Carlos Vásquez | 29 Jan 05:42 2015
Picon

Costa Rica eID card

Hi,

I am trying to use my eID card from the Costa Rican goverment, but the
card is not recognized. It seams that there is no driver for this kind
of card. Can someone help me make one?

Some commands output:

[carlos-vasquez <at> thinkpad-x1 ~]$ opensc-tool --atr
Using reader with a card: Athena ASE IIIe [CCID Bulk Interface] 00 00
3b:dc:18:ff:80:91:fe:1f:c3:80:73:c8:21:13:66:01:0b:03:52:00:05:39

[carlos-vasquez <at> thinkpad-x1 ~]$ pcsc_scan
PC/SC device scanner
V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau <at> free.fr>
Compiled with PC/SC lite version: 1.8.12
Using reader plug'n play mechanism
Scanning present readers...
0: Athena ASE IIIe [CCID Bulk Interface] 00 00

Wed Jan 28 22:39:36 2015
Reader 0: Athena ASE IIIe [CCID Bulk Interface] 00 00
  Card state: Card inserted,
  ATR: 3B DC 18 FF 80 91 FE 1F C3 80 73 C8 21 13 66 01 0B 03 52 00 05 39

ATR: 3B DC 18 FF 80 91 FE 1F C3 80 73 C8 21 13 66 01 0B 03 52 00 05 39
+ TS = 3B --> Direct Convention
+ T0 = DC, Y(1): 1101, K: 12 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
(Continue reading)

Linda Yu | 28 Jan 22:37 2015

Seeking recommendation of any NFC compliant smart card reader

Hi,

I have a ACS ACR122u reader and failed making it work on either VMware
(Ubuntu 14.04 LTS) or native Ubuntu without VM. In VMware, pcsc_scan worked
fine with ATR returned, but opensc-tool failed with the error of "Failed to
connect to card: Unresponsive card". In native Ubuntu, it was worse.
pcsc_scan didn't work (not even detecting the same reader). 

Did anyone make a NFC compliant PC/SC reader work recently? If you did,
could you provide the detailed info about your platform and
middleware/driver version numbers?

Many thanks!

--
View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093.html
Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
Frank Morgner | 28 Jan 15:29 2015
Picon

Fixes for Problems reported by Coverity Scan

I took two days to workt though the coverity scan report. And, to be
honest, the results were *devastating*. I fixed a number of low, medium
and high impact problems, some of them were part of the libraries for
years [1].

We need to work through:
1. Fixing the rest of the problems (there are still many problems left)
2. Prepare a new release
3. Add warning-free compilation to the coding guidelines
4. Add static code analysis to CI for all PRs (e.g. by enforcing an
   error free run of cppcheck)

[1] https://github.com/OpenSC/OpenSC/pull/366

--

-- 
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
(Continue reading)

Andreas Kemnade | 27 Jan 21:08 2015

[PATCH] handle record-based files correctly when doing file caching

---
 src/tools/pkcs15-tool.c |   46 +++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 41 insertions(+), 5 deletions(-)

diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c
index 603a753..42d7d4c 100644
--- a/src/tools/pkcs15-tool.c
+++ b/src/tools/pkcs15-tool.c
 <at>  <at>  -1515,11 +1515,47  <at>  <at>  static int read_and_cache_file(const sc_path_t *path)
 		printf("out of memory!");
 		return -1;
 	}
-	r = sc_read_binary(card, 0, buf, size, 0);
-	if (r < 0) {
-		fprintf(stderr, "sc_read_binary() failed: %s\n", sc_strerror(r));
-		free(buf);
-		return -1;
+	if (tfile->ef_structure == SC_FILE_EF_LINEAR_VARIABLE_TLV) {
+		int i;
+		size_t l, record_len;
+		unsigned char *head = buf;
+
+		for (i=1;  ; i++) {
+			l = size - (head - buf);
+			if (l > 256) { l = 256; }
+			r = sc_read_record(p15card->card, i, head, l, SC_RECORD_BY_REC_NR);
+			if (r == SC_ERROR_RECORD_NOT_FOUND) {
+				r = 0;
+				break;
+			}
(Continue reading)

sarat | 27 Jan 16:08 2015

data flow from API level to the driver level

Hi All,

 

I’m looking into the code to understand the flow of pkcs11.

What I understand is pkcs11-global.c implements pkcs11 functionalities and the function pointers of pkcs11 are defined in sc-pkcs11.h. My doubt is how exactly from which part of the code the CCID driver calls are being made.  Let’s take a simple example say if I want to verify the PIN of my smartcard, can someone please let me know the flow interms of function calls till to the driver level.

Please let me know if any clarification or details are needed on the question I’m asking.

Thank you.

 

Regards,

Sarat G

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Michael Heydemann | 22 Jan 19:35 2015
Picon

OpenSC Build System

Hello OpenSC Development Team,

I am not sure who has knowledge about the build system,
therefore I post at the list.
I am trying to build and package OpenSC for Windows 7 32bit and 64bit.
Therefore I followed the official instructions reachable in the internet.

