Harry Anuszewski wrote:
Hello,
I am using openSC-java and want to pull data off a Fips 201 piv card.
The things I’m interested in getting are the facial image and biometric
information. Basically sending some adpu commands and getting byte
arrays back. I know openSC is a very extensive library and have used the
basic functions of openSC-java for a few programs. I was wondering if
there was a way to use OpenSC to return the facial image and biometrics
of a person?
Yes, you can use pkcs11-tool and pkcs15-tool to do this. Note to read the
fingerprints, printed info or facial image requires the user PIN.
Attached is a simple script to copy all the objects off the card
into to the current directory. The certificates are dumped in two forms,
as the object (so may also be gzipped), and in PEM format as OpenSC can
extracting the certificate from the object.
The objects are in binary as defined in NIST 800-73-2 part 1.
which for the Facial Image just says there is a tag 0xBC length and data
of the "Image for Visual Verification" which is defined in other documents.
Decoding not cert objects is really out of scope of the OpenSC project.
I did write a test program to display the picture, and get some of the
other info from it. Send me some more e-mail on this.
This information is saved to the card. If this is not yet
possible I wouldn’t mind designing support for new features with a
little help of course. Basically what files would I need to modify?
No modifications are needed...
Thanks for any help
Harry
------------------------------------------------------------------------
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
#!/bin/bash
# Dump the objects on a PIV card in the reader.
# to the current directory.
# Although pkcs15-tool -C can do this, it dumps
# to the printer.
#
export LD_LIBRARY_PATH=/opt/smartcard/lib
export PATH=/opt/smartcard/bin:$PATH
PDA="pkcs11-tool -r -y data --application-id"
PDC="pkcs15-tool -r"
$PDA 2.16.840.1.101.3.7.1.219.0 > ccc
$PDA 2.16.840.1.101.3.7.2.48.0 > chuid
$PDA 2.16.840.1.101.3.7.2.48.2 > uchuid
# X.509 Certificate for PIV Authentication
$PDA 2.16.840.1.101.3.7.2.1.1 > cert.1.object
#X.509 Certificate for Digital Signature
$PDA 2.16.840.1.101.3.7.2.1.0 > cert.2.object
#X.509 Certificate for Key Management
$PDA 2.16.840.1.101.3.7.2.1.2 > cert.3.object
#X.509 Certificate for Card Authentication
$PDA 2.16.840.1.101.3.7.2.5.0 > cert.4.object
$PDA 2.16.840.1.101.3.7.2.144.0 > security.object
$PDC 01 > cert.1.txt
$PDC 02 > cert.2.txt
$PDC 03 > cert.3.txt
$PDC 04 > cert.4.txt
# next 3 need PIN
echo Will read PIN 3 times: fingerprints printedinfo and facialimage
$PDA 2.16.840.1.101.3.7.2.96.16 --login > fingerprints
$PDA 2.16.840.1.101.3.7.2.48.1 --login > printedinfo
$PDA 2.16.840.1.101.3.7.2.96.48 --login > facialimage
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel