Ludovic Rousseau wrote:
> 2010/5/13 Viktor TARASOV <viktor.tara...@opentrust.com>:
>
>> Viktor TARASOV wrote:
>>
>>> Hello Ludovic,
>>>
>>>
>>> Ludovic Rousseau wrote:
>>>
>>>
>>>> 2010/5/11 Viktor TARASOV <viktor.tara...@opentrust.com>:
>>>>
>>>>
>>>>
>>>>> Ludovic Rousseau wrote:
>>>>>
>>>>>
>>>>>
>>>>>> 2010/5/11 Viktor TARASOV <viktor.tara...@opentrust.com>:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>> I can send an OpenSC log file level=99 (200 KB uncompressed) if needed.
>>>>>>>> I use the current SVN version of OpenSC.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Please, do it.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Attached. bzip2 compressed.
>>>>>>
>>>>>> I have a Feitian smart card and use the entersafe card driver.
>>>>>>
>>>>>> It may be an entersafe card driver bug.
>>>>>> log says:
>>>>>> 0xb7b476b0 16:40:59.112 [opensc-pkcs11]
>>>>>> iso7816.c:102:iso7816_check_sw: Security status not satisfied
>>>>>> 0xb7b476b0 16:40:59.112 [opensc-pkcs11]
>>>>>> card-entersafe.c:900:entersafe_compute_with_prkey: internal set
>>>>>> security env failed: Security status not satisfied
>>>>>> 0xb7b476b0 16:40:59.112 [opensc-pkcs11] sec.c:56:sc_compute_signature:
>>>>>> returning with: -1211
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> OK, thanks.
>>>>>
>>>>> I have this card and I'll look it before the end of
>>>>> this week (with 'Gemalto PC PinPad Reader').
>>>>>
>>>>>
>>>>>
>>>> I think you will need this patch to use the Gemalto pinpad:
>>>>
>>>> Index: src/libopensc/card-entersafe.c
>>>> ===================================================================
>>>> --- src/libopensc/card-entersafe.c (revision 4340)
>>>> +++ src/libopensc/card-entersafe.c (working copy)
>>>> @@ -938,7 +938,7 @@
>>>> {
>>>> pin->encoding = SC_PIN_ENCODING_ASCII;
>>>> pin->min_length = 4;
>>>> - pin->max_length = 16;
>>>> + pin->max_length = 8;
>>>> pin->pad_length = 16;
>>>> pin->offset = 5 + num * 16;
>>>> pin->pad_char = 0x00;
>>>>
>>>> The reader does not accept PIN longer than 8. I willl write about that
>>>> on my blog [1] later.
>>>>
>>>>
>>>>
>>> Using actual trunk I cannot sign with Feitian card neither with
>>> conventional reader nor with pin pad.
>>> The reason, afais, in both cases is the same -- after user PIN was
>>> validated, the signing key parent DF is selected by full path. Feitian
>>> UserPIN is local one, and so its 'validated' flag is lost. (Still to be
>>> looked for -- why PKCS#15 pin cache is not working here.)
>>>
>>> In fact, there is no real need to select key DF -- it's already selected
>>> by the previous operations,
>>> but the card->cache (that keeps current path) is invalidated and
>>> 'compute signature' procedure has to other way to ensure sign key's DF
>>> then re-selection.
>>>
>>> To keep valid card->cache (and current path) I'll do two small changes
>>> to trunk:
>>> - in entersafe profile for the user PIN add flag 'local' (in fact it's
>>> really 'local', but actual profile has no this flag);
>>> - set default value of 'lock_login' to 'true' (as it stated by the
>>> comments in opensc.conf, but not in reality) .
>>>
>>> After these changes, the card->cache->current_path will be properly
>>> filled up when verifying PKCS#15 PIN,
>>> and card->cache will not be invalidated between 'C_Login' and 'C_Sign'.
>>>
>>>
>> It 'works for me' in trunk r4346 with 'Gemalto PC Pinpad Reader'.
>>
>
> I am using trunk r4351 and I still have the same problem.
> Have you fixed the problem?
> If yes, in which revision?
>
>
In r4346.
Check if your 'entersafe.profile' has 'local' flag for PIN.
I've used "one-pin" initialization. My patch do not changes PIN flags
for the 'normal' initialization.
If you are using this one -- change default PIN flags.
Check the 'lock_login' in your opensc.conf . You can explicitly set it
to "true'.
Send me the full logs, please.
> Bye
>
Regards,
Viktor.
--
Viktor Tarasov <viktor.tara...@opentrust.com>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