First I tried to build in a Windows 7 Environment.
Somehow I could not get this done.
The ./bootstap freezes the command line when libtoolize starts working.
And downloading many Gigs for the necessary tooling felt not quite handy.

As I am more a Linux friend, I tried with Ubuntu 14.04.1 64bit.
I cross-compiled successfully for Win 32 and Win 64.
But I am not sure, if the binaries will run.
This is what I have done:

************************************************************************************************************************
sudo apt-get install wine gcc-mingw-w64-x86-64 docbook-xsl autoconf automake libtool
libpcsclite-dev patch nsis git

git clone https://github.com/OpenSC/OpenSC.git

libopensc.exports -> remove iasecc_sdo_encode_update_field (otherwise does not link)

./bootstrap

32 Bit:
./configure --prefix=/usr/i686-w64-mingw32 --host=i686-w64-mingw32 --build=x86_64-linux --disable-doc

64 Bit:
./configure --prefix=/usr/x86_64-w64-mingw32 --host=x86_64-w64-mingw32 --build=x86_64-linux --disable-doc

make
************************************************************************************************************************

Now, I have several DLL and EXE files distributed  in the /src/* directories.
The /win32 directory seems to be outdated, because the scrips try to checkout from an non-existing svn server.

I wonder how to get all the stuff in an EXE or MSI?
How is this working on the continues integration server?

Kind Regards,
Michael
Attachment (smime.p7s): application/pkcs7-signature, 4936 bytes
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Douglas E Engert | 19 Jan 17:26 2015
Picon

Re: AT_SIGNATURE and AT_EXCHANGE Problem

[I should have sent this to the opensc-devel, as others can address some of your questions
about the state of the muscle applet and isoapplet].

No, That fix was for the card-itacns.c, you are using the card-muscle.c.

Some equivalent code needs to be added to card-muscle.c, to use what ever information is available that
windows could use to uniquely identify the card. This is then stored with the certificates in the windows store.
At a later time, windows uses certificates from the store and can then prompt to have the card mounted, so it
can use the
matching key on the card.

You or someone else that can test a mod to card-muscle.c could submit a code change.

There are 33 card-*.c files, 24 support SC_CARDCTL_GET_SERIALNR. 11 do not.

card-belpic.c
card-default.c
card-gemsafeV1.c
card-ias.c
card-incrypto34.c
card-jcop.c
card-mcrd.c
card-miocos.c
card-muscle.c
card-setcos.c
iso7816.c

Cards that support SC_CARDCTL_GET_SERIALNR
card-acos5.c
card-akis.c
card-asepcos.c
card-atrust-acos.c
card-authentic.c
card-cardos.c
card-dnie.c
card-entersafe.c
card-epass2003.c
card-flex.c
card-gpk.c
card-iasecc.c
card-itacns.c
card-myeid.c
card-oberthur.c
card-openpgp.c
card-piv.c
card-rtecp.c
card-rutoken.c
card-sc-hsm.c
card-starcos.c
card-tcos.c
card-westcos.c

To answer some other questions you asked is a private e-mail:

iso7816.c which implements the basic ISO commands does not support and card_ctl commands.
I believe that the IsoApplet is designed to use the iso7816.c I am not sure if the concept of
a unique "serial number" is part of ISO7816.

I also don't know the state of the muscle applet, or if it has something that can be used as a serial number either.

