Hi Andreas,
Andreas Jellinghaus wrote:
> is there anyway we can decide if a card was initialized with opensc
> or with some other software? I tried p15card->label, but that is wrong,
> even "pkcs15-init -C --label "my own label"" will set it to some different
> value.
>
> we need to release a new version of opensc with pkcs15-tool security
> check fixed, so it works for those people, who used
> the "pkcs15-init --create --label" options too.
>
> if anyone comes up with a good test to find out if a card (or more specific:
> a smart card with siemens cardOS m4) has been initialized with opensc,
> that would be nice. if not, I hope the combination of the other tests we have
> in place will be sufficient too.
>
I am not sure if there is a good test to determine if a card/token was
initialized using opensc; I'm using Aladdin eTokens a lot, based on
Siemens CardOS 4.2B, with both Aladdin's software (RTE and pkclient) and
with opensc 0.11.4 .
Cards initialized with opensc seems to have 2 entries that are not there
on cards that are untouched by opensc:
# opensc-explorer -r 3
OpenSC Explorer version 0.11.4
OpenSC [3F00]> ls
FileID Type Size
[6666] DF 256 Name: AKS
[5015] DF 4096 Name: \xA0\x00\x00\x00cPKCS-15
2F00 wEF 128
that is, the DF 5015 and a EF 2F00 . Note that even after
pkcs15-init -E -C
the Aladdin directory structure [6666] is still there ....
Some other info about the card structure :
OpenSC [3F00]> cat 2F00
00000000: 61 1E 4F 0C A0 00 00 00 63 50 4B 43 53 2D 31 35 a.O.....cPKCS-15
00000010: 50 08 77 68 61 74 65 76 65 72 51 04 3F 00 50 15 P.whateverQ.?.P.
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
OpenSC [3F00]> info 2F00
Elementary File ID 2F00
File path: 3F00/2F00
File size: 128 bytes
EF structure: Transparent
ACL for READ: NONE
ACL for UPDATE: NONE
ACL for DELETE: NONE
ACL for WRITE: NONE
ACL for REHABILITATE: NONE
ACL for INVALIDATE: NONE
ACL for LIST_FILES: N/A
ACL for CRYPTO: N/A
Proprietary attributes: 00
Security attributes: 00 00 00 00 00 00 00 00 00
OpenSC [3F00]> info
Dedicated File ID 3F00
File path: 3F00
File size: 1024 bytes
ACL for SELECT: N/A
ACL for LOCK: NONE
ACL for DELETE: NONE
ACL for CREATE: NONE
ACL for REHABILITATE: NONE
ACL for INVALIDATE: NONE
ACL for LIST FILES: N/A
ACL for CRYPTO: N/A
ACL for DELETE SELF: N/A
Proprietary attributes: 01 56 A1
Security attributes: 00 00 00 00 00 00 FF 00
What other tools are out there to initialize CardOS tokens/cards with?
which cards are based on CardOS M4+ ?
I'd test for the existence of a directory structure [5015], plus the
existence of the file 2F00 and make sure that the name of the token
('whatever' in the sample output above) is the same in both the file
2F00 and the file [5015]/5032
I can email (off-list) you the directory contents (opensc-tool -f) for a
card initialized with opensc and one initialized using Aladdin's RTE
software, if that would help.
cheers,
JJK / Jan Just Keijser
Nikhef Amsterdam
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
