Menu
▾
▴
opensc-devel
|
From: Johannes B. <Joh...@hr...> - 2013-05-03 10:47:05
|
Hello,
I have a CardOS V4.3B chipcard that works with Firefox.
But the command
verify CHV81 30:34:35:32:39:31:FF:FF:FF:FF
fails with
Unable to verify PIN code: Invalid arguments
The command
verify CHV81 30:34:35:32:39:31:FF:FF
fails with
Unable to verify PIN code: Card command failed
pkcs15-tool says
PIN [User Pin]
Object Flags : [0x3], private, modifiable
Auth ID : 02
ID : 01
Flags : [0x133], case-sensitive, local, initialized, needs-padding, disable_allowed
Length : min_len:4, max_len:10, stored_len:10
Pad char : 0xFF
Reference : 129 (0x81)
Type : ascii-numeric
Path : 3f005015
Johannes
|
|
From: Martin P. <ma...@ma...> - 2013-05-03 13:54:11
|
Hello, On Fri, May 3, 2013 at 1:46 PM, Johannes Becker <Joh...@hr...> wrote: > I have a CardOS V4.3B chipcard that works with Firefox. > But the command > verify CHV81 30:34:35:32:39:31:FF:FF:FF:FF > > fails with > > Unable to verify PIN code: Invalid arguments > > > > The command > > verify CHV81 30:34:35:32:39:31:FF:FF > > fails with > > Unable to verify PIN code: Card command failed Keep in mind that CHVXX seems to take *decimal* input, and that cardos driver actually seems to use max length 8, so: verify CHV129 30:34:35:32:39:31:FF:FF Should give "OK" (maybe you need to have the necessary folder selected before as well) Martin |
|
From: Johannes B. <Joh...@hr...> - 2013-05-06 07:45:04
|
Am Freitag 03 Mai 2013 schrieb Martin Paljak <ma...@ma...>: > > Keep in mind that CHVXX seems to take *decimal* input, and that cardos > driver actually seems to use max length 8, so: > > verify CHV129 30:34:35:32:39:31:FF:FF > > Should give "OK" (maybe you need to have the necessary folder selected > before as well) Yes, selecting the folder makes a difference, but it seems that the card expects length 10. opensc-explorer now produces: OpenSC [3F00]> cd 5015 OpenSC [3F00/5015]> verify CHV129 30:34:35:32:39:31:FF:FF Incorrect code. OpenSC [3F00/5015]> verify CHV129 30:34:35:32:39:31:FF:FF:FF:FF Unable to verify PIN code: Invalid arguments The PIN is accepted when using Firefox. Johannes |
|
From: Johannes B. <Joh...@hr...> - 2013-07-26 12:32:51
|
Hello, finally I found time to produce log files for the following problem: chipcard CardOS V4.3B OpenSC 0.13.0 opensc-explorer fails to verify the PIN: $ opensc-explorer OpenSC Explorer version 0.13.0 Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 OpenSC [3F00]> cd 5015 OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF:FF:FF Unable to verify PIN code: Invalid arguments OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF Incorrect code. OpenSC [3F00/5015]> exit On the other hand pkcs15-tool has no problems with the command pkcs15-tool --change-pin --pin 234567 --new-pin 234567 The log files are http://www.uni-giessen.de/~g013/opensc/opensc-explorer.log http://www.uni-giessen.de/~g013/opensc/pkcs15-tool.log Below the output of pkcs15-tool --dump Regards Johannes pkcs15-tool --dump Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 PKCS#15 Card [Test Card]: Version : 0 Serial number : 7BFF203BF6052E35 Manufacturer ID: cv cryptovision gmbh (c) v1.0n Flags : Login required, PRN generation, EID compliant PIN [User Pin] Object Flags : [0x3], private, modifiable Auth ID : 02 ID : 01 Flags : [0x133], case-sensitive, local, initialized, needs-padding, disable_allowed Length : min_len:4, max_len:10, stored_len:10 Pad char : 0xFF Reference : 129 (0x81) Type : ascii-numeric Path : 3f005015 PIN [SO Pin] Object Flags : [0x3], private, modifiable ID : 02 Flags : [0x1BB], case-sensitive, local, unblock-disabled, initialized, needs- padding, soPin, disable_allowed Length : min_len:4, max_len:10, stored_len:10 