On 1/19/2015 8:37 AM, Michael Heydemann wrote:
> WOW.. Thank you a lot.. I think I owe you a beer..
>
> I checked the fix is from November last year, and the 0.14 version is from summer lat year.
> Does this mean, that the nightly build could fix this?
> What version I should pull/download?
>
> Thank you a lot,
> Michael
>
>> Am 19.01.2015 um 14:35 schrieb Douglas E Engert <deengert <at> gmail.com>:
>>
>> This is the same problem as:
>>
>>   https://github.com/OpenSC/OpenSC/pull/321
>>
>>
>> 2015-01-19 09:49:34.203 [cardmod] card.c:720:sc_card_ctl: called
>> 2015-01-19 09:49:34.203 card_ctl(5) not supported
>>
>> The card-muscle.c (and others in OpenSC) does not support SC_CARDCTL_GET_SERIALNR
>> to get a card "serial number" which windows requires.
>>
>>
>>
>> On 1/19/2015 3:30 AM, Michael Heydemann wrote:
>>> Dear OpenSC Development Team,
>>>
>>> First of all, I would like to say that I really appreciate your great work.
>>> I am working on a little project and explored all the nice tools of OpenSC.
>>> Unfortunately since one week I cannot get around a certain problem.
>>> I hope this mailing list is the right place and you can help me with that.
>>>
>>> My project is about  (1) setting up a PKCS#11 key store on a Java Card,
>>> (2 ) loading some test data (keys and certificates) on it, and (3) using the card
>>> with the Windows 7 Key Management.
>>>
>>> Hardware:
>>> * Card Reader: Omnikey 3121USB
>>> * Java Card: J2A080 - NXP, 80k
>>>
>>> (1) Setting up PKCS#11 key store:
>>> I have installed Ubuntu 14.04.1 in VirtualBox and wrote a bunch of bash scripts
>>> to install all required software, installing muscle applet to the card, and
>>> removing the muscle applet from the card. I followed the instructions on
>>> _http://blog.ev0ke.net/muscle-jcop/_ and everything worked well.
>>>
>>> (2) Loading some test data:
>>> I tried some different ways to get some keys and certificates on the card.
>>> None of them delivered data which is accepted by Windows 7.
>>> Here is one set of data I created:
>>>
>>> ***************************************************************************************
>>> Using reader with a card: OMNIKEY CardMan (076B:3022) 3021 00 00
>>> PKCS#15 Card [MUSCLE]:
>>> Version        : 0
>>> Serial number  : 0000
>>> Manufacturer ID: Identity Alliance
>>> Last update    : 20150119080705Z
>>> Flags          : EID compliant
>>>
>>> PIN [User PIN]
>>> Object Flags   : [0x3], private, modifiable
>>> ID             : 01
>>> Flags          : [0x10], initialized
>>> Length         : min_len:4, max_len:8, stored_len:8
>>> Pad char       : 0x00
>>> Reference      : 1
>>> Type           : ascii-numeric
>>> Path           : 3f005015
>>>
>>> Private RSA Key [Card Owner]
>>> Object Flags   : [0x3], private, modifiable
>>> Usage          : [0x2E], decrypt, sign, signRecover, unwrap
>>> Access Flags   : [0x0]
>>> ModLength      : 1024
>>> Key ref        : 0 (0x0)
>>> Native         : yes
>>> Path           : 3f005015
>>> Auth ID        : 01
>>> ID             : 01
>>>
>>> Public RSA Key [Card Owner]
>>> Object Flags   : [0x2], modifiable
>>> Usage          : [0xD1], encrypt, wrap, verify, verifyRecover
>>> Access Flags   : [0x0]
>>> ModLength      : 1024
>>> Key ref        : 0
>>> Native         : no
>>> Path           : 3f0050153000
>>> ID             : 01
>>>
>>> X.509 Certificate [Card Owner Certificate]
>>> Object Flags   : [0x2], modifiable
>>> Authority      : no
>>> Path           : 3f0050153100
>>> ID             : 01
>>> Encoded serial : 02 09 00F695059953A904F9
>>>
>>> X.509 Certificate [Contact 2 Certificate]
>>> Object Flags   : [0x2], modifiable
>>> Authority      : no
>>> Path           : 3f0050153101
>>> ID             : 02
>>> Encoded serial : 02 09 00F695059953A904F9
>>>
>>> X.509 Certificate [Contact 3 Certificate]
>>> Object Flags   : [0x2], modifiable
>>> Authority      : no
>>> Path           : 3f0050153102
>>> ID             : 03
>>> Encoded serial : 02 09 00F695059953A904F9
>>>
>>> X.509 Certificate [Contact 4 Certificate]
>>> Object Flags   : [0x2], modifiable
>>> Authority      : no
>>> Path           : 3f0050153103
>>> ID             : 04
>>> Encoded serial : 02 09 00F695059953A904F9
>>>
>>> X.509 Certificate [Contact 5 Certificate]
>>> Object Flags   : [0x2], modifiable
>>> Authority      : no
>>> Path           : 3f0050153104
>>> ID             : 05
>>> Encoded serial : 02 09 00F695059953A904F9
>>> ***************************************************************************************
>>>
>>> (3) Using the card in Windows 7:
