Matthias Barmeier wrote: > Hi, > > thanx a lot for your informative mini tutorial :) > > I see more clearer now, but ... my problem persists.
Try this: Format the card new and use key number 0 and 1 instead of 1 and 2. Karsten > Here is my muscleTool output: > > --snip-- > [EMAIL PROTECTED]:~$ muscleTool > > MuscleCard Shell - type help for help > > muscle > tokens > 1. MuscleCard Applet > > muscle > connect 1 > muscle [MuscleCard Applet] > listkeys > Key Type Key Num SIZE READ WRITE USE > ----------------- ----------- ----- ------ ------ ------ > RSA PRIVATE CRT 1 1024 NEVER PIN #1 PIN #1 > RSA PUBLIC 2 1024 ALWAYS PIN #1 PIN #1 > muscle [MuscleCard Applet] > > > --snip-- > > everything looks ok for me. > > Should I reformat the card and start the process from the beginning or > are there any checks I could do prove if this is a libpam issue or > a something happened to my card ?? > > Ciao > Matthias > > > > > Karsten Ohme schrieb: > > >>Matthias Barmeier wrote: >> >> >> >>>Hi, >>> >>>PIN 1 I tried this but ... it does not work. >>>I use libpam-muscle package from debian sarge. Any problems known about >>>this ?? >>> >>>following my apdu enabled pcscd output. >>> >>>It would be great if you could give me a short lesson in how to read this. >>> >>> >> >>Actually only the lines with SCardTransmit are interesting. >>unfortunately the MCardPlugin has no debug output, this would be much >>easier to read. The next line after a SCardTransmit is the APDU send to >>the card. To understand this you must know the APDU format defined in >>the Card Edge specification. This can be done by looking at the first 4 >>or 5 bytes and the following byte. This is specified in the ISO 7816-4 >>standard. Everything a piece of cake. >> >>CLA (class) >>INS (instruction) >>P1 (parameter 1) >>P2 (parameter 2) >> >>P3 (Le [length expected ] or Lc [length count] byte)) - only there if >>something is sent, received or both >> >>Data of length Lc - only there if something is sent >> >>Le (Length expected - only there if some data is expected to received, >>if only something is received this is equal to P3) >> >>E.g.: >> >> >> >> >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: 00 A4 04 00 06 A0 00 00 00 01 01 >>>SW: 90 00 >>> >>> >> >>Well, what should I say, you see it clearly, the applet with the AID A0 >>00 00 00 01 01 is selected. The AID has length 6 (the 06), which is the >>Lc byte and Le is missing, because nothing is expected. The AID is >>something like the executable file name in this case and is selected for >>execution. 00 is the CLA, A4 the INS, 04 = P1 00 = P2, the parameters >>have a special meaning. >> >>90 00 are two status words. Status word are always returned. Always two >>end the end of the returned data. 90 00 means the world is alright. No >>error. >> >> >> >> >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: B0 42 01 00 08 30 30 30 30 30 30 30 30 >>>SW: 90 00 >>> >>> >> >>Your PIN is 0 0 0 0 0 0 0 0 (the 8 30s). 08 is the length. B0 42 01 00 >>is the command header for the verify PIN command. >> >> >> >> >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: B0 36 00 01 05 00 03 01 00 00 >>>SW: 9C 10 >>> >>> >> >>A ComputeCrypt command. The nonce must be signed by your card, returned >>to the PC and verified. If OK, you can proceed and are logged in. >> >>Bad luck. The return code means: SW_INCORRECT_P1. The P1 parameter is >>the key number which is used for the signing operation. There is a >>problem with the key on the card. Now it is your turn to think about, >>what's the problem with the key. You have followed the README and the >>key number one should be a private RSA key. >> >>Listed in muscleTool with something like this: >> >>RSA PRIVATE CRT 1 1024 NEVER PIN #1 PIN #1 >> >>The above error is actually only returned if the key is not there. I >>cannot understand, how this can happen. >> >>Karsten >> >> >> >> >>>Thanx. >>> >>>--snip-- >>>pcscdaemon.c:258:main() pcscd set to foreground with debug send to stderr >>>debuglog.c:236:DebugLogSetCategory() Debug options: APDU >>>readerfactory.c:1096:RFInitializeReader() Attempting startup of Towitoko >>>Chipdrive Reader 00 00. >>>readerfactory.c:938:RFBindFunctions() Loading IFD Handler 2.0 >>>pcscdaemon.c:463:main() pcsc-lite 1.2.9-beta8 daemon ready. >>>Card ATR: 3B 75 94 00 00 62 02 02 03 01 >>>winscard_msg_srv.c:203:SHMProcessEventsServer() Common channel packet >>>arrival >>>winscard_msg_srv.c:212:SHMProcessEventsServer() >>>SHMProcessCommonChannelRequest detects: 7 >>>pcscdaemon.c:150:SVCServiceRunLoop() A new