Hello list,
During the last couple of days I have finally managed to devote some time to smartcards - something I wanted to do for several years. After long investigations I finally did not find a nice text-only, comfortabl shell-like tool to deal with modern javacards.
So I wrote one myself.
The beast is currently called Chipcard-GlobalPlatform and it should be adaptable to cards complying to the GlobalPlatform standard. However, I was only able to test it with Cyberflex e-gate 32K cards.
While the perl modules should allow to use a smartcard from a perl script, the package comes with a smartcard shell - the gpsh - the GlobalPlatform shell. If you have Term::ReadLine::Gnu installed, then the shell comes with command-line and argument-completion and you never have to think
"APDU" again. It also allows for things I have not found nice tools for
before, like changeing card manager keys, setting up security domains, etc. It also is more powerful than muscleTool, IMHO.
A typical dialog looks like the following one:
$ gpsh Welcome to the GlobalPlatform shell. The GlobalPlatform shell is (c) 2004 by Peter Stamfest ([EMAIL PROTECTED]) All rights reserved. Use 'about' to get more information and 'help' to get help with commands. gpsh> select OPEN OK gpsh[OPEN]> securechannel OK gpsh[OPEN]> list AID: visa.openplatform LCState: 07 Privileges: 00 (A0000000030000) AID: java.lang LCState: 01 Privileges: 00 (A0000000620001) AID: javacard.framework LCState: 01 Privileges: 00 (A0000000620101) AID: javacard.framework LCState: 01 Privileges: 00 (A0000000620102) AID: javacardx.crypto LCState: 01 Privileges: 00 (A0000000620201) AID: visa.openplatform LCState: 01 Privileges: 00 (A0000000030000) AID: MUSCLEcard load file LCState: 01 Privileges: 00 (A000000001) OK gpsh[OPEN]> exit $
Just entering help lists the available commands (they depend on the selected Applet, though). [The OPEN is the card manager, for those who do not know the Globalplatform standard.]
The tool allows to load loadfiles and install applet instances, so it might replace the CFlexAccess32Loader and other Musclecard loaders tailored to just one card. (However, I fear that cards are often not quite standards-compliant and the tool has to be tweaked to deal with more than one card type).
Eg. I have loaded the MUSCLEcard load file using the following command:
gpsh[OPEN]> load A000000001 ~/CardEdge.bin 13
Now I can create an Applet Instance by saying
gpsh[OPEN]> install A000000001 A00000000101 21000
Switching over to the new applet:
gpsh[OPEN]> select Muscle
And now I can format the little beast:
gpsh[Muscle]> quicksetup Enter current pin#0 (admin PIN)[Muscle00]: Enter new pin#0 (admin PIN): 1234 Enter new pin#1 (user PIN): 4321 Enter new pin#1 (user PIN) unblock pin: 5678 Enter max. number of attempts before blocking pin#1: 5 Enter reserved memory[7168]: 3900
Please review the following information:
0 current pin#0 Muscle00 1 verification attempts for pin#0 4 2 unblock attempts for pin#0 1 3 new pin#0 1234 4 new unblock-pin for pin#0 1234 5 verification attempts for pin#1 5 6 unblock attempts for pin#1 2 7 new pin#1 4321 8 new unblock-pin for pin#1 5678 9 reserved memory 3900 10 create object ACL (hex) 00 11 create key ACL (hex) 02 12 create pin ACL (hex) 01 Proceed yes/no/<number-to-change> (y/n/0-12)?[n]: y OK
Then I used Mozilla to import a PKCS#12 file using the PKCS#11 plugin. Afterward I use gpsh again to look at the card:
gpsh[Muscle]> listobjects ID Size ReadACL WriteACL DelACL --------------------------------- c0 512 0000 0000 0002 C0 873 0000 0000 0002 k1 512 0000 0000 0002 k0 512 0000 0000 0002 gpsh[Muscle]> listkeys number type partner size # Type Partner Size ReadACL WriteACL UseACL ------------------------------------------------------ 0 RSA_PRIVATE_CRT N/A 1024 ffff 0002 0002 1 RSA_PUBLIC N/A 1024 0000 0002 0002 gpsh[Muscle]> getstatus card_edge_major_version 0 card_edge_minor_version 1 currently_logged_in_identities PIN#1 free_object_memory 1425 number_of_used_keys 2 number_of_used_pins 2 software_major_version 0 software_minor_version 6 total_object_memory 3900
If you are interested in this, download the package from
http://oss.stamfest.net/Chipcard-GlobalPlatform/Chipcard-GlobalPlatform-0.01.tar.gz
and give it a try. Feedback is welcome, although I cannot put too much
time into this tool. I might put it up to CPAN. Note that you will need a couple of other perl-packages as well as a working PCSC setup. Just have a look at the README. Also take a look at the example script, it shows how to install a Muscle applet and how to format it. Because the gpsh can deal with actual scripts in files, something like this could be used for bulk provisioning of cards.
The tools is expandable. It could support more card applets easily.
For the impatient:
perl Makefile.PL make make install
(Although I recommend packaging it as an RPM)
To be able to import a RSA key to the Muscle card the keyblob tool in the contrib directory has to be installed as well:
make -C contrib make -C contrib install
Correct and up-to-date documentation is severly lacking, in compliance with the rest of the smartcard scene ;-) If you would like to document the thing: Please do it.
If the Musclecard webmaster wants to put the tool up to the website: just go ahead.
Ah, and this is bleeding edge - alpha software. You have been warned.
peter _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
