (untested) card from a possible customer to test with, so I could be a defect one. Perhaps the card is completely empty (as in manufacturing state), which would explain that pkcs11-tool would fail, but in anycase, something simple like "opensc-tool --atr" should succeed, not? Hans ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
From: <J.W...@mi...> - 2013-04-09 10:10:36
|
Log attached.. -----Original Message----- From: Ludovic Rousseau [mailto:lud...@gm...] Sent: Tuesday, April 09, 2013 10:52 AM To: Witvliet, J, CDC/IV/DCOPS/I&S/HIN Subject: Re: jcop-4.1 card, i presume 2013/4/8 <J.W...@mi...> > Hi Dr Rousseau, Hello, > Curious situation: > The pcscd log is able to determine the ATR, but opensc-tool -a not. That is strange. > pcsc-deamon log: > Apr 8 17:05:39 kc0064 pcscd: Card ATR: 3B FA 18 00 FF 81 31 FE 45 4A 43 4F 50 34 31 56 32 33 31 63 > [correct ATR-string, I presume, is said to be "A jcop card"] > > But opensc: > (basic functionality) > > root@kc0064:~# opensc-tool -v -a > Using reader with a card: SCM SCR 355 00 00 > Connecting to card in reader SCM SCR 355 00 00... > [opensc-tool] card-default.c:113:default_init: unable to determine the right class byte > [opensc-tool] card.c:202:sc_connect_card: driver 'Default driver for unknown cards' init() failed: Card is invalid or cannot be handled > [opensc-tool] card.c:213:sc_connect_card: unable to find driver for inserted card > [opensc-tool] card.c:228:sc_connect_card: returning with: Card is invalid or cannot be handled > Failed to connect to card: Card is invalid or cannot be handled > > > I know that I need AET's safe-sign drivers, but as even basic functionality (like asking ATR) fails... > According to your list, it is an "jcop41 V2.3.1 dual interface 72K nxp smartMX javacard-openplatform" > > Any suggestions? Increase the verbose level of opensc-tool using: opensc-tool -vvvvvvvv -a You should report the problem on the OpenSC-devel mailing list. ======================================================================= -----Original Message----- Ok, To be brief, tested on ubuntu-10.10 and 12.10, openSUSE_12.2 All yield the same :-( Latest opensc version available from distro: 0.12.2 So, is this a card that is only supported since 0.13, or do I have a "bigger challenge" As in: "not supported at all" Hans. ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
From: RABOUIN S. <seb...@at...> - 2013-04-09 09:39:17
|
> -----Message d'origine----- > De : Ludovic Rousseau [mailto:lud...@gm...] > Envoyé : mardi 9 avril 2013 11:04 > À : RABOUIN Sebastien > Cc : Ope...@li... > Objet : Re: [Opensc-devel] OpenSC version 0.12.1 > > > 2013/4/9 RABOUIN Sebastien <seb...@at...>: > > Hi all, > > Hello, > > > I am unable to found download links for older OpenSC versions. > > > > In the wiki, links for version 0.12.2 are dead. > > Which wiki? > Always give the URL of web pages you are talking about. > > The latest version 0.13.0 is available at > http://sourceforge.net/projects/opensc/files/OpenSC/ > Thanks for your reply, I mean theses pages: https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Download-latest-OpenSC-stable-release I just read it is still being updated. > > Is it planned to add the source and installer for the version 0.12.1 > ? > > You can get some of the older version at > https://github.com/OpenSC/OpenSC/tags There is the version 0.12.2, but I am particularly interested in version 0.12.1 that I cannot found. So is it planned to add this version (0.12.1) ? Sébastien Rabouin ________________________________ Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité du groupe Atos ne pourra être engagée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être engagée pour tout dommage résultant d'un virus transmis. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. |
From: Ludovic R. <lud...@gm...> - 2013-04-09 09:03:56
|
2013/4/9 RABOUIN Sebastien <seb...@at...>: > Hi all, Hello, > I am unable to found download links for older OpenSC versions. > > In the wiki, links for version 0.12.2 are dead. Which wiki? Always give the URL of web pages you are talking about. The latest version 0.13.0 is available at http://sourceforge.net/projects/opensc/files/OpenSC/ > Is it planned to add the source and installer for the version 0.12.1 ? You can get some of the older version at https://github.com/OpenSC/OpenSC/tags Bye -- Dr. Ludovic Rousseau |
From: Ludovic R. <lud...@gm...> - 2013-04-09 08:59:04
|