context thread creation is >>>requested: 7 >>>winscard_svc.c:136:ContextThread() Thread is started: 7 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard_svc.c:178:ContextThread() Client is protocol version 2:0 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:160:SCardEstablishContext() Establishing Context: 16977230 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:214:SCardConnect() Attempting Connect to Towitoko Chipdrive >>>Reader 00 00 using protocol: 3 >>>prothandler.c:129:PHSetProtocol() Attempting PTS to T=0 >>>winscard.c:322:SCardConnect() Active Protocol: T=0 >>>winscard.c:329:SCardConnect() hCard Identity: 152b2 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: 00 A4 04 00 06 A0 00 00 00 01 01 >>>SW: 90 00 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: B0 42 01 00 08 30 30 30 30 30 30 30 30 >>>SW: 90 00 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: B0 36 00 01 05 00 03 01 00 00 >>>SW: 9C 10 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:706:SCardDisconnect() Active Contexts: 1 >>>winscard.c:765:SCardDisconnect() Reset complete. >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:171:SCardReleaseContext() Releasing Context: 16977230 >>>winscard_msg_srv.c:262:SHMProcessEventsContext() Client has disappeared: 7 >>>winscard_svc.c:149:ContextThread() Client die: 7 >>>winscard_msg_srv.c:203:SHMProcessEventsServer() Common channel packet >>>arrival >>>winscard_msg_srv.c:212:SHMProcessEventsServer() >>>SHMProcessCommonChannelRequest detects: 7 >>>pcscdaemon.c:150:SVCServiceRunLoop() A new context thread creation is >>>requested: 7 >>>winscard_svc.c:136:ContextThread() Thread is started: 7 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard_svc.c:178:ContextThread() Client is protocol version 2:0 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:160:SCardEstablishContext() Establishing Context: 17005895 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:214:SCardConnect() Attempting Connect to Towitoko Chipdrive >>>Reader 00 00 using protocol: 3 >>>prothandler.c:129:PHSetProtocol() Attempting PTS to T=0 >>>winscard.c:322:SCardConnect() Active Protocol: T=0 >>>winscard.c:329:SCardConnect() hCard Identity: 10b47 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed >>>client: 7 >>>winscard.c:1460:SCardTransmit() Send Protocol: T=0 >>>APDU: 00 A4 04 00 06 A0 00 00 00 01 01 >>>SW: 90 00 >>>pcscdaemon.c:528:signal_trap() Preparing for suicide >>>hotplug_libusb.c:358:HPEstablishUSBNotifications() Hotplug stopped >>>readerfactory.c:1351:RFCleanupReaders() entering cleaning function >>>readerfactory.c:1360:RFCleanupReaders() Stopping reader: Towitoko >>>Chipdrive Reader 00 00 >>>eventhandler.c:120:EHDestroyEventHandler() Stomping thread. >>>eventhandler.c:149:EHDestroyEventHandler() Thread stomped. >>>readerfactory.c:1143:RFUnInitializeReader() Attempting shutdown of >>>Towitoko Chipdrive Reader 00 00. >>>readerfactory.c:1013:RFUnloadReader() Unloading reader driver. >>>pcscdaemon.c:488:at_exit() cleaning /var/run >>>--snip-- >>> >>> >>>Ciao >>> Matthias >>> >>> >>>Karsten Ohme schrieb: >>> >>> >>> >>> >>> >>>>Matthias Barmeier wrote: >>>> >>>> >>>> >>>> >>>> >>>> >>>>>Hi, >>>>> >>>>>after setting up lib-pam successfully I encounter the >>>>>following problem: >>>>> >>>>>After entering unsername and PIN I always get something >>>>>like a Login failed window from GDM. >>>>> >>>>>My question is: How can I monitor what is happening ?? >>>>> >>>>> >>>>> >>>>> >>>> >>>>run pcscd -a -d -f, to trace the APDU, the output below does not help. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>When I try login I always get the message "Invalid PIN". >>>>> >>>>>Which PIN do I have to use ? >>>>> >>>>> >>>>> >>>>> >>>> >>>>Should be PIN number 1, if this is restricted. You are using MusclePAM >>>> >>>> >>> >>>>from the Debian package or from svn or from ...? >>> >>> >>> >>> >>>> >>>> >>>> >>>>>I tried all three PINs but they are all invalid. >>>>> >>>>>Any hints ? >>>>> >>>>> >>>>> >>>>> >>>> >>>>You can enable DEBUG in /etc/musclepam/pam-muscle.conf and then you can >>>>log in at the console and see the individual steps of MusclePAM. >>>> >>>>Karsten >>>> >>>> >>>> >>>> >>> >>>_______________________________________________ >>>Muscle mailing list >>>[email protected] >>>http://lists.drizzle.com/mailman/listinfo/muscle >>> >>> >> >>_______________________________________________ >>Muscle mailing list >>[email protected] >>http://lists.drizzle.com/mailman/listinfo/muscle >> >> >> >> > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