>>> I installed Windows 7  64 Bit in a VirtualBox and installed
>>> OpenSC-0.12.2-win64.msi. I also tried OpenSC-0.14.0-win64.msi,
>>> but with same result.
>>> I acquired the ATR of the card and properly installed my opens-minidriver.inf:
>>>
>>> ***************************************************************************************
>>> [Version]
>>> Signature="$Windows NT$"
>>> Class=SmartCard
>>> ClassGuid={990A2BD7-E738-46c7-B26F-1CF8FB9F1391}
>>> Provider=%ProviderName%
>>> CatalogFile=delta.cat
>>> DriverVer=05/02/2010, <at> OPENSC_VERSION_MAJOR <at> , <at> OPENSC_VERSION_MINOR <at> , <at> OPENSC_VERSION_FIX <at> ,0
>>>
>>> [Manufacturer]
>>> %ProviderName%=Minidriver,NTamd64,NTamd64.6.1,NTx86,NTx86.6.1
>>>
>>> [Minidriver.NTamd64]
>>> %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000
>>>
>>> [Minidriver.NTx86]
>>> %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000
>>>
>>> [Minidriver.NTamd64.6.1]
>>> %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000
>>>
>>> [Minidriver.NTx86.6.1]
>>> %CardDeviceName%=Minidriver32_61_Install,SCFILTER\CID_00640181010c829000
>>>
>>> [DefaultInstall]
>>> CopyFiles=x86_CopyFiles
>>> AddReg=AddRegDefault
>>>
>>> [DefaultInstall.ntamd64]
>>> CopyFiles=amd64_CopyFiles
>>> CopyFiles=wow64_CopyFiles
>>> AddReg=AddRegWOW64
>>> AddReg=AddRegDefault
>>>
>>> [DefaultInstall.NTx86]
>>> CopyFiles=x86_CopyFiles
>>> AddReg=AddRegDefault
>>>
>>> [DefaultInstall.ntamd64.6.1]
>>> AddReg=AddRegWOW64
>>> AddReg=AddRegDefault
>>>
>>> [DefaultInstall.NTx86.6.1]
>>> AddReg=AddRegDefault
>>>
>>> [SourceDisksFiles]
>>> %SmartCardCardModule%=1
>>> %SmartCardCardModule64%=1
>>>
>>> [SourceDisksNames]
>>> 1 = %MediaDescription%
>>>
>>> [Minidriver64_Install.NT]
>>> CopyFiles=amd64_CopyFiles
>>> CopyFiles=wow64_CopyFiles
>>> AddReg=AddRegWOW64
>>> AddReg=AddRegDefault
>>>
>>> [Minidriver64_61_Install.NT]
>>> AddReg=AddRegWOW64
>>> AddReg=AddRegDefault
>>> Include=umpass.inf
>>> Needs=UmPass
>>>
>>> [Minidriver32_Install.NT]
>>> CopyFiles=x86_CopyFiles
>>> AddReg=AddRegDefault
>>>
>>> [Minidriver32_61_Install.NT]
>>> AddReg=AddRegDefault
>>> Include=umpass.inf
>>> Needs=UmPass
>>>
>>> [Minidriver64_61_Install.NT.Services]
>>> Include=umpass.inf
>>> Needs=UmPass.Services
>>>
>>> [Minidriver32_61_Install.NT.Services]
>>> Include=umpass.inf
>>> Needs=UmPass.Services
>>>
>>>
>>> [Minidriver64_61_Install.NT.HW]
>>> Include=umpass.inf
>>> Needs=UmPass.HW
>>>
>>> [Minidriver64_61_Install.NT.CoInstallers]
>>> Include=umpass.inf
>>> Needs=UmPass.CoInstallers
>>>
>>>
>>> [Minidriver64_61_Install.NT.Interfaces]
>>> Include=umpass.inf
>>> Needs=UmPass.Interfaces
>>>
>>>
>>> [Minidriver32_61_Install.NT.HW]
>>> Include=umpass.inf
>>> Needs=UmPass.HW
>>>
>>> [Minidriver32_61_Install.NT.CoInstallers]
>>> Include=umpass.inf
>>> Needs=UmPass.CoInstallers
>>>
>>>
>>> [Minidriver32_61_Install.NT.Interfaces]
>>> Include=umpass.inf
>>> Needs=UmPass.Interfaces
>>>
>>>
>>> [amd64_CopyFiles]
>>> ;%SmartCardCardModule%,%SmartCardCardModule64%
>>>
>>> [x86_CopyFiles]
>>> ;%SmartCardCardModule%
>>>
>>> [wow64_CopyFiles]
>>> ;%SmartCardCardModule64%
>>>
>>> [AddRegWOW64]
>>> HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3b,f8,13,00,00,81,31,fe,45,4A,43,4f,50,76,32,34,31,b7
>>> HKLM, %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>>> HKLM, %SmartCardNameWOW64%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider"
>>> HKLM, %SmartCardNameWOW64%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card
Key Storage Provider"
>>> HKLM, %SmartCardNameWOW64%,"80000001",0x00000000,%SmartCardCardModule64%
>>>
>>> [AddRegDefault]
>>> HKLM, %SmartCardName%,"ATR",0x00000001,3b,f8,13,00,00,81,31,fe,45,4A,43,4f,50,76,32,34,31,b7
>>> HKLM, %SmartCardName%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>>> HKLM, %SmartCardName%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider"
>>> HKLM, %SmartCardName%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key
Storage Provider"
>>> HKLM, %SmartCardName%,"80000001",0x00000000,%SmartCardCardModule%
>>>
>>> [DestinationDirs]
>>> amd64_CopyFiles=10,system32
>>> x86_CopyFiles=10,system32
>>> wow64_CopyFiles=10,syswow64
>>>
>>>
>>> ; =================== Generic ==================================
>>>
>>> [Strings]
>>> ProviderName =„OpenSC"
>>> MediaDescription=„OpenSC Card Minidriver Installation Disk"
>>> CardDeviceName=„Muscle Card"
>>> SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Muscle Card"
>>>
SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Muscle Card"
