When a card returns 61.xx, it means that the card has xx byte to
return to host.
Does a smartcard reader driver handle this, usually?
My Todos driver does. It seemed useful at the time. I would like to know
whether this is correct or not. Most other reader drivers I have looked at
do
I agree that the application should not have to deal with this. But I don't
think the driver should either. Anything that every driver must do in the
same way really belongs at a higher level, in pc/sc.
***
Linux Smart Card Developers
Apparently, at
least with the Cyberflex, the card responds with its maximum speed and
the Gemplus driver interprets this as the requested speed.
If so, that would be a bug in the reader driver. The card remains at
default timings until the reader sends it a PPS.
By the way, the Cyberflex
I didn't think there was a conflict at all between N and CWT/BWT. N is how
long the reader waits before sending the next byte. CWT is how long it
waits before giving up on receiving the next byte. BWT is how long it waits
before giving up on receiving the next block.
Also, I'm not getting the
When I looked in cyberflex toolkit they were
requiring xcard. The xcard that I have ( provided in the toolkit) didn't
work. I don't know the usefulness of xcard and can I get another tool with
which I can work.
I recommend you use pay from our web site:
I don't know about the rest of it, but a former colleague of mine worked on
a secure booting system using a smartcard. I don't see anything on his web
page about it but you could contact him directly.
http://www.citi.umich.edu/u/itoi/
But if you really are concerned about very skilled hackers
Aren't CRC algorithms easy to reverse?
Sorry for the sloppy terminology. Obviously this has to be a cryptographic
hash, not just a crc. But I still think performance will not be a huge
issue.
dumaguete# ls -l /bsd
-rwxr-xr-x 1 rees wheel 2172784 Jan 25 16:11 /bsd
dumaguete# time md5 /bsd
Ok, so you have a bunch of executables and a table of pre-computed CRC's.
No, you have a bunch of executables, and for each you have a crypto hash
signed with a private key.
You could store the public key in the secure rom, but this guy wants to use
a smart card, presumably because he wants
For accessing remote computers (which the original query was about)
something like ssh or secure telnet using smart card based keys
for authentication would be more appropriate.
Of course what you really want is for the session to be secure all the way
to the card, not just to the
I'm not sure how to calculate this value when etu =
1/9600 s (default value when there is no PTS):
My interpretation of 7816-3 is that it should be a)
wwt = 960 * WI * F / 3571200
But I could be wrong. In particular, Cyberflex almost always requires a
longer wwt, and I usually set my
Would anyone like to do me a really big favor and help translate my Sesame
application from English to French? I took a stab at it with the help of
Babelfish but the result is pretty horrible.
English and French versions are here:
http://www.citi.umich.edu/u/rees/sesame-2001.txt
0x77 is not a valid sw1. Read up on 7816-3.
However, I think you are solving the timeout problem the wrong way. Your
applet should stall by sending nulls (0x60) until it is ready with the
reply. You do this by calling apdu.waitExtension(). You may also have to
change the protocol bytes in
You can't just go #defining those things without understanding why they're
needed. If they aren't in your system include files then your OS probably
doesn't support them.
You didn't say which driver you're trying to compile so I can't help trying
to track this down. TCSETS, TIOCMBIS, etc are
How can we increase the timeout? Is there something wrong in our ATR?
That atr specifies a 35 second waiting time, which should be plenty (it also
lies about the card type). One possibility is that your reader driver is
ignoring the timing info in the atr. Have you tried a different reader?
p.s.: How much is PCSC-Lite tied with Linux/Unix O.S. and unportable to
Windows ? If you replaced serial-port primitives, would it (in theory)
work under Windows ?
It would be pretty funny if people started using MUSCLE pc/sc on Windows in
preference to the Microsoft version.
But I don't
We have some iButton code, including an ifd driver that should work with
muscle pc/sc, a Kerberos applet, and an ssh applet. You can get them here:
http://www.citi.umich.edu/projects/smartcard/ibutton.html
***
Linux Smart Card
The "get challenge" apdu, 0x84, normally returns a random number. I once
collected 160 bytes from a Payflex P1 card and ran some simple tests. I
don't know how the rng is implemented in Payflex, and it's probably a highly
guarded secret.
If anyone wants to run some tests, the bits are
You can get the class files by ordering the Windows sdk, but that would be
an expensive way to do it. And you still need mksolo.
I wonder if we could convince Schlumberger to re-release the linux sdk as
unsupported software.
***
Linux
The linux sdk was there two weeks ago, but now I can't find it. Maybe it
has been removed now that Danny is gone. You can put most of it together
yourself except for mksolo and the class files. The Readme is still there
and describes what was in the sdk:
In CT-API specification have a function call CT-init(ctn,pn)
About pn(PortNumber) how to define for PCMCIA card reader?
Most pc-card smartcard readers emulate a terminal device (16550 uart or
equiv). If yours does, just map port numbers to tty numbers like the other
card drivers do. If it
I have modified Carlos's 1.6.3 driver to support T=1. You can get my patch
here:
http://www.citi.umich.edu/projects/smartcard/palmreader/pilot-serial.tar.gz
You don't want the whole thing (it's a Palm driver), just the T=1 part.
Take the scT1.c file and maybe scrw.h, and throw away the other
Does anyone make a usable card reader with an infrared port? I prefer
IRcomm but I'll take what I can get. Towitoko used to list one in their
catalog, but they weren't actually selling it.
