Łukasz Piątkowski a écrit :
- I have a CardMan 5321 reader, drivers installed and running with pcscd:
- I have two models of smartcards, I'm not 100% sure of their
models/names (some hints how to get them?), but I think they are:
- Oberthur ID-One Cosmo 64
- Siemens CardOS 4.3
Not all Cosmo 64k come with AuthentIC loaded & instantiated.
When present, the plug-in developed by IdealX manages the applet.
OK, my bad - I didn't set a valid plugin with bundleTool. Now, when I run:
r...@lp:/usr/local/bin# ../sbin/bundleTool
Select the appropriate token driver:
------------------------------------
1. authentIC.bundle
2. mscMuscleCard.bundle
------------------------------------
Enter the number: 1
Insert your token in: OMNIKEY CardMan 5x21 00 00
Token support updated successfully !
Now I try to use the card in muscleTool:
r...@lp:/usr/local/bin# ./muscleTool
MuscleCard shell - type "help" for help.
muscleTool > tokens
1. authentIC Plugin
ListTokens Success.
muscleTool > connect 1
ERR: EstablishConnection Failed !
Is your card already formated?
muscleTool > format 1
ERR: EstablishConnection Failed ! (0x9C52 Token is unsupported)
well, at this point I have no idea of who is returning that status.
I just know that:
- the AuthentIC-X509 applet does not return it (btw, I'm the
author of this applet)
- the IdealX plug-in does not return it (I was in touch with
the IdealX team when they developed the plug-in, and it is not
present in their distrib)
- I do not know what the 'muscleTool' does; it isn't the first
time such questions is raised in this list, and so far I don't
read responses.
So, still nothing... :( I have an AuthentIC Manager for windows and it
runs smoothly on XP: I can login using PIN and generate new RSA keys (I
suppose that means the applet is installed and OK).
definitively - the Auth. Manager (I partially developed) - has
a few & limited purposes but at least it checks that the applet
is present and alive; the plug-in was built to use the same
(card) files naming convention so if key files were generated
with this tool, they shall be visible from the linux stuff.
My next try was using Muscle Applet. I've compiled it and tried to put
on the card using some gpshell I googled around.
valid option if the card uses the same GP keys than the ones
used by that tool - so my previous question regarding these
keys - if you successed to load and instantiate the muscle
applet, no issues were raised by these keys.
Unfortunately, there was a line which sends APDU expected
to set initial PINs after installing applet - and it didn't
work for me. Anyway, I tried to use a muscle applet:
r...@lp:/usr/local/bin# ../sbin/bundleTool
Select the appropriate token driver:
------------------------------------
1. mscMuscleCard.bundle
------------------------------------
Enter the number: 1
Insert your token in: OMNIKEY CardMan 5x21 00 00
Token support updated successfully !
(BTW, I had to move authetIC service from pcsc directory away, otherwise
my muscleTool still saw an Authentic applet instead of muscle's, even
after selecting in bundleTool)
certainly true, these drivers can manage several applets and thus
several (logical) tokens, but require not exclusive connexions as
well as correct enumeration of services, I don't know if it is the
case (one can fear that it is not the case).
OK, now muscleTool:
r...@lp:/usr/local/bin# ./muscleTool
[...]
- when using deafult key:
Formating token [*] : ERR: Format failed ! (0x9C02 Authentication failed)
- when using my supplied key:
Formating token [*] : ERR: Format failed ! (0x9C0F Invalid parameter)
So, again, a complete failure :(
I can't respond to what this tool does.
Where does the card come from ? and what is, according your knowledge,
the status of the Card Domain (which state & which kind of OP keys).
The card is Oberthur's card that is now being used as Electronic Student
ID Card for all main univeristies in Poland.
ok, so it's not a fake card (meaning card w/o [expected] chip).
but I'm not certain of the version of the applet, the fact that the
Auth. plug-in failed to initialise the token can be explained by an
unsupported version.
IdealX developed that plug-in with the specs of a product named "X509",
this applet is more or less the same than "AuthentIC 2.1" developed
on JavaCard 2.1 (I mean when JVC 2.1 was released some years ago),
for "recent" projects Oberthur uses the "AuthentIC 2.2" applet (built
on JVC 2.2 API); the Auth. Manager application supports both versions
and may be it gives you an information regarding actual version of
used card.
I got the card for testing under linux from one of Student Card project
coordinators - they use it only under windows. I just wanted to check
if I'm able to use this student card for other services.
the "standard" (more often requested) product contains CSP and PKCS#11
middlewares for Windows OS; a linux product (a PKCS11 lib) also exists,
it will be easier for you to get these packages to manage your tests.
I will try to reach the Oberthur technical support in Poland to get
accurate info. on what was delivered, and if necessary provide you
with missing materials; meantime you can contact the project
coordinator to double-check these points.
Could someone tell which card is best for my purposes and just *works*.
all sellers will say that their products "work" ... you don't want
only that, you want a product that fit your needs and also all
required support to acheive your goals.
stay in touch.
regards,
Sylvain.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