2013/4/8 <J.W...@mi...>: > Hi all, Hello, > Anyone around here with experience buying feitan products? No. > Trying goose.eu and Perico, but all I ever got is an email promising that they will sent something. The domain name is www.gooze.eu with a 'z'. > Secondly, anybody tried their "smart SD" out (a single-device, containing micro-sd + smartcard) No. Bye -- Dr. Ludovic Rousseau |
From: RABOUIN S. <seb...@at...> - 2013-04-09 07:40:26
|
Hi all, I am unable to found download links for older OpenSC versions. In the wiki, links for version 0.12.2 are dead. Is it planned to add the source and installer for the version 0.12.1 ? Cheers, Sébastien ________________________________ Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité du groupe Atos ne pourra être engagée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être engagée pour tout dommage résultant d'un virus transmis. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. |
From: Viktor T. <vik...@gm...> - 2013-04-08 17:25:34
|
Hello, Le 05/04/2013 13:39, Martin Paljak a écrit : > This is a common problem with NSS/Firefox (asking all PIN codes) and > the absence of the "onepin" module that was in OpenSC (which only > exported a single PIN and associated keys/certificates to firefox). The 'onepin' mode is obtained by tuning the OpenSC configuration. Look the 'create_slots_for_pins' option. With 'create_slots_for_pins = "user";' only slot for user PIN is created. >> edit/preferences/security device: Card PIN (works OK), Signature PIN - this >> doest'n work. > You don't want to use your signature PIN/certificate for SSL anyway, I hope ? > >> framework-pkcs15.c:1186:pkcs15_login: PKCS15 verify PIN returned -1212 >> 0x7f5670cae740 09:52:29.813 [opensc-pkcs11] >> misc.c:59:sc_to_cryptoki_error_common: libopensc return value: -1212 >> (Authentication method blocked) >> 0x7f5636009700 09:52:29.816 [opensc-pkcs11] > One of your PIN codes is blocked (pkcs15-tool --list-pins shows which one) > > >> 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] apdu.c:184:sc_apdu_log: >> Outgoing APDU data [ 11 bytes] ===================================== >> 00 20 00 81 06 37 35 30 34 31 39 . ...000000 >> ====================================================================== > > Do change your PIN from 750419 to something else now. > > > Martin > > ------------------------------------------------------------------------------ > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
From: <J.W...@mi...> - 2013-04-08 15:36:00
|
Hi all, Anyone around here with experience buying feitan products? Trying goose.eu and Perico, but all I ever got is an email promising that they will sent something. Secondly, anybody tried their "smart SD" out (a single-device, containing micro-sd + smartcard) I presume their "store-pass" never came into production, as it is not capable of generating 2K-keys? Hw ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
From: Andreas S. (ML) <and...@ca...> - 2013-04-08 14:37:53
|
Hi Martin, the SmartCard-HSM in a MicroSD form factor is now available at cardomatic. This complements the ID-000, ID-1 contactless / contact and USB form factor. The PC/SC driver for Windows and an OCF driver for Android are available at the CardContact Developers Network. An access card for the CDN is provided with each MicroSD card. Andreas Am 05.03.2013 15:42, schrieb Andreas Schwier (ML): > Hi Martin, > > thanks for the update. > > We hope to make the MicroSD card available any time soon at > www.cardomatic.de. > > Andreas > > Am 05.03.2013 15:31, schrieb Martin Paljak: >> On Tue, Mar 5, 2013 at 3:33 PM, Andreas Schwier (ML) >> <and...@ca...> wrote: >>> Hi, >>> >>> does anyone have an overview on the current status of OpenSC for Android >>> ? The seek-for-android project did a port of the 0.11.13 version, so is >>> anyone working on a port of the 0.13 release ? >> IIRC the only thing required was direct linking (pcsc-lite). I've not >> found the time/interest of trying to re-build android.... >> >> >>> Background is, that we've ported the SmartCard-HSM applet to run on a >>> MicroSD card that can be embedded into a mobile phone. >> Where can you buy such cards from? >> >>> The >>> remote-management interface of the SmartCard-HSM works independent of >>> the PKCS#11 stack, but of course we need a full middleware stack to make >>> PKI functions available to other applications. >> As much as I've followed the topic I don't know of a universal "CSP" >> style approach for Android and the only option is a) rooting b) >> bundling a lot of stuff into applications that can then access the >> devices. >> >> I don't know if/how OpenMobile API can actually help with accessing >> the secure element without patching/rooting. >> >> The best option this far has seemed to be either NFC or Apriva bluetooth reader. >> >> Martin >> > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org |