Pad char : 0xFF Reference : 130 (0x82) Type : ascii-numeric Path : 3f005015 AuthKey [Challenge Response Key] Object Flags : [0x3], private, modifiable ID : 02 Derived : 1 SecretKeyID : 01 Private RSA Key [JLUSIGNCERT] Object Flags : [0x3], private, modifiable Usage : [0x6], decrypt, sign Access Flags : [0x9], sensitive, neverExtract ModLength : 2048 Key ref : 1 (0x1) Native : yes Path : 3f00501550724b21 Auth ID : 01 ID : 45 GUID : {6c9dc6ad-b7fa-c10c-0ff7-c385ad72d3f0} Private RSA Key [JLUAUTHCERT] Object Flags : [0x3], private, modifiable Usage : [0x6], decrypt, sign Access Flags : [0x9], sensitive, neverExtract ModLength : 2048 Key ref : 1 (0x1) Native : yes Path : 3f00501550724b22 Auth ID : 01 ID : 46 GUID : {d9fe0a11-3ec7-eda5-ac52-9a721aff8e70} Public RSA Key [JLUSIGNCERT] Object Flags : [0x2], modifiable Usage : [0x41], encrypt, verify Access Flags : [0x0] ModLength : 2048 Key ref : 1 (0x1) Native : no Path : 3f00501550754b21 ID : 45 DirectValue : <absent> Public RSA Key [JLUAUTHCERT] Object Flags : [0x2], modifiable Usage : [0x41], encrypt, verify Access Flags : [0x0] ModLength : 2048 Key ref : 1 (0x1) Native : no Path : 3f00501550754b22 ID : 46 DirectValue : <absent> X.509 Certificate [JLUSIGNCERT] Object Flags : [0x2], modifiable Authority : no Path : 3f00501543044301 ID : 45 GUID : {6c9dc6ad-b7fa-c10c-0ff7-c385ad72d3f0} Encoded serial : 02 07 1599ED6129A5C1 X.509 Certificate [JLUAUTHCERT] Object Flags : [0x2], modifiable Authority : no Path : 3f00501543044302 ID : 46 GUID : {d9fe0a11-3ec7-eda5-ac52-9a721aff8e70} Encoded serial : 02 07 1599ED65D8554B X.509 Certificate [Deutsche Telekom Root CA 2] Object Flags : [0x2], modifiable Authority : no Path : 3f00501543044303 ID : 50 GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} Encoded serial : 02 01 26 X.509 Certificate [DFN-Verein PCA Global - G01] Object Flags : [0x2], modifiable Authority : no Path : 3f00501543044304 ID : 50 GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} Encoded serial : 02 02 00C7 X.509 Certificate [JLUCACERT] Object Flags : [0x2], modifiable Authority : no Path : 3f00501543044305 ID : 50 GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} Encoded serial : 02 04 109C4834 Data object 'cardid' applicationName: cvmd Path: 3f0050156377 Data (16 bytes): 36ED3BC2D4AF7D41A4632F4026C27D6F Data object 'cardcf' applicationName: cvmd Path: 3f0050156378 Data (6 bytes): 010109000A00 Data object 'cardapps' applicationName: cvmd Path: 3f00501544444401 Data (8 bytes): 6D73637000000000 Data object 'mscp\' applicationName: cvmd Path: 3f00501544444402 Data (0 bytes): Data object 'mscp\cmapfile' applicationName: cvmd Path: 3f00501544444403 Data (0 bytes): Data object 'CARDVERSION' applicationName: Path: 3f00501544444404 Data (3 bytes): 322E30 |
|
From: Ludovic R. <lud...@gm...> - 2013-08-03 09:26:56
|
2013/7/26 Johannes Becker <Joh...@hr...>: > Hello, > > > > finally I found time to produce log files for the following problem: > > > > chipcard CardOS V4.3B > > OpenSC 0.13.0 > > > > opensc-explorer fails to verify the PIN: > > > > $ opensc-explorer > > OpenSC Explorer version 0.13.0 > > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > > OpenSC [3F00]> cd 5015 > > OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF:FF:FF > > Unable to verify PIN code: Invalid arguments > > OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF > > Incorrect code. > > OpenSC [3F00/5015]> exit >From your log: 0x7f43e335d700 13:28:27.211 [opensc-explorer] reader-pcsc.c:182:pcsc_internal_transmit: called 0x7f43e335d700 13:28:27.240 [opensc-explorer] apdu.c:185:sc_apdu_log: Incoming APDU data [ 49 bytes] ===================================== 6F 2D 81 02 02 00 82 06 38 B5 00 FE 00 07 83 02 o-......8....... 