>>> SmartCardCardModule="opensc-minidriver.dll"
>>> ***************************************************************************************
>>>
>>> When the card is inserted the driver is used as shown in device manager
>>> as well as in certutil.exe.
>>> Now here is the actual problem:
>>> When I try to use the card with certutil.exe -SCinfo  several times a dialog pops up
>>> complaining that the card does not have the required functions.
>>> The terminal output is like this. I am sorry for pasting this in german.
>>> I added some translations:
>>>
>>> ***************************************************************************************
>>> Microsoft Windows [Version 6.1.7601]
>>> Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
>>>
>>> C:\Users\developer>certutil -scinfo
>>> Die Microsoft Smartcard-Ressourcenverwaltung wird ausgef¸hrt.
>>> Aktueller Leser-/Kartenstatus: (Current Reader/Card Status)
>>> Leser: 1 (Reader: 1)
>>>    0: OMNIKEY CardMan 3x21 0
>>> --- Leser: OMNIKEY CardMan 3x21 0 (Reader)
>>> --- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
>>> --- Status: Die Smartcard kann verwendet werden.
>>> ---  Karte: Muscle Card
>>> ---    ATR:
>>>          3b f8 13 00 00 81 31 fe  45 4a 43 4f 50 76 32 34   ;.....1.EJCOPv24
>>>          31 b7                                              1.
>>>
>>>
>>> =======================================================
>>> Karte im Leser wird analysiert: OMNIKEY CardMan 3x21 0 (Trans: The card in the reader is being analized)
>>>
>>> --------------===========================--------------
>>> ================ Zertifikat 0 ================ (Trans: Certificate 0)
>>> --- Leser: OMNIKEY CardMan 3x21 0 (Reader)
>>> ---  Karte: Muscle Card
>>> Anbieter = Microsoft Base Smart Card Crypto Provider
>>> Schl¸sselcontainer = (null) [Standardcontainer] (Trans: standard container)
>>>
>>> Schl¸ssel "AT_SIGNATURE" kann nicht geˆffnet werden f¸r Leser: OMNIKEY CardMan 3 (Trans:  Key
„AT_SIGNATURE“ could not be opened)
>>> x21 0
>>> Schl¸ssel "AT_KEYEXCHANGE" kann nicht geˆffnet werden f¸r Leser: OMNIKEY CardMan (Trans:  Key
„AT_SIGNATURE“ could not be opened)
>>>   3x21 0
>>>
>>> --------------===========================--------------
>>> ================ Zertifikat 0 ================
>>> --- Leser: OMNIKEY CardMan 3x21 0
>>> ---  Karte: Smart Security Device (Brainchild)
>>> Anbieter = Microsoft Smart Card Key Storage Provider
>>> Schl¸sselcontainer = (null) [Standardcontainer]
>>>
>>> Schl¸ssel "" kann nicht geˆffnet werden f¸r Leser: OMNIKEY CardMan 3x21 0 (Trans:  Key „“ cound
not be opened)
>>>
>>> --------------===========================--------------
>>>
>>> Fertig.
>>> CertUtil: -SCInfo-Befehl wurde erfolgreich ausgef¸hrt. (Trans: -SCinfo command has been executed
with success)
>>> ***************************************************************************************
>>>
>>> I also configured to use a log file in opensc.conf and debug level 9.
>>> Unfortunately the file is about 2.5 MB. I try to add it as an attachment to this mail,
>>> but I am not sure if this is working with a mailing list.
>>>
>>>
>>>
>>>
>>>
>>>
>>> I already inspected the log, but found nothing suspicious.
>>> I think maybe there have to be a private key to be marked
>>> for use as AT_SIGNATURE and one for AT_EXCHANGE.
>>> But how?
>>>
>>> Or maybe I am completely wrong and something different is going wrong.
>>>
>>> Any help would be appreciated!
>>>
>>> Best Regards,
>>> Michael
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>>> GigeNET is offering a free month of service with a new server in Ashburn.
>>> Choose from 2 high performing configs, both with 100TB of bandwidth.
>>> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
>>> http://p.sf.net/sfu/gigenet
>>>
>>>
>>>
>>> _______________________________________________
>>> Opensc-devel mailing list
>>> Opensc-devel <at> lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>>
>> --
>>
>>   Douglas E. Engert  <DEEngert <at> gmail.com>
>>
>>
>> ------------------------------------------------------------------------------
>> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
>> GigeNET is offering a free month of service with a new server in Ashburn.
>> Choose from 2 high performing configs, both with 100TB of bandwidth.
>> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
>> http://p.sf.net/sfu/gigenet
>> _______________________________________________
>> Opensc-devel mailing list
>> Opensc-devel <at> lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

