Thanks for your thoughts. I have since spent some time debugging with Windows as suggested and made some headway. I believe I ran into some of the same non-standard problems you mentioned about the file structure the Initialization Tool installs. I go to do a simple thing like dump all the files on the card and the PCSC driver barfs and crashes.
I've started to make some progress with the ACOS5 driver, though, and will try to at least get it to some basic operational state as I have some more time to work on it. Since I initialized the card on Windows with the clear option enabled, I believe I should be able to always re-clear the card... but if it does brick the card at some point, I have a stack of them, so it's alright. ;) ~Greg Mefford On Mon, Mar 8, 2010 at 11:50 AM, Ian Young <[email protected]> wrote: > > On 5 Mar 2010, at 17:34, Greg Mefford wrote: > >> It seems like the card software includes some >> Windows tools (which is fine with me if that's what it takes to get >> started) and a bunch of technical documentation, but not much >> practical help in how to actually use the thing. > > Right. As far as I know, that's all there is. > >> The tools are available on Windows to initialize the card >> (whatever that actually means...) and administrate it, but the admin >> tools seem pretty useless without some idea of what buttons to press >> in what order. > > The Windows administration utility places a file system on the card, > essentially, and then lets you load keys and certificates into it. Once > you've done that, you can plug the PKCS#11 library they provide into, say, > Thunderbird and use it for e-mail. That all works pretty well. > > The file system is *almost* standards compliant, except where it just isn't. > For example, the thing that finally killed my attempts with this card is that > they lay down an illegal ASN.1 encoding of something or other (sorry, my > notes are elsewhere) which means that processing what the Windows utility > lays down with anything other than their software is problematic. > > Note that the administration utility does *NOT* put a development card into > production mode. This means that with an appropriate tool (which they no > longer supply in the current SDK, as if that helps) you can *always* set the > card to its initial state (or, I suspect, read its contents) unless you've > set it to production mode with *another* tool (which they *also* don't give > you unless you know to ask about it). So unless you're just playing around, > don't make assumptions about for example the secrecy of information on the > card. > >> I have been working for a few days on trying to figure >> out how to create an encryption key in the card using the Card Tool >> without success. > > The card tool, so-called, is much much lower level. In theory, you can do > anything at all with it, but you need to know what you're doing and as > Andreas says you can lock the card doing so. If you actually want to create > a key on the card, you need to have a file to put it in first, and that would > be non-trivial to do with the card tool. It's easy with the administration > utility, but then your problem is the weirdness in the rest of what's laid > down by that tool. > >> Anyone using this card successfully in any capacity that could help me >> get started? Once I understand how this thing works, I'm interested in >> making it work with OpenSC, but if it currently only works on Windows, >> that's fine for now. > > I'm using these cards in production, but not with OpenSC. I spent about a > solid week on it, and got a bit further than you did (I think I got a very > dirtily modified OpenSC to do 1024-bit private key operations, and I probably > still have that code somewhere) but in the end it was simpler for my purposes > just to deploy on Windows and use their library. Don't underestimate the > amount of work required to get something like this going, is all I'm saying. > > -- Ian > > > > _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
