2010/5/13 Viktor TARASOV <[email protected]>: > Viktor TARASOV wrote: >> Hello Ludovic, >> >> >> Ludovic Rousseau wrote: >> >>> 2010/5/11 Viktor TARASOV <[email protected]>: >>> >>> >>>> Ludovic Rousseau wrote: >>>> >>>> >>>>> 2010/5/11 Viktor TARASOV <[email protected]>: >>>>> >>>>> >>>>> >>>>>>> I can send an OpenSC log file level=99 (200 KB uncompressed) if needed. >>>>>>> I use the current SVN version of OpenSC. >>>>>>> >>>>>>> >>>>>>> >>>>>> Please, do it. >>>>>> >>>>>> >>>>>> >>>>> Attached. bzip2 compressed. >>>>> >>>>> I have a Feitian smart card and use the entersafe card driver. >>>>> >>>>> It may be an entersafe card driver bug. >>>>> log says: >>>>> 0xb7b476b0 16:40:59.112 [opensc-pkcs11] >>>>> iso7816.c:102:iso7816_check_sw: Security status not satisfied >>>>> 0xb7b476b0 16:40:59.112 [opensc-pkcs11] >>>>> card-entersafe.c:900:entersafe_compute_with_prkey: internal set >>>>> security env failed: Security status not satisfied >>>>> 0xb7b476b0 16:40:59.112 [opensc-pkcs11] sec.c:56:sc_compute_signature: >>>>> returning with: -1211 >>>>> >>>>> >>>>> >>>> OK, thanks. >>>> >>>> I have this card and I'll look it before the end of >>>> this week (with 'Gemalto PC PinPad Reader'). >>>> >>>> >>> I think you will need this patch to use the Gemalto pinpad: >>> >>> Index: src/libopensc/card-entersafe.c >>> =================================================================== >>> --- src/libopensc/card-entersafe.c (revision 4340) >>> +++ src/libopensc/card-entersafe.c (working copy) >>> @@ -938,7 +938,7 @@ >>> { >>> pin->encoding = SC_PIN_ENCODING_ASCII; >>> pin->min_length = 4; >>> - pin->max_length = 16; >>> + pin->max_length = 8; >>> pin->pad_length = 16; >>> pin->offset = 5 + num * 16; >>> pin->pad_char = 0x00; >>> >>> The reader does not accept PIN longer than 8. I willl write about that >>> on my blog [1] later. >>> >>> >> >> Using actual trunk I cannot sign with Feitian card neither with >> conventional reader nor with pin pad. >> The reason, afais, in both cases is the same -- after user PIN was >> validated, the signing key parent DF is selected by full path. Feitian >> UserPIN is local one, and so its 'validated' flag is lost. (Still to be >> looked for -- why PKCS#15 pin cache is not working here.) >> >> In fact, there is no real need to select key DF -- it's already selected >> by the previous operations, >> but the card->cache (that keeps current path) is invalidated and >> 'compute signature' procedure has to other way to ensure sign key's DF >> then re-selection. >> >> To keep valid card->cache (and current path) I'll do two small changes >> to trunk: >> - in entersafe profile for the user PIN add flag 'local' (in fact it's >> really 'local', but actual profile has no this flag); >> - set default value of 'lock_login' to 'true' (as it stated by the >> comments in opensc.conf, but not in reality) . >> >> After these changes, the card->cache->current_path will be properly >> filled up when verifying PKCS#15 PIN, >> and card->cache will not be invalidated between 'C_Login' and 'C_Sign'. >> > > It 'works for me' in trunk r4346 with 'Gemalto PC Pinpad Reader'.
I am using trunk r4351 and I still have the same problem. Have you fixed the problem? If yes, in which revision? Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