From: <J.W...@mi...> - 2013-04-08 13:14:13
|
Hi all, Anyone around here with experience buying feitan products? Trying goose.eu and Perico, but all I ever got is an email promising that they will sent something. Secondly, anybody tried their "smart SD" out (a single-device, containing micro-sd + smartcard) I presume their "store-pass" never came into production, as it is not capable of generating 2K-keys? Hw ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. |
From: Josef P. <J.P...@se...> - 2013-04-08 09:12:40
|
[opensc-pkcs11] slot.c:153:card_detect: 0: Detection ended [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 0). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 1 [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 1). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 2 [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 2). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 3 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 4 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 5 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 6 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 7 [opensc-pkcs11] pkcs11-global.c:349:C_GetSlotList: Getting slot listing [opensc-pkcs11] slot.c:83:card_detect: 0: Detecting smart card [opensc-pkcs11] sc.c:196:sc_detect_card_presence: called [opensc-pkcs11] reader-pcsc.c:281:refresh_slot_attributes: called [opensc-pkcs11] sc.c:201:sc_detect_card_presence: returning with: 1 [opensc-pkcs11] slot.c:153:card_detect: 0: Detection ended [opensc-pkcs11] pkcs11-global.c:364:C_GetSlotList: was only a size inquiry (8) [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 0 [opensc-pkcs11] slot.c:83:card_detect: 0: Detecting smart card [opensc-pkcs11] sc.c:196:sc_detect_card_presence: called [opensc-pkcs11] reader-pcsc.c:281:refresh_slot_attributes: called [opensc-pkcs11] sc.c:201:sc_detect_card_presence: returning with: 1 [opensc-pkcs11] slot.c:153:card_detect: 0: Detection ended [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 0). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 1 [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 1). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 2 [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 2). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 3 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 4 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 5 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 6 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 7 [opensc-pkcs11] pkcs11-object.c:237:C_FindObjectsInit: C_FindObjectsInit(slot = 0) [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_CERTIFICATE [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_VALUE = 308204D4308203BCA00302010202030F193C300D06092A864886F70D01010505 [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/1: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/2: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/2: Attribute 0x11 matches. [opensc-pkcs11] pkcs11-object.c:296:C_FindObjectsInit: Object 0/2 matches [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/3: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/4: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/4: Attribute 0x11 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/5: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/6: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/6: Attribute 0x11 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/7: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/8: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/9: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/9: Attribute 0x11 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/10: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/11: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/11: Attribute 0x11 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/12: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/13: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/13: Attribute 0x11 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/14: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:307:C_FindObjectsInit: 1 matching objects [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 0). [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 2: CKA_ID = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 2: CKA_CLASS = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 2: CKA_ID = 11 [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 2: CKA_CLASS = CKO_CERTIFICATE [opensc-pkcs11] pkcs11-object.c:237:C_FindObjectsInit: C_FindObjectsInit(slot = 0) [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_ID = 11 [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_PRIVATE_KEY [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/1: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/1: Attribute 0x0 matches. [opensc-pkcs11] pkcs11-object.c:296:C_FindObjectsInit: Object 0/1 matches [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/2: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/2: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/3: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/3: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/4: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/5: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/6: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/7: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/8: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/9: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/10: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/11: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/12: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/13: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/14: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:307:C_FindObjectsInit: 1 matching objects [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 1: CKA_KEY_TYPE = CKK_RSA [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 1: CKA_TOKEN = TRUE [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 1: CKA_PRIVATE = TRUE [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 1). [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 4: CKA_ID = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 4: CKA_CLASS = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 4: CKA_ID = 32363138323133313737343731353636333733 [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 4: CKA_CLASS = CKO_CERTIFICATE [opensc-pkcs11] pkcs11-object.c:237:C_FindObjectsInit: C_FindObjectsInit(slot = 0) [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_ID = 32363138323133313737343731353636333733 [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_PRIVATE_KEY [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/1: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/2: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/3: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/4: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/4: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/5: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/5: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/6: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/7: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/8: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/9: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/10: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/11: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/12: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/13: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/14: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:307:C_FindObjectsInit: 0 matching objects [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 6: CKA_ID = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 6: CKA_CLASS = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 6: CKA_ID = 2D37313435333334313932303639373732383630 [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 6: CKA_CLASS = CKO_CERTIFICATE [opensc-pkcs11] pkcs11-object.c:237:C_FindObjectsInit: C_FindObjectsInit(slot = 0) [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_ID = 2D37313435333334313932303639373732383630 [opensc-pkcs11] pkcs11-object.c:238:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_PRIVATE_KEY [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/1: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/2: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/3: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/4: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/5: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/6: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/6: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:290:C_FindObjectsInit: Object 0/7: Attribute 0x102 matches. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/7: Attribute 0x0 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/8: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/9: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/10: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/11: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/12: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/13: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:281:C_FindObjectsInit: Object 0/14: Attribute 0x102 does NOT match. [opensc-pkcs11] pkcs11-object.c:307:C_FindObjectsInit: 0 matching objects [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 1: CKA_MODULUS = <size inquiry> [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 1: CKA_MODULUS = 86B67E968E6BB7F68E272A61CD65866A8BE062249078D6797D75AB13E5ECFA83 [opensc-pkcs11] pkcs11-object.c:151:C_GetAttributeValue: Object 1: CKA_PRIVATE = TRUE [opensc-pkcs11] pkcs11-session.c:40:C_OpenSession: Opening new session for slot 0 [opensc-pkcs11] pkcs11-object.c:512:C_SignInit: Sign initialization returns 112 [opensc-pkcs11] pkcs11-session.c:131:C_CloseSession: C_CloseSession(4) [opensc-pkcs11] pkcs11-global.c:349:C_GetSlotList: Getting slot listing [opensc-pkcs11] slot.c:83:card_detect: 0: Detecting smart card [opensc-pkcs11] sc.c:196:sc_detect_card_presence: called [opensc-pkcs11] reader-pcsc.c:281:refresh_slot_attributes: called [opensc-pkcs11] sc.c:201:sc_detect_card_presence: returning with: 1 [opensc-pkcs11] slot.c:153:card_detect: 0: Detection ended [opensc-pkcs11] pkcs11-global.c:364:C_GetSlotList: was only a size inquiry (8) [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 0 [opensc-pkcs11] slot.c:83:card_detect: 0: Detecting smart card [opensc-pkcs11] sc.c:196:sc_detect_card_presence: called [opensc-pkcs11] reader-pcsc.c:281:refresh_slot_attributes: called [opensc-pkcs11] sc.c:201:sc_detect_card_presence: returning with: 1 [opensc-pkcs11] slot.c:153:card_detect: 0: Detection ended [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 0). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 1 [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 1). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 2 [opensc-pkcs11] pkcs11-session.c:179:C_GetSessionInfo: C_GetSessionInfo(slot 2). [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 3 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 4 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 5 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 6 [opensc-pkcs11] pkcs11-global.c:434:C_GetSlotInfo: Getting info about slot 7 [opensc-pkcs11] pkcs11-global.c:349:C_GetSlotList: Getting slot listing [opensc-pkcs11] slot.c:83:card_detect: 0: Detecting smart card |
From: Viktor T. <vik...@gm...> - 2013-04-06 20:26:23
|
Hello, Le 04/04/2013 18:03, Florent Deybach a écrit : > I tried with an IAS/ECC card and the ACL were listed correctly, except for the UPDATE ACL for which it displays "????", interesting! Printed name for some ACL methods have been absent. They are present in the latest sources: https://github.com/OpenSC/OpenSC/commit/c66278098b4f81a34fdb19bdb6dee98c042814c3 Thanks, Viktor. |
From: Martin P. <ma...@ma...> - 2013-04-05 11:40:24
|
Hello, This is a common problem with NSS/Firefox (asking all PIN codes) and the absence of the "onepin" module that was in OpenSC (which only exported a single PIN and associated keys/certificates to firefox). > edit/preferences/security device: Card PIN (works OK), Signature PIN - this > doest'n work. You don't want to use your signature PIN/certificate for SSL anyway, I hope ? > framework-pkcs15.c:1186:pkcs15_login: PKCS15 verify PIN returned -1212 > 0x7f5670cae740 09:52:29.813 [opensc-pkcs11] > misc.c:59:sc_to_cryptoki_error_common: libopensc return value: -1212 > (Authentication method blocked) > 0x7f5636009700 09:52:29.816 [opensc-pkcs11] One of your PIN codes is blocked (pkcs15-tool --list-pins shows which one) > 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] apdu.c:184:sc_apdu_log: > Outgoing APDU data [ 11 bytes] ===================================== > 00 20 00 81 06 37 35 30 34 31 39 . ...000000 > ====================================================================== Do change your PIN from 750419 to something else now. Martin |
From: Josef P. <J.P...@se...> - 2013-04-05 11:30:58
|
Hello, I'm trying to login in web application wiht PKI card. PKCS#11 modul is loaded to firefox, (opensc-pkcs11.so). Card is Siemens Card CardOS M4.4. Firefox know reader and detect card. On card I can use 2 PINs. In firefox edit/preferences/security device: Card PIN (works OK), Signature PIN - this doest'n work. shoud be problem in configuration? Thanks for any help. ====================================================================== 0x7f5670cae740 09:52:29.805 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f5670cae740 09:52:29.805 [opensc-pkcs11] card-cardos.c:268:cardos_check_ sw: bs object blocked 0x7f5670cae740 09:52:29.805 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: -1212 (Authentication method blocked) 0x7f5670cae740 09:52:29.805 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f5670cae740 09:52:29.805 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: called 0x7f5670cae740 09:52:29.813 [opensc-pkcs11] pkcs15-pin.c:296:sc_pkcs15_ verify_pin: returning with: -1212 (Authentication method blocked) 0x7f5670cae740 09:52:29.813 [opensc-pkcs11] framework-pkcs15.c:1186:pkcs15_ login: PKCS15 verify PIN returned -1212 0x7f5670cae740 09:52:29.813 [opensc-pkcs11] misc.c:59:sc_to_cryptoki_error_ common: libopensc return value: -1212 (Authentication method blocked) 0x7f5636009700 09:52:29.816 [opensc-pkcs11] pkcs11-global.c:375:C_ GetSlotList: C_GetSlotList(token=0, plug-n-play) ----------------------------- 0cae740 09:51:41.385 [opensc-pkcs11] card.c:292:sc_lock: called 0x7f5670cae740 09:51:41.385 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'Gemalto PC Twin Reader (2892E3CE) 00 00' 0x7f5670cae740 09:51:41.385 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 7 bytes] ===================================== 00 A4 00 00 02 3F 00 .....?. ====================================================================== 0x7f5670cae740 09:51:41.385 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_ transmit: called 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] iso7816.c:480:iso7816_select_ file: returning with: 0 (Success) 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] card-cardos.c:443:cardos_select_ file: returning with: 0 (Success) 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] sec.c:157:sc_pin_cmd: called 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] card.c:292:sc_lock: called 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'Gemalto PC Twin Reader (2892E3CE) 00 00' 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 11 bytes] ===================================== 00 20 00 81 06 37 35 30 34 31 39 . ...000000 ====================================================================== 0x7f5670cae740 09:51:41.401 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_ transmit: called 0x7f5670cae740 09:51:41.439 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0x7f5670cae740 09:51:41.439 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f5670cae740 09:51:41.439 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: 0 (Success) 0x7f5670cae740 09:51:41.439 [opensc-pkcs11] pkcs15-pin.c:509:sc_pkcs15_ pincache_add: called 0x7f5670cae740 09:51:41.440 [opensc-pkcs11] pkcs15-pin.c:543:sc_pkcs15_ pincache_add: PIN(Card PIN) cached 0x7f5670cae740 09:51:41.440 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f5670cae740 09:51:41.440 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: called 0x7f5670cae740 09:51:41.449 [opensc-pkcs11] pkcs15-pin.c:296:sc_pkcs15_ verify_pin: returning with: 0 (Success) 0x7f5670cae740 09:51:41.449 [opensc-pkcs11] framework-pkcs15.c:1186:pkcs15_ login: PKCS15 verify PIN returned 0 0x7f5670cae740 09:51:41.449 [opensc-pkcs11] framework-pkcs15.c:1195:pkcs15_ login: Check if pkcs15 object list can be completed. opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0 Yes Gemalto PC Twin Reader (2892E3CE) 00 00 ------------------------------------------- opensc-tool -a Using reader with a card: Gemalto PC Twin Reader (2892E3CE) 00 00 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 ------------------------------------------- opensc-tool -n Using reader with a card: Gemalto PC Twin Reader (2892E3CE) 00 00 CardOS M4 ------------------------------------------- pcsc-lite version 1.8.8. Copyright (C) 1999-2002 by David Corcoran <cor...@li...>. Copyright (C) 2001-2011 by Ludovic Rousseau <lud...@fr...>. Copyright (C) 2003-2004 by Damien Sauveron <sau...@la...>. Report bugs to <mu...@li...>. Enabled features: Linux x86_64-pc-linux-gnu serial usb libudev usbdropdir=/ usr/lib64/readers/usb ipcdir=/run/pcscd configdir=/etc/reader.conf.d ------------------------------------------ PC/SC device scanner V 1.4.21 (c) 2001-2011, Ludovic Rousseau <lud...@fr...> Compiled with PC/SC lite version: 1.8.6 Using reader plug'n play mechanism Scanning present readers... 0: Gemalto PC Twin Reader (2892E3CE) 00 00 Fri Apr 5 11:13:51 2013 Reader 0: Gemalto PC Twin Reader (2892E3CE) 00 00 Card state: Card inserted, ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51 ATR: 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51 + TS = 3B --> Direct Convention + T0 = D2, Y(1): 1101, K: 2 (historical bytes) TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s TC(1) = 02 --> Extra guard time: 2 TD(1) = C1 --> Y(i+1) = 1100, Protocol T = 1 ----- TC(2) = 0A --> Work waiting time: 960 x 10 x (Fi/F) TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 ----- TA(3) = FE --> IFSC: 254 TB(3) = 58 --> Block Waiting Integer: 5 - Character Waiting Integer: 8 + Historical bytes: C8 0D Category indicator byte: C8 (proprietary format) + TCK = 51 (correct checksum) Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): 3B D2 18 02 C1 0A 31 FE 58 C8 0D 51 Siemens Card CardOS M4.4 |