50 15 84 0C A0 00 00 00 63 50 4B 43 53 2D 31 35 P.......cPKCS-15 85 03 00 2A 6C 86 08 00 05 05 FF FF 73 FF 05 90 ...*l.......s... 00 . ====================================================================== 0x7f43e335d700 13:28:27.240 [opensc-explorer] apdu.c:524:sc_single_transmit: returning with: 0 (Success) 0x7f43e335d700 13:28:27.240 [opensc-explorer] apdu.c:676:sc_transmit: returning with: 0 (Success) 0x7f43e335d700 13:28:27.240 [opensc-explorer] card.c:353:sc_unlock: called 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:321:iso7816_process_fci: processing FCI bytes 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:325:iso7816_process_fci: file identifier: 0x5015 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:338:iso7816_process_fci: bytes in file: 512 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:349:iso7816_process_fci: shareable: no 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:368:iso7816_process_fci: type: DF 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:369:iso7816_process_fci: EF structure: 0 0x7f43e335d700 13:28:27.240 [opensc-explorer] iso7816.c:379:iso7816_process_fci: File name: A0 00 00 00 63 50 4B 43 53 2D 31 35 ....cPKCS-15 0x7f43e335d700 13:28:27.240 [opensc-explorer] card-cardos.c:443:cardos_select_file: returning with: 0 (Success) 0x7f43e335d700 13:28:27.240 [opensc-explorer] card.c:638:sc_select_file: returning with: 0 (Success) 0x7f43e335d700 13:28:35.587 [opensc-explorer] sec.c:157:sc_pin_cmd: called 0x7f43e335d700 13:28:35.587 [opensc-explorer] sec.c:204:sc_pin_cmd: returning with: -1300 (Invalid arguments) The 10-bytes long PIN is rejected by OpenSC, not by the card. Unfortunately we do not have more details. 0x7f43e335d700 13:28:42.835 [opensc-explorer] sec.c:157:sc_pin_cmd: called 0x7f43e335d700 13:28:42.835 [opensc-explorer] apdu.c:687:sc_transmit_apdu: called 0x7f43e335d700 13:28:42.835 [opensc-explorer] card.c:315:sc_lock: called 0x7f43e335d700 13:28:42.835 [opensc-explorer] apdu.c:654:sc_transmit: called 0x7f43e335d700 13:28:42.835 [opensc-explorer] apdu.c:509:sc_single_transmit: called 0x7f43e335d700 13:28:42.835 [opensc-explorer] apdu.c:514:sc_single_transmit: CLA:0, INS:20, P1:0, P2:81, data(8) 0x7fffd3933c60 0x7f43e335d700 13:28:42.835 [opensc-explorer] reader-pcsc.c:249:pcsc_transmit: reader 'Dell Dell Smart Card Reader Keyboard 00 00' 0x7f43e335d700 13:28:42.835 [opensc-explorer] apdu.c:185:sc_apdu_log: Outgoing APDU data [ 13 bytes] ===================================== 00 20 00 81 08 32 33 34 35 36 37 FF FF . ...234567.. ====================================================================== 0x7f43e335d700 13:28:42.835 [opensc-explorer] reader-pcsc.c:182:pcsc_internal_transmit: called 0x7f43e335d700 13:28:42.875 [opensc-explorer] apdu.c:185:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 63 00 c. ====================================================================== The 8-bytes long PIN is correctly sent to the card. You will have to debug from sc_pin_cmd() in sec.c to find why the "long" PIN is rejected. Bye -- Dr. Ludovic Rousseau |
|
From: Martin P. <ma...@ma...> - 2013-05-06 14:29:25
|
On Mon, May 6, 2013 at 10:44 AM, Johannes Becker <Joh...@hr...> wrote: > OpenSC [3F00/5015]> verify CHV129 30:34:35:32:39:31:FF:FF > > Incorrect code. > > OpenSC [3F00/5015]> verify CHV129 30:34:35:32:39:31:FF:FF:FF:FF > > Unable to verify PIN code: Invalid arguments > The PIN is accepted when using Firefox. As said before: do have a peek at the log of an actual verification performed by Firefox. |
|
From: Viktor T. <vik...@gm...> - 2013-05-07 14:17:32
|