-- 

  Douglas E. Engert  <DEEngert <at> gmail.com>

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
Michael Heydemann | 19 Jan 10:30 2015
Picon

AT_SIGNATURE and AT_EXCHANGE Problem

Dear OpenSC Development Team,

First of all, I would like to say that I really appreciate your great work.
I am working on a little project and explored all the nice tools of OpenSC.
Unfortunately since one week I cannot get around a certain problem.
I hope this mailing list is the right place and you can help me with that.

My project is about  (1) setting up a PKCS#11 key store on a Java Card,
(2 ) loading some test data (keys and certificates) on it, and (3) using the card
with the Windows 7 Key Management.

Hardware: 
* Card Reader: Omnikey 3121USB
* Java Card: J2A080 - NXP, 80k

(1) Setting up PKCS#11 key store:
I have installed Ubuntu 14.04.1 in VirtualBox and wrote a bunch of bash scripts
to install all required software, installing muscle applet to the card, and 
removing the muscle applet from the card. I followed the instructions on
http://blog.ev0ke.net/muscle-jcop/ and everything worked well.

(2) Loading some test data:
I tried some different ways to get some keys and certificates on the card.
None of them delivered data which is accepted by Windows 7.
Here is one set of data I created:

***************************************************************************************
Using reader with a card: OMNIKEY CardMan (076B:3022) 3021 00 00
PKCS#15 Card [MUSCLE]:
Version        : 0
Serial number  : 0000
Manufacturer ID: Identity Alliance
Last update    : 20150119080705Z
Flags          : EID compliant

PIN [User PIN]
Object Flags   : [0x3], private, modifiable
ID             : 01
Flags          : [0x10], initialized
Length         : min_len:4, max_len:8, stored_len:8
Pad char       : 0x00
Reference      : 1
Type           : ascii-numeric
Path           : 3f005015

Private RSA Key [Card Owner]
Object Flags   : [0x3], private, modifiable
Usage          : [0x2E], decrypt, sign, signRecover, unwrap
Access Flags   : [0x0]
ModLength      : 1024
Key ref        : 0 (0x0)
Native         : yes
Path           : 3f005015
Auth ID        : 01
ID             : 01

Public RSA Key [Card Owner]
Object Flags   : [0x2], modifiable
Usage          : [0xD1], encrypt, wrap, verify, verifyRecover
Access Flags   : [0x0]
ModLength      : 1024
Key ref        : 0
Native         : no
Path           : 3f0050153000
ID             : 01

X.509 Certificate [Card Owner Certificate]
Object Flags   : [0x2], modifiable
Authority      : no
Path           : 3f0050153100
ID             : 01
Encoded serial : 02 09 00F695059953A904F9

X.509 Certificate [Contact 2 Certificate]
Object Flags   : [0x2], modifiable
Authority      : no
Path           : 3f0050153101
ID             : 02
Encoded serial : 02 09 00F695059953A904F9

X.509 Certificate [Contact 3 Certificate]
Object Flags   : [0x2], modifiable
Authority      : no
Path           : 3f0050153102
ID             : 03
Encoded serial : 02 09 00F695059953A904F9

X.509 Certificate [Contact 4 Certificate]
Object Flags   : [0x2], modifiable
Authority      : no
Path           : 3f0050153103
ID             : 04
Encoded serial : 02 09 00F695059953A904F9

X.509 Certificate [Contact 5 Certificate]
Object Flags   : [0x2], modifiable
Authority      : no
Path           : 3f0050153104
ID             : 05
Encoded serial : 02 09 00F695059953A904F9
***************************************************************************************

(3) Using the card in Windows 7:
I installed Windows 7  64 Bit in a VirtualBox and installed
OpenSC-0.12.2-win64.msi. I also tried OpenSC-0.14.0-win64.msi,
but with same result.
I acquired the ATR of the card and properly installed my opens-minidriver.inf:

***************************************************************************************
[Version]
Signature="$Windows NT$"
Class=SmartCard
ClassGuid={990A2BD7-E738-46c7-B26F-1CF8FB9F1391}
Provider=%ProviderName%
CatalogFile=delta.cat
DriverVer=05/02/2010, <at> OPENSC_VERSION_MAJOR <at> , <at> OPENSC_VERSION_MINOR <at> , <at> OPENSC_VERSION_FIX <at> ,0

[Manufacturer]
%ProviderName%=Minidriver,NTamd64,NTamd64.6.1,NTx86,NTx86.6.1

[Minidriver.NTamd64]
%CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000

[Minidriver.NTx86]
%CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000

[Minidriver.NTamd64.6.1]
%CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000

[Minidriver.NTx86.6.1]
%CardDeviceName%=Minidriver32_61_Install,SCFILTER\CID_00640181010c829000

[DefaultInstall]
CopyFiles=x86_CopyFiles
AddReg=AddRegDefault

[DefaultInstall.ntamd64]
CopyFiles=amd64_CopyFiles
CopyFiles=wow64_CopyFiles
AddReg=AddRegWOW64
AddReg=AddRegDefault

[DefaultInstall.NTx86]
CopyFiles=x86_CopyFiles
AddReg=AddRegDefault

[DefaultInstall.ntamd64.6.1]
AddReg=AddRegWOW64
AddReg=AddRegDefault

[DefaultInstall.NTx86.6.1]
AddReg=AddRegDefault

[SourceDisksFiles]
%SmartCardCardModule%=1
%SmartCardCardModule64%=1

[SourceDisksNames]
1 = %MediaDescription%

[Minidriver64_Install.NT]
CopyFiles=amd64_CopyFiles
CopyFiles=wow64_CopyFiles
AddReg=AddRegWOW64
AddReg=AddRegDefault