From: Florent D. <fde...@gm...> - 2013-04-04 16:04:01
|
> > So if I want to add the possibility to delete it: > > |*=NEVER,READ=$PIN,UPDATE=$PIN,DELETE=$PIN > > That should work (...provided that there's not some other bug). > Indeed, I tried and it worked! I am able to delete my object without having to reset my entire card. > IIRC it's part of the epass2003 driver that's not finished. It always > lists N/A > for epass2003. The real ACLs are in the last line starting with "Security > attributes", like in your example below: > > > Security attributes: 96 96 FF 9F FF FF FF FF > > Each byte is a bitwise-or from the macros EPASS2003_AC_* defined in > src/libopensc/cardctl.h. The low nybble can be: > > #define EPASS2003_AC_EVERYONE 0x00 > #define EPASS2003_AC_USER 0x06 > #define EPASS2003_AC_SO 0x08 > #define EPASS2003_AC_NOONE 0x0F > > which stands for "no pin needed", "user PIN needed", "SO-PIN needed", > "forbidden" (not sure about the SO-PIN, never really made it work). > > The high nybble is a bit mysterious to me, as well, I've only seen the > 0x90 ever > used: > > #define EPASS2003_AC_MAC_UNEQUAL 0x80 > #define EPASS2003_AC_MAC_NOLESS 0x90 > #define EPASS2003_AC_MAC_LESS 0xA0 > #define EPASS2003_AC_MAC_EQUAL 0xB0 > Many thanks for taking the time to explain that to me. It makes more sense as I test the token (by trial/error just like you did...). I tried with an IAS/ECC card and the ACL were listed correctly, except for the UPDATE ACL for which it displays "????", interesting! > The order of the "Security attributes" printed out is: READ, UPDATE, ??, > DELETE, > ??... (It comes from the contents of incoming APDU that is token's > response to > "SELECT FILE" APDU, instruction 0xA4) > > Some ACLs are not ever used for epass2003, e.g. INVALIDATE and > REHABILITATE, > since the token does not support the corresponding APDU instructions. > Indeed, I also tried to set the WRITE attribute which seemed to me "standard", but it didn't change the security attributes returned by opensc-explorer...! Anyway, you answered more than satisfactory to my problem, and for that I thank you again! Cheers, Florent |
From: Anthony F. <ant...@gm...> - 2013-03-31 16:54:26
|
Ludovic -- > I now understand the problem. Glad to hear it -- I was starting to think I was imagining things! Sorry that it took me a few tries to find the root cause. > Cross compilation is an issue. Yes, it often is. :( > I can't find in your patch how you "use native CC directly" It's actually in a previous email; I referenced in passing as "builds on my previous patch..." Looks like it got archived here: http://sourceforge.net/mailarchive/message.php?msg_id=30635681 (As with all my patches, I'm sure there's a nicer way of doing this, but I don't grok autotools. In the real kconfig systems, it shows up as "HOSTCC" and "HOSTLD" instead of "CC" and "LD"/"CCLD" respectively, if memory serves.) > pcsc-wirecheck-gen should only be needed by me or another pcsc-lite > developper. The cleanest solution may be to include the generated file > pcsc-wirecheck-dist.c (25 kB) inside the .tar.bz2 archive. That sounds about right. I should probably just build a distributed tarball, and not from source; building from svn is a leftover from when the project was in flux last year. (And probably just the open-sc project, at that.) > Can you try the attached patch with your configuration? Will try it at some point today. Thanks! Happy Easter, if you happen to celebrate it today... :) Best regards, Anthony Foiani |
From: Ludovic R. <lud...@gm...> - 2013-03-31 16:02:28
|
Index: src/Makefile.am =================================================================== --- src/Makefile.am (revision 6582) +++ src/Makefile.am (working copy) @@ -153,4 +153,4 @@ pc_DATA = libpcsclite.pc tokenparser.c: tokenparser.l $(SHELL) $(YLWRAP) $< lex.tp.c $@ -- "$(LEX)" -Ptp $(AM_LFLAGS) $(LFLAGS) -EXTRA_DIST = README_INTERNALS.txt +EXTRA_DIST = README_INTERNALS.txt pcsc-wirecheck-dist.c |