Le 06/05/2013 16:28, Martin Paljak a écrit : > On Mon, May 6, 2013 at 10:44 AM, Johannes Becker > <Joh...@hr...> wrote: >> OpenSC [3F00/5015]> verify CHV129 30:34:35:32:39:31:FF:FF >> >> Incorrect code. PIN value is invalid. >> OpenSC [3F00/5015]> verify CHV129 30:34:35:32:39:31:FF:FF:FF:FF >> >> Unable to verify PIN code: Invalid arguments PIN length is invalid Probably the PKCS15 AOF descriptor do not correspond to the real format of your PIN (length, padding character, ...??) . Try to pad PIN value with "00" -- at least it's the padding character in the OpenSC profile for CardOS card.:w >> The PIN is accepted when using Firefox. > As said before: do have a peek at the log of an actual verification > performed by Firefox. Best way. |
|
From: Johannes B. <Joh...@hr...> - 2013-05-17 09:48:56
|
Am Montag 06 Mai 2013 schrieb Martin Paljak <ma...@ma...>: > > As said before: do have a peek at the log of an actual verification > performed by Firefox. Firefox, pkcs11-tool and pkcs15-tool work with the card. They send the pin with lenth 10, padded with FF (see below). It is only opensc-explorer, that doesn't pass the pin with length 10 I guess now I have to learn how to write the certificat to the card using pkcs11-tool I tested with opensc 0.12.2 Johannes ----- 0x7f05005d3700 10:11:20.803 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 15 bytes] ===================================== 00 20 00 81 0A 30 34 35 32 39 31 FF FF FF FF . ...045291.... ====================================================================== 0x7f05005d3700 10:11:20.803 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: 0 (Success) 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] pkcs15-pin.c:509:sc_pkcs15_pincache_add: called 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] pkcs15-pin.c:543:sc_pkcs15_pincache_add: PIN(User Pin) cached 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] card.c:330:sc_unlock: called 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: called 0x7f05005d3700 10:11:20.861 [opensc-pkcs11] pkcs15-pin.c:296:sc_pkcs15_verify_pin: returning with: 0 (Success) |
|
From: Martin P. <ma...@ma...> - 2013-05-24 09:03:47
|
Hello, Keep in mind that opensc-explorer is a "low level tool". Your best option is to compare the actual commands (opensc-explorer -vvv) to what succeeds above (00 20 00 81 0A 30 34 35 32 39 31 FF FF FF FF). Also, if the PKCS#11 module selects some DF-s beforehand, you need to manually do that with opensc-explorer. Martin -- Martin +372 5156495 On Fri, May 17, 2013 at 12:48 PM, Johannes Becker <Joh...@hr...> wrote: > Am Montag 06 Mai 2013 schrieb Martin Paljak <ma...@ma...>: > > > >> > >> As said before: do have a peek at the log of an actual verification > >> performed by Firefox. > > > > Firefox, pkcs11-tool and pkcs15-tool work with the card. > > They send the pin with lenth 10, padded with FF (see below). > > > > It is only opensc-explorer, that doesn't pass the pin with length 10 > > > > I guess now I have to learn how to write the certificat to the card using > pkcs11-tool > > > > I tested with opensc 0.12.2 > > > > Johannes > > > > ----- > > > > 0x7f05005d3700 10:11:20.803 [opensc-pkcs11] apdu.c:184:sc_apdu_log: > > Outgoing APDU data [ 15 bytes] ===================================== > > 00 20 00 81 0A 30 34 35 32 39 31 FF FF FF FF . ...045291.... > > ====================================================================== > > 0x7f05005d3700 10:11:20.803 [opensc-pkcs11] > reader-pcsc.c:176:pcsc_internal_transmit: called > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] apdu.c:184:sc_apdu_log: > > Incoming APDU data [ 2 bytes] ===================================== > > 90 00 .. > > ====================================================================== > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] card.c:330:sc_unlock: called > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning > with: 0 (Success) > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] > pkcs15-pin.c:509:sc_pkcs15_pincache_add: called > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] > pkcs15-pin.c:543:sc_pkcs15_pincache_add: PIN(User Pin) cached > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] card.c:330:sc_unlock: called > > 0x7f05005d3700 10:11:20.856 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: > called > > 0x7f05005d3700 10:11:20.861 [opensc-pkcs11] > pkcs15-pin.c:296:sc_pkcs15_verify_pin: returning with: 0 (Success) |
|
From: Viktor T. <vik...@gm...> - 2013-08-03 19:28:08
|
Hello, Le 26/07/2013 14:17, Johannes Becker a écrit : > > > finally I found time to produce log files for the following problem: > > > > chipcard CardOS V4.3B > > OpenSC 0.13.0 > > > > opensc-explorer fails to verify the PIN: > > > > $ opensc-explorer > > OpenSC Explorer version 0.13.0 > > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > > OpenSC [3F00]> cd 5015 > > OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF:FF:FF > > Unable to verify PIN code: Invalid arguments > > OpenSC [3F00/5015]> verify CHV129 32:33:34:35:36:37:FF:FF > > Incorrect code. > > OpenSC [3F00/5015]> exit > > > > On the other hand pkcs15-tool has no problems with the command > > pkcs15-tool --change-pin --pin 234567 --new-pin 234567 > > > > The log files are > > http://www.uni-giessen.de/~g013/opensc/opensc-explorer.log > > http://www.uni-giessen.de/~g013/opensc/pkcs15-tool.log > > > > Below the output of pkcs15-tool --dump > As it currently implemented, in opensc-explorer, you cannot use 'verify' command to verify CardOS PIN with the length other then 8 bytes. At the low (card driver) level, when there is no info about the PIN max/min, the padding length is set to 8. Card itself do not support (afaik) the 'get-pin-info' facility and the only way to get this info is the PKCS#15 data. That's why it works when PIN is verified in PKCS#15 context. 'Opensc-explorer' is the low level tool, and it do not parse the on-card PKCS#15 data. In opensc-explorer I propose you to not use the 'verify' command but direct 'apdu' one. So that you pass-by the formatting of the PIN data by cardos driver. vtarasov@sequoia:~/projects/sc/github/viktorTarasov-OpenSC$ ./build/bin/opensc-explorer OpenSC Explorer version 0.13.0 Using reader with a card: OmniKey CardMan 3121 01 00 OpenSC [3F00]> cd 5015 OpenSC [3F00/5015]> apdu 00 20 00 83 0A 39 39 39 39 00 00 00 00 00 00 Sending: 00 20 00 83 0A 39 39 39 39 00 00 00 00 00 00 Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/5015]> > > Regards > > Johannes > Kind wishes, Viktor. > > > > > > > pkcs15-tool --dump > > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > > PKCS#15 Card [Test Card]: > > Version : 0 > > Serial number : 7BFF203BF6052E35 > > Manufacturer ID: cv cryptovision gmbh (c) v1.0n > > Flags : Login required, PRN generation, EID compliant > > > > PIN [User Pin] > > Object Flags : [0x3], private, modifiable > > Auth ID : 02 > > ID : 01 > > Flags : [0x133], case-sensitive, local, initialized, needs-padding, disable_allowed > > Length : min_len:4, max_len:10, stored_len:10 > > Pad char : 0xFF > > Reference : 129 (0x81) > > Type : ascii-numeric > > Path : 3f005015 > > > > PIN [SO Pin] > > Object Flags : [0x3], private, modifiable > > ID : 02 > > Flags : [0x1BB], case-sensitive, local, unblock-disabled, initialized, needs-padding, soPin, disable_allowed > > Length : min_len:4, max_len:10, stored_len:10 > > Pad char : 0xFF > > Reference : 130 (0x82) > > Type : ascii-numeric > > Path : 3f005015 > > > > AuthKey [Challenge Response Key] > > Object