Matthias Barmeier wrote: > Hi, > > PIN 1 I tried this but ... it does not work. > I use libpam-muscle package from debian sarge. Any problems known about > this ?? > > following my apdu enabled pcscd output. > > It would be great if you could give me a short lesson in how to read this.
Actually only the lines with SCardTransmit are interesting. unfortunately the MCardPlugin has no debug output, this would be much easier to read. The next line after a SCardTransmit is the APDU send to the card. To understand this you must know the APDU format defined in the Card Edge specification. This can be done by looking at the first 4 or 5 bytes and the following byte. This is specified in the ISO 7816-4 standard. Everything a piece of cake. CLA (class) INS (instruction) P1 (parameter 1) P2 (parameter 2) P3 (Le [length expected ] or Lc [length count] byte)) - only there if something is sent, received or both Data of length Lc - only there if something is sent Le (Length expected - only there if some data is expected to received, if only something is received this is equal to P3) E.g.: > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: 00 A4 04 00 06 A0 00 00 00 01 01 > SW: 90 00 Well, what should I say, you see it clearly, the applet with the AID A0 00 00 00 01 01 is selected. The AID has length 6 (the 06), which is the Lc byte and Le is missing, because nothing is expected. The AID is something like the executable file name in this case and is selected for execution. 00 is the CLA, A4 the INS, 04 = P1 00 = P2, the parameters have a special meaning. 90 00 are two status words. Status word are always returned. Always two end the end of the returned data. 90 00 means the world is alright. No error. > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: B0 42 01 00 08 30 30 30 30 30 30 30 30 > SW: 90 00 Your PIN is 0 0 0 0 0 0 0 0 (the 8 30s). 08 is the length. B0 42 01 00 is the command header for the verify PIN command. > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: B0 36 00 01 05 00 03 01 00 00 > SW: 9C 10 A ComputeCrypt command. The nonce must be signed by your card, returned to the PC and verified. If OK, you can proceed and are logged in. Bad luck. The return code means: SW_INCORRECT_P1. The P1 parameter is the key number which is used for the signing operation. There is a problem with the key on the card. Now it is your turn to think about, what's the problem with the key. You have followed the README and the key number one should be a private RSA key. Listed in muscleTool with something like this: RSA PRIVATE CRT 1 1024 NEVER PIN #1 PIN #1 The above error is actually only returned if the key is not there. I cannot understand, how this can happen. Karsten > > Thanx. > > --snip-- > pcscdaemon.c:258:main() pcscd set to foreground with debug send to stderr > debuglog.c:236:DebugLogSetCategory() Debug options: APDU > readerfactory.c:1096:RFInitializeReader() Attempting startup of Towitoko > Chipdrive Reader 00 00. > readerfactory.c:938:RFBindFunctions() Loading IFD Handler 2.0 > pcscdaemon.c:463:main() pcsc-lite 1.2.9-beta8 daemon ready. > Card ATR: 3B 75 94 00 00 62 02 02 03 01 > winscard_msg_srv.c:203:SHMProcessEventsServer() Common channel packet > arrival > winscard_msg_srv.c:212:SHMProcessEventsServer() > SHMProcessCommonChannelRequest detects: 7 > pcscdaemon.c:150:SVCServiceRunLoop() A new context thread creation is > requested: 7 > winscard_svc.c:136:ContextThread() Thread is started: 7 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard_svc.c:178:ContextThread() Client is protocol version 2:0 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:160:SCardEstablishContext() Establishing Context: 16977230 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:214:SCardConnect() Attempting Connect to Towitoko Chipdrive > Reader 00 00 using protocol: 3 > prothandler.c:129:PHSetProtocol() Attempting PTS to T=0 > winscard.c:322:SCardConnect() Active Protocol: T=0 > winscard.c:329:SCardConnect() hCard Identity: 152b2 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: 00 A4 04 00 06 A0 00 00 00 01 01 > SW: 90 00 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: B0 42 01 00 08 30 30 30 30 30 30 30 30 > SW: 90 00 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: B0 36 00 01 05 00 03 01 00 00 > SW: 9C 10 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:706:SCardDisconnect() Active Contexts: 1 > winscard.c:765:SCardDisconnect() Reset complete. > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:171:SCardReleaseContext() Releasing Context: 16977230 > winscard_msg_srv.c:262:SHMProcessEventsContext() Client has disappeared: 7 > winscard_svc.c:149:ContextThread() Client die: 7 > winscard_msg_srv.c:203:SHMProcessEventsServer() Common channel packet > arrival > winscard_msg_srv.c:212:SHMProcessEventsServer() > SHMProcessCommonChannelRequest detects: 7 > pcscdaemon.c:150:SVCServiceRunLoop() A new context thread creation is > requested: 7 > winscard_svc.c:136:ContextThread() Thread is started: 7 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard_svc.c:178:ContextThread() Client is protocol version 2:0 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:160:SCardEstablishContext() Establishing Context: 17005895 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:214:SCardConnect() Attempting Connect to Towitoko Chipdrive > Reader 00 00 using protocol: 3 > prothandler.c:129:PHSetProtocol() Attempting PTS to T=0 > winscard.c:322:SCardConnect() Active Protocol: T=0 > winscard.c:329:SCardConnect() hCard Identity: 10b47 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed > client: 7 > winscard.c:1460:SCardTransmit() Send Protocol: T=0 > APDU: 00 A4 04 00 06 A0 00 00 00 01 01 > SW: 90 00 > pcscdaemon.c:528:signal_trap() Preparing for suicide > hotplug_libusb.c:358:HPEstablishUSBNotifications() Hotplug stopped > readerfactory.c:1351:RFCleanupReaders() entering cleaning function > readerfactory.c:1360:RFCleanupReaders() Stopping reader: Towitoko > Chipdrive Reader 00 00 > eventhandler.c:120:EHDestroyEventHandler() Stomping thread. > eventhandler.c:149:EHDestroyEventHandler() Thread stomped. > readerfactory.c:1143:RFUnInitializeReader() Attempting shutdown of > Towitoko Chipdrive Reader 00 00. > readerfactory.c:1013:RFUnloadReader() Unloading reader driver. > pcscdaemon.c:488:at_exit() cleaning /var/run > --snip-- > > > Ciao > Matthias > > > Karsten Ohme schrieb: > > >>Matthias Barmeier wrote: >> >> >> >>>Hi, >>> >>>after setting up lib-pam successfully I encounter the >>>following problem: >>> >>>After entering unsername and PIN I always get something >>>like a Login failed window from GDM. >>> >>>My question is: How can I monitor what is happening ?? >>> >>> >> >>run pcscd -a -d -f, to trace the APDU, the output below does not help. >> >> >> >> >>>When I try login I always get the message "Invalid PIN". >>> >>>Which PIN do I have to use ? >>> >>> >> >>Should be PIN number 1, if this is restricted. You are using MusclePAM > >>from the Debian package or from svn or from ...? > >> >> >> >>>I tried all three PINs but they are all invalid. >>> >>>Any hints ? >>> >>> >> >>You can enable DEBUG in /etc/musclepam/pam-muscle.conf and then you can >>log in at the console and see the individual steps of MusclePAM. >> >>Karsten >> >> > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