[Minidriver64_61_Install.NT]
AddReg=AddRegWOW64
AddReg=AddRegDefault
Include=umpass.inf
Needs=UmPass

[Minidriver32_Install.NT]
CopyFiles=x86_CopyFiles
AddReg=AddRegDefault

[Minidriver32_61_Install.NT]
AddReg=AddRegDefault
Include=umpass.inf
Needs=UmPass

[Minidriver64_61_Install.NT.Services]
Include=umpass.inf
Needs=UmPass.Services

[Minidriver32_61_Install.NT.Services]
Include=umpass.inf
Needs=UmPass.Services


[Minidriver64_61_Install.NT.HW]
Include=umpass.inf
Needs=UmPass.HW

[Minidriver64_61_Install.NT.CoInstallers]
Include=umpass.inf
Needs=UmPass.CoInstallers


[Minidriver64_61_Install.NT.Interfaces]
Include=umpass.inf
Needs=UmPass.Interfaces


[Minidriver32_61_Install.NT.HW]
Include=umpass.inf
Needs=UmPass.HW

[Minidriver32_61_Install.NT.CoInstallers]
Include=umpass.inf
Needs=UmPass.CoInstallers


[Minidriver32_61_Install.NT.Interfaces]
Include=umpass.inf
Needs=UmPass.Interfaces


[amd64_CopyFiles]
;%SmartCardCardModule%,%SmartCardCardModule64%

[x86_CopyFiles]
;%SmartCardCardModule%

[wow64_CopyFiles]
;%SmartCardCardModule64%

[AddRegWOW64]
HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3b,f8,13,00,00,81,31,fe,45,4A,43,4f,50,76,32,34,31,b7
HKLM, %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
HKLM, %SmartCardNameWOW64%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider"
HKLM, %SmartCardNameWOW64%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider"
HKLM, %SmartCardNameWOW64%,"80000001",0x00000000,%SmartCardCardModule64%

[AddRegDefault]
HKLM, %SmartCardName%,"ATR",0x00000001,3b,f8,13,00,00,81,31,fe,45,4A,43,4f,50,76,32,34,31,b7
HKLM, %SmartCardName%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
HKLM, %SmartCardName%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider"
HKLM, %SmartCardName%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider"
HKLM, %SmartCardName%,"80000001",0x00000000,%SmartCardCardModule%

[DestinationDirs]
amd64_CopyFiles=10,system32
x86_CopyFiles=10,system32
wow64_CopyFiles=10,syswow64


; =================== Generic ==================================

[Strings]
ProviderName =„OpenSC"
MediaDescription=„OpenSC Card Minidriver Installation Disk"
CardDeviceName=„Muscle Card"
SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Muscle Card"
SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Muscle Card"
SmartCardCardModule="opensc-minidriver.dll"
***************************************************************************************

When the card is inserted the driver is used as shown in device manager
as well as in certutil.exe.
Now here is the actual problem:
When I try to use the card with certutil.exe -SCinfo  several times a dialog pops up
complaining that the card does not have the required functions.
The terminal output is like this. I am sorry for pasting this in german.
I added some translations:

***************************************************************************************
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Users\developer>certutil -scinfo
Die Microsoft Smartcard-Ressourcenverwaltung wird ausgef¸hrt.
Aktueller Leser-/Kartenstatus: (Current Reader/Card Status)
Leser: 1 (Reader: 1)
  0: OMNIKEY CardMan 3x21 0
--- Leser: OMNIKEY CardMan 3x21 0 (Reader)
--- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
--- Status: Die Smartcard kann verwendet werden.
---  Karte: Muscle Card
---    ATR:
        3b f8 13 00 00 81 31 fe  45 4a 43 4f 50 76 32 34   ;.....1.EJCOPv24
        31 b7                                              1.


=======================================================
Karte im Leser wird analysiert: OMNIKEY CardMan 3x21 0 (Trans: The card in the reader is being analized)

--------------===========================--------------
================ Zertifikat 0 ================ (Trans: Certificate 0)
--- Leser: OMNIKEY CardMan 3x21 0 (Reader)
---  Karte: Muscle Card
Anbieter = Microsoft Base Smart Card Crypto Provider
Schl¸sselcontainer = (null) [Standardcontainer] (Trans: standard container)

Schl¸ssel "AT_SIGNATURE" kann nicht geˆffnet werden f¸r Leser: OMNIKEY CardMan 3 (Trans:  Key „AT_SIGNATURE“ could not be opened)
x21 0
Schl¸ssel "AT_KEYEXCHANGE" kann nicht geˆffnet werden f¸r Leser: OMNIKEY CardMan (Trans:  Key „AT_SIGNATURE“ could not be opened)
 3x21 0

--------------===========================--------------
================ Zertifikat 0 ================
--- Leser: OMNIKEY CardMan 3x21 0
---  Karte: Smart Security Device (Brainchild)
Anbieter = Microsoft Smart Card Key Storage Provider
Schl¸sselcontainer = (null) [Standardcontainer]

Schl¸ssel "" kann nicht geˆffnet werden f¸r Leser: OMNIKEY CardMan 3x21 0 (Trans:  Key „“ cound not be opened)

--------------===========================--------------

Fertig.
CertUtil: -SCInfo-Befehl wurde erfolgreich ausgef¸hrt. (Trans: -SCinfo command has been executed with success)
***************************************************************************************

I also configured to use a log file in opensc.conf and debug level 9.
Unfortunately the file is about 2.5 MB. I try to add it as an attachment to this mail,
but I am not sure if this is working with a mailing list.


Attachment (opensc.log): application/octet-stream, 3663 KiB



I already inspected the log, but found nothing suspicious.
I think maybe there have to be a private key to be marked
for use as AT_SIGNATURE and one for AT_EXCHANGE.
But how?

Or maybe I am completely wrong and something different is going wrong.

Any help would be appreciated!

Best Regards,
Michael

Attachment (smime.p7s): application/pkcs7-signature, 4936 bytes
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
William Roberts | 15 Jan 22:15 2015
Picon

Slow KeyGen card causes timeout

I have a PIV card thats two slow to generate a key, and it causes a timeout, is there a spot I can crank the timeout up at?

--
Respectfully,

William C Roberts

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Frank Morgner | 10 Jan 19:17 2015
Picon

Re: Opensc VxWorks

Hi!

> Yes as CCID won't be suitable to handle tokens in VxWorks. I'm looking for
> the replacement of them.

What interface does your token have? Is it USB, TCP/IP, NFC? How are you
accessing your token on the target machine? You basically have the
option to
a) add this specific interface to OpenSC in using e.g. reader-pcsc.c as
template for your reader-vxworks.c
b) emulate the standard PC/SC interface outside of OpenSC in writing a
standalone replacement for libpcsclite.
c) cross compile PCSC-Lite and write a wrapper that acts as virtual
reader driver inside of pcscd.

All options have pros and cons. For examples for b) and c) see e.g.
ifd-vpcd and pcsc-vpcd from here
https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html
or pcsc-proxy from here
http://www.aquamaniac.de/sites/download/packages.php?package=11&showall=1

Greets, Frank.

> On Thu, Jan 8, 2015 at 3:02 PM, Frank Morgner <
> morgner <at> informatik.hu-berlin.de> wrote:
> 
> > Yes, cross compiling for arm works fine. You should use ./configure
> > together with your cross compile target options.
> >
> > The standard way of accessing a token is through PC/sc (which may load a
> > ccid driver to talk to the reader). How do you access your token on vxworks?
> >
> > Am 8. Januar 2015 04:57:39 MEZ, schrieb sarat <sarat.g <at> samsung.com>:
> >>
> >> Hi,
> >>
> >> I would like to implement OpenSC in VxWorks. Can I compile the same
> >> source code using ARM compiler?
> >>
> >> According to my understanding OpenSC calls some API’s written in CCID
> >> drivers which further communicates with the card though APDU commands, if
> >> it so the will the same CCID drivers works for VxWorks because I’m thinking
> >> that drivers differ from one operating system to another operating system.
> >>
> >> Can someone please let me know how can I implement OpenSC in Vxworks. As
> >> of now we are getting shared objects, is there any preconfigured file
> >> exists running of it will provide me static libraries?
> >>
> >> Thank you.
> >>
> >> Regards,
> >>
> >> Sarat G
> >>
> >> ------------------------------
> >>
> >> Dive into the World of Parallel Programming! The Go Parallel Website,
> >> sponsored by Intel and developed in partnership with Slashdot Media, is your
> >> hub for all things parallel software development, from weekly thought
> >> leadership blogs to news, videos, case studies, tutorials and more. Take a
> >> look and join the conversation now. http://goparallel.sourceforge.net
> >>
> >> ------------------------------
> >>
> >> Opensc-devel mailing list
> >> Opensc-devel <at> lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >>
> >>
> > --
> > Frank Morgner
> >
> >
> > ------------------------------------------------------------------------------
> > Dive into the World of Parallel Programming! The Go Parallel Website,
> > sponsored by Intel and developed in partnership with Slashdot Media, is
> > your
> > hub for all things parallel software development, from weekly thought
> > leadership blogs to news, videos, case studies, tutorials and more. Take a
> > look and join the conversation now. http://goparallel.sourceforge.net
> > _______________________________________________
> > Opensc-devel mailing list
> > Opensc-devel <at> lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >
> >
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Sarat G | 9 Jan 16:31 2015
Picon

AES or 3DES in smartcards

Hi,
I wonder using openssl if one can generate the 2018 cryptographic keys and encrypt the data using those keys, then can't it possible to generate keys and which can be used in AES encryption of data, and appending them to the data by encrypting them with RSA keys.
Because as AES is much computationally efficient than RSA, it can improve the performance of smartcards.
Please correct me if this doesn't make sense.
Regards,
Sarat G


------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Opensc-devel mailing list
Opensc-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel

Gmane