Flags : [0x3], private, modifiable > > ID : 02 > > Derived : 1 > > SecretKeyID : 01 > > > > Private RSA Key [JLUSIGNCERT] > > Object Flags : [0x3], private, modifiable > > Usage : [0x6], decrypt, sign > > Access Flags : [0x9], sensitive, neverExtract > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : yes > > Path : 3f00501550724b21 > > Auth ID : 01 > > ID : 45 > > GUID : {6c9dc6ad-b7fa-c10c-0ff7-c385ad72d3f0} > > > > Private RSA Key [JLUAUTHCERT] > > Object Flags : [0x3], private, modifiable > > Usage : [0x6], decrypt, sign > > Access Flags : [0x9], sensitive, neverExtract > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : yes > > Path : 3f00501550724b22 > > Auth ID : 01 > > ID : 46 > > GUID : {d9fe0a11-3ec7-eda5-ac52-9a721aff8e70} > > > > Public RSA Key [JLUSIGNCERT] > > Object Flags : [0x2], modifiable > > Usage : [0x41], encrypt, verify > > Access Flags : [0x0] > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : no > > Path : 3f00501550754b21 > > ID : 45 > > DirectValue : <absent> > > > > Public RSA Key [JLUAUTHCERT] > > Object Flags : [0x2], modifiable > > Usage : [0x41], encrypt, verify > > Access Flags : [0x0] > > ModLength : 2048 > > Key ref : 1 (0x1) > > Native : no > > Path : 3f00501550754b22 > > ID : 46 > > DirectValue : <absent> > > > > X.509 Certificate [JLUSIGNCERT] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044301 > > ID : 45 > > GUID : {6c9dc6ad-b7fa-c10c-0ff7-c385ad72d3f0} > > Encoded serial : 02 07 1599ED6129A5C1 > > X.509 Certificate [JLUAUTHCERT] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044302 > > ID : 46 > > GUID : {d9fe0a11-3ec7-eda5-ac52-9a721aff8e70} > > Encoded serial : 02 07 1599ED65D8554B > > X.509 Certificate [Deutsche Telekom Root CA 2] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044303 > > ID : 50 > > GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} > > Encoded serial : 02 01 26 > > X.509 Certificate [DFN-Verein PCA Global - G01] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044304 > > ID : 50 > > GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} > > Encoded serial : 02 02 00C7 > > X.509 Certificate [JLUCACERT] > > Object Flags : [0x2], modifiable > > Authority : no > > Path : 3f00501543044305 > > ID : 50 > > GUID : {6f74f832-4ebb-257d-0ae1-97ad6b19b2ae} > > Encoded serial : 02 04 109C4834 > > Data object 'cardid' > > applicationName: cvmd > > Path: 3f0050156377 > > Data (16 bytes): 36ED3BC2D4AF7D41A4632F4026C27D6F > > Data object 'cardcf' > > applicationName: cvmd > > Path: 3f0050156378 > > Data (6 bytes): 010109000A00 > > Data object 'cardapps' > > applicationName: cvmd > > Path: 3f00501544444401 > > Data (8 bytes): 6D73637000000000 > > Data object 'mscp\' > > applicationName: cvmd > > Path: 3f00501544444402 > > Data (0 bytes): > > Data object 'mscp\cmapfile' > > applicationName: cvmd > > Path: 3f00501544444403 > > Data (0 bytes): > > Data object 'CARDVERSION' > > applicationName: > > Path: 3f00501544444404 > > Data (3 bytes): 322E30 > > > > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel |
|
From: Johannes B. <Joh...@hr...> - 2013-08-05 11:08:30
|
Hello, Am Samstag 03 August 2013 schrieb Viktor Tarasov <vik...@gm...>: > In opensc-explorer I propose you to not use the 'verify' command but direct 'apdu' one. Thanks, that works! I could log in and I could overwrite a certificate. Now there's a new problem. I cannot delete the certificate from the card and therefore I cannot set a new certificate length. This is what happens: OpenSC Explorer version 0.13.0 Using reader with a card: KOBIL KAAN Advanced (E_043208292) 02 00 OpenSC [3F00]> cd 5015 OpenSC [3F00/5015]> cd 4304 OpenSC [3F00/5015/4304]> apdu 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF Sending: 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/5015/4304]> rm 4302 DELETE FILE failed: Unsupported INS byte in APDU I put the log for this to http://www.uni-giessen.de/~g013/opensc/remove-fails.log @Ludovic: Unfortunately I don't know how to debug in sec.c . Kind regards Johannes |