***
Linux Smart Card Developers - M.U.S.C.L.E.
Why are you so determined to use the Reflex 20? There are other pc-card
readers. I have always felt that if a manufacturer doesn't want me to use
his products, I'll buy from someone else.
***
Linux Smart Card Developers - M.U.S.C.L.E.
I can't find any way to get the atr length from the ifd interface.
IFD_Get_Capabilities returns the atr, but not its length. Is that right?
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux
The problem is that the commands for changing the
serial speed are not going to be published by the
manufacturer...
Does their Windows driver do higher speeds? If so, it should be possible to
discover the Chipdrive command by snooping.
It might also be possible to figure it out without
I walk up to my RH desktop machine, and touch my Java iButton to the blue spot
reader. The PAM login uses the iButton key to identify me using list of known
ssh public keys. If it matches, a key is stored in ssh-agent (or used for any
other auth scheme, e.g. to get a Kerberos ticket) uses
Secure RPC is a joke and I guess there is supposed to be another form of
this coming soon - does anyone know more about this ?
You mean the stuff in NFSv4? We coincidentally happen to be implementing
this right now. It's a real kitchen sink, uses gss-api, with kerberos 5 as
one of the
Is this PC/SC or the drivers though ? The Towitoko PC/SC driver for Win32
claims to release the serial port only claim it 'on demand'.
pc/sc requires card insertion events be delivered. So the drivers must keep
the port open. Towitoko is technically in violation of the spec, which is
one
Can anyone recommend a reader with integrated PIN pad for use with Muscle
pc/sc? Are there any that are supported, or at least have the necessary
technical specs available?
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for
As David pointed out, WWT is work waiting time. See 7816-3/8.2. It's the
amount of time the terminal should wait before deciding the card isn't going
to respond. It is normally 1 second for cards with default timing, such as
Cyberflex.
Every time you call apdu.waitExtension() it resets the
Has anyone gotten a GCR 415 to work with pcsc-lite?
I promised David I'd try this, but I see you beat me to it.
I asked atul PANDIT, the guy who wrote the driver, and here is what he said:
sorry for replying late. i was not available for 2 months
here. yes. i guess, it should work.
If you are using a mailer that attaches html to the end of your messages, I
have to wonder about your taste.
--
I think Schlumberger had a version of makesolo for linux at one time but
they dropped it.
Cyberflex is not really Javacard 2.0, and you need the Schlumberger sdk to
program it.
In
Does anybody know of a hook in ssh for using smartcard for authentification?
Is anybody working on this feature?
We use scfs to store the ssh private key on the card, but this is not ideal
because the secret leaves the card during authentication. What you really
want is to do the crypto on
Yes, a new Cyberflex Access card was released on March 19, and kits
delivered after that date have the new card. The old card atr ends with 0f,
the new one ends with 1f. There are three changes, ChangeJavaATR has been
fixed, SetKey now works with the key in a byte array, and the serial number
I had in mind Cyberflex, which is 16K. Of course any card that already has
md5 built in will require hardly any additional space for skey.
I don't think gpk4000 is programmable, so it might or might not work.
***
Linux Smart Card
It's not necessary, or even possible, to put the ssh client on a card. What
is possible is to put the ssh client private key on a card. I think we've
done that, it's not hard. What's harder, and we have not done this, is to
put the private key on the card, and also do the crypto on the card,
Does Intertex make the little pc-card reader? I think I've got one of those
sitting around here.
But why not just add T=1 support for a "dumb" reader? Is it harder than
I thought?
It's not extremely hard but not trivial, and I prefer purchase order
technology when it's available.
I am in need of a reader and linux (openbsd, really) ifd or ctapi driver for
T=1. Any suggestions?
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
ISO makes some of its money from member fees, but most of it comes from
selling copies of specs. So you won't often find free copies of 7816.
The most interesting part of 7816 is part 3, usually called 7816-3. There
used to be a copy of this on the SCDA web site, but it was an older version
I've just discovered that the Todos reader won't run at 115.2 Kbps. I
haven't tried lower speeds other than 9600.
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
I've got the Towitoko reader working on OpenBSD now. I'm using Payflex P1
cards and there seem to be some problems in the ctapi library.
Reset takes a long time, because Towitoko_ResetCard() goes through the loop
three times. I don't know why. Then atr parsing fails, and ATR_Protocol()
I have completed a very rudimentary first draft of a ct-api driver for the
Todos Argos Mini reader, based on our sc7816 driver for dumb readers. It
hasn't been properly tested yet but does properly run David's little test
program. You can get it at our Smart Card Research page.
I'm trying to build xcard for OpenBSD and not getting very far. There seems
to be a bug in the configure script. Can anyone suggest an easy fix?
% ./configure --with-tcl=/usr/local/src/tcl-tk-8.0.4/tcl8.0.4
--with-tk=/usr/local/src/tcl-tk-8.0.4/tk8.0.4
loading cache ./config.cache
checking
// Up to here, everything is
ok. The next command returns a BYTE[] that
// starts with "f2". The
"Toolkit" application does not return such a byte.
a0 f2 00 00 17
f2 00 00 00 62 69 69 02 3f 00 02 14 03 1b 13 00 02 00 00 00 00
00 00 00 90 00
That "f2" is the ack byte. This is
44 matches
Mail list logo