Moin, Not so long ago my university's computer department started issuing smartcards with certificates. These are Siemens CardOS 4.3B cards, to be used with some proprietory software called HiPath SIcurity Card API.
However, to my great delight the file structure on the card seems to be PKCS#15 compatible. opencs's pkcs15-tool initially had some rather grave problems (it only read 258 bytes of EF(TokenInfo) which really is 277 bytes long and then the ASN.1 parser bailed out), but these seem to be fixed in recent SVN. The problem is now: On this card the EF(CDF) etc. are record-oriented files and not transparent files as opensc is expecting. So pkcs15-tool doesn't get very far, because READ BINARY won't work on these files. I'm not sure, I didn't find any clear wording on this issue in the PKCS#15 specs, so: Is this allowed? And then: Any volunteers that want to implement support for it in opensc? Or should I try and look into it? PS: I was somewhat confused that I didn't find any debug option to log all incoming and outgoing APDUs, which I would regard as the most basic and powerful debug technique. Did I miss something? PPS: Here is the lower half of the output of pkcs15-tool -c -vvvvvvvv: --8<-snip-8<-- [...] Found HU-CA Smartcard! pkcs15.c:1561:sc_pkcs15_read_file: called, path=4404, index=0, count=-1 card.c:531:sc_select_file: called; type=2, path=3f0050154404 card-cardos.c:396:cardos_select_file: called apdu.c:504:sc_transmit_apdu: called card.c:311:sc_unlock: called iso7816.c:302:iso7816_process_fci: processing FCI bytes iso7816.c:308:iso7816_process_fci: file identifier: 0x4404 iso7816.c:322:iso7816_process_fci: bytes in file: 1024 iso7816.c:335:iso7816_process_fci: shareable: no iso7816.c:355:iso7816_process_fci: type: working EF iso7816.c:357:iso7816_process_fci: EF structure: 5 card-cardos.c:400:cardos_select_file: returning with: 0 card.c:553:sc_select_file: returning with: 0 card.c:398:sc_read_binary: called; 1024 bytes at index 0 card.c:398:sc_read_binary: called; 248 bytes at index 0 apdu.c:504:sc_transmit_apdu: called card.c:311:sc_unlock: called card-cardos.c:224:cardos_check_sw: command cannot be used for file structure iso7816.c:129:iso7816_read_binary: returning with: Card command failed card.c:429:sc_read_binary: returning with: Card command failed card.c:311:sc_unlock: called card.c:414:sc_read_binary: sc_read_binary() failed: Card command failed card.c:311:sc_unlock: called pkcs15.c:802:__sc_pkcs15_search_objects: DF parsing failed: Card command failed Certificate enumeration failed: Card command failed pkcs15.c:745:sc_pkcs15_unbind: called card.c:311:sc_unlock: called card.c:236:sc_disconnect_card: called card.c:251:sc_disconnect_card: returning with: 0 ctx.c:732:sc_release_context: called -->8-snap->8-- These are the corresponding APDUs: APDU: 00 A4 08 00 04 50 15 44 04 00 SW: 6F 1C 80 02 04 00 82 06 05 B5 00 FE 00 01 83 02 44 04 85 01 01 86 07 00 00 00 FF FF FF 73 90 00 APDU: 00 B0 00 00 F8 SW: 69 81 -- Henryk Plötz Grüße aus Berlin ~~~~~~~ Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~~~~~ ~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
pgphw6mh9efST.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