|
From: Viktor T. <vik...@gm...> - 2013-08-06 08:44:08
|
Strange. I don't sufficiently know this card. Have no this kind of problems with the one that I have -- also CardOS 4.3b. Does it formatted with OpenSC? Question aside, why do you manually erase the certificate file? After that you will need, also manually, update the PKCS#15 CDF data? Would it be better for you to use the pkcs15-init tool? It knows what to do with these data. On Mon, Aug 5, 2013 at 1:07 PM, Johannes Becker < Joh...@hr...> wrote: > ** > > Hello, > > > > Am Samstag 03 August 2013 schrieb Viktor Tarasov <vik...@gm... > >: > > > > > In opensc-explorer I propose you to not use the 'verify' command but > direct 'apdu' one. > > > > Thanks, that works! > > I could log in and I could overwrite a certificate. > > > > Now there's a new problem. I cannot delete the certificate from the card > > and therefore I cannot set a new certificate length. > > > > This is what happens: > > > > OpenSC Explorer version 0.13.0 > > Using reader with a card: KOBIL KAAN Advanced (E_043208292) 02 00 > > OpenSC [3F00]> cd 5015 > > OpenSC [3F00/5015]> cd 4304 > > OpenSC [3F00/5015/4304]> apdu 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF > > Sending: 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF > > Received (SW1=0x90, SW2=0x00) > > Success! > > OpenSC [3F00/5015/4304]> rm 4302 > > DELETE FILE failed: Unsupported INS byte in APDU > > > > I put the log for this to > > http://www.uni-giessen.de/~g013/opensc/remove-fails.log > > > > @Ludovic: > > Unfortunately I don't know how to debug in sec.c . > > > > Kind regards > > Johannes > > > > > ------------------------------------------------------------------------------ > Get your SQL database under version control now! > Version control is standard for application code, but databases havent > caught up. So what steps can you take to put your SQL databases under > version control? Why should you start doing it? Read more to find out. > http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > |
|
From: Johannes B. <Joh...@hr...> - 2013-08-06 09:53:10
|
Am Dienstag 06 August 2013 schrieb Viktor Tarasov: > Strange. I don't sufficiently know this card. > Have no this kind of problems with the one that I have -- also CardOS 4.3b. > > Does it formatted with OpenSC? No, it's formatted by cryptovision. I have a log of cryptovision's scManger replacing the certificate: http://www.uni-giessen.de/~g013/opensc/scMan-Import-Cert.txt There you have the line 00000050 APDU: 00 E4 00 00 02 43 02 which - I presume - deletes the file 4302. If I try to send this apdu with opensc-explorer, I again get the INS-error: $ opensc-explorer OpenSC Explorer version 0.13.0 Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 OpenSC [3F00]> cd 5015 OpenSC [3F00/5015]> cd 4304 OpenSC [3F00/5015/4304]> apdu 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF Sending: 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/5015/4304]> apdu 00 E4 00 00 02 43 02 Sending: 00 E4 00 00 02 43 02 Received (SW1=0x6D, SW2=0x00) Failure: Unsupported INS byte in APDU > Question aside, > why do you manually erase the certificate file? After that you will need, > also manually, update the PKCS#15 CDF data? > Would it be better for you to use the pkcs15-init tool? It knows what to do > with these data. > There the PIN is not accepted: $ pkcs15-init --pin 234567 --id 46 --update-certificate Testperson1117-46.pem Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 Failed to store data object: PIN code or key incorrect I suppose this is because the maximal PIN length is 10. Kind regards Johannes |
|
From: Andreas S. <and...@ca...> - 2013-08-06 10:33:02
|
With CardOS you always need to switch to ADMINSTRATIVE mode before you can delete or create files: Try issuing a 80 10 00 00 before the delete. And btw: If the card has been personalized using crytovision's scManager, then there is not guarantee that the PKCS15 structure is compatible with OpenSC. Reading a CV PKCS15 structure might work with OpenSC, but updates to the PKCS15 structure and then reading it again with the CV middleware will most likely fail. Andreas Schwier On 08/06/2013 11:52 AM, Johannes Becker wrote: > Am Dienstag 06 August 2013 schrieb Viktor Tarasov: >> Strange. I don't sufficiently know this card. >> Have no this kind of problems with the one that I have -- also CardOS 4.3b. >> >> Does it formatted with OpenSC? > > No, it's formatted by cryptovision. > I have a log of cryptovision's scManger replacing the certificate: > http://www.uni-giessen.de/~g013/opensc/scMan-Import-Cert.txt > > There you have the line > 00000050 APDU: 00 E4 00 00 02 43 02 > which - I presume - deletes the file 4302. > > If I try to send this apdu with opensc-explorer, I again get the INS-error: > $ opensc-explorer > OpenSC Explorer version 0.13.0 > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > OpenSC [3F00]> cd 5015 > OpenSC [3F00/5015]> cd 4304 > OpenSC [3F00/5015/4304]> apdu 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF > Sending: 00 20 00 81 0A 32 33 34 35 36 37 FF FF FF FF > Received (SW1=0x90, SW2=0x00) > Success! > OpenSC [3F00/5015/4304]> apdu 00 E4 00 00 02 43 02 > Sending: 00 E4 00 00 02 43 02 > Received (SW1=0x6D, SW2=0x00) > Failure: Unsupported INS byte in APDU > > > >> Question aside, >> why do you manually erase the certificate file? After that you will need, >> also manually, update the PKCS#15 CDF data? >> Would it be better for you to use the pkcs15-init tool? It knows what to do >> with these data. >> > > There the PIN is not accepted: > > $ pkcs15-init --pin 234567 --id 46 --update-certificate Testperson1117-46.pem > Using reader with a card: Dell Dell Smart Card Reader Keyboard 00 00 > Failed to store data object: PIN code or key incorrect > > I suppose this is because the maximal PIN length is 10. > > Kind regards > Johannes > > > > > ------------------------------------------------------------------------------ > Get your SQL database under version control now! > Version control is standard for application code, but databases havent > caught up. So what steps can you take to put your SQL databases under > version control? Why should you start doing it? Read more to find out. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Johannes B. <Joh...@hr...> - 2013-08-27 10:45:06
|
Am Dienstag, 6. August 2013 schrieb Andreas Schwier <and...@ca...>: > With CardOS you always need to switch to ADMINSTRATIVE mode before you > can delete or create files: > > Try issuing a > > 80 10 00 00 > > before the delete. That works. Thank you very much! > And btw: If the card has been personalized using crytovision's > scManager, then there is not guarantee that the PKCS15 structure is > compatible with OpenSC. Reading a CV PKCS15 structure might work with > OpenSC, but updates to the PKCS15 structure and then reading it again > with the CV middleware will most likely fail. Yes. But it seems that after a certificate update you can go on using the card with opensc. I hope, there are no more traps... Regards Johannes |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X