I've been working on getting applications to use the 'NSS Shared DB':
https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX
I have the basics working, with certificates in /etc/pki/nssdb being
used in addition to the user-specific certificates (and keys) in
~/.pki/nssdb. This is working with firefox, evolution, etc.
I received a bug report from a user using smart cards, and wanted to
test it -- so I bought a 'Crypto Stick v1.2' from German Privacy
Foundation, after seeing that the CCID driver supported it.
Unfortunately, I didn't realise that this only seems to mean that the
_reader_ is supported; the OpenPGP v2 card that's soldered into it is
not.
The patch below makes it look like it's kind of working, but not for
anything useful. It may be obvious that I have no clue what I'm doing;
any pointers would be gratefully appreciated. Including "don't bother
with that; just buy one of <these>.". I'm in the UK.
$ pkcs15-init -C
Using reader with a card: German Privacy Foundation Crypto Stick v1.2 00 00
resp len 17: 62 15 84 10 d2 76 00 01 24 01 02 00 00 05 00 00 05 4b 00 00 8a 01
05
[pkcs15-init] pkcs15-lib.c:322:sc_pkcs15init_bind: Unsupported card driver
openpgp
Couldn't bind to the card: Not supported
$ pkcs15-tool -D
Using reader with a card: German Privacy Foundation Crypto Stick v1.2 00 00
resp len 17: 62 15 84 10 d2 76 00 01 24 01 02 00 00 05 00 00 05 4b 00 00 8a 01
05
PKCS#15 Card [OpenPGP Card]:
Version : 512
Serial number : d27600012401020000050000054b0000
Manufacturer ID: OpenPGP project
Language : de
Flags : Login required, PRN generation, EID compliant
PIN [Signature PIN]
Com. Flags: 0x3
ID : 01
Flags : [0x13], case-sensitive, local, initialized
Length : min_len:0, max_len:32, stored_len:32
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f00
Tries left: 3
PIN [Encryption PIN]
Com. Flags: 0x3
ID : 02
Flags : [0x13], case-sensitive, local, initialized
Length : min_len:0, max_len:32, stored_len:32
Pad char : 0x00
Reference : 2
Type : ascii-numeric
Path : 3f00
Tries left: 0
PIN [Admin PIN]
Com. Flags: 0x3
ID : 03
Flags : [0x9B], case-sensitive, local, unblock-disabled,
initialized, soPin
Length : min_len:0, max_len:32, stored_len:32
Pad char : 0x00
Reference : 3
Type : ascii-numeric
Path : 3f00
Tries left: 3
Private RSA Key [Signature key]
Com. Flags : 3
Usage : [0x20C], sign, signRecover, nonRepudiation
Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 0
Native : yes
Path :
Auth ID : 01
ID : 01
Private RSA Key [Encryption key]
Com. Flags : 3
Usage : [0x22], decrypt, unwrap
Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 1
Native : yes
Path :
Auth ID : 02
ID : 02
Private RSA Key [Authentication key]
Com. Flags : 3
Usage : [0x200], nonRepudiation
Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 2
Native : yes
Path :
Auth ID : 02
ID : 03
Public RSA Key [Signature key]
Com. Flags : 2
Usage : [0xC0], verify, verifyRecover
Access Flags: [0x2], extract
ModLength : 1024
Key ref : 0
Native : no
Path : b601
Auth ID : 03
ID : 01
Public RSA Key [Encryption key]
Com. Flags : 2
Usage : [0x11], encrypt, wrap
Access Flags: [0x2], extract
ModLength : 1024
Key ref : 0
Native : no
Path : b801
Auth ID : 03
ID : 02
Public RSA Key [Authentication key]
Com. Flags : 2
Usage : [0x40], verify
Access Flags: [0x2], extract
ModLength : 1024
Key ref : 0
Native : no
Path : a401
Auth ID : 03
ID : 03
--- opensc-0.11.13/src/libopensc/card-openpgp.c~ 2010-02-16
09:03:28.000000000 +0000
+++ opensc-0.11.13/src/libopensc/card-openpgp.c 2010-07-07 16:12:57.381970916
+0100
@@ -27,6 +27,7 @@
static struct sc_atr_table pgp_atrs[] = {
{ "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL,
NULL, SC_CARD_TYPE_OPENPGP_GENERIC, 0, NULL },
+ { "3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c",
NULL, NULL, SC_CARD_TYPE_OPENPGP_GENERIC, 0, NULL },
{ NULL, NULL, NULL, 0, 0, NULL }
};
--- opensc-0.11.13/src/libopensc/iso7816.c~ 2010-02-16 09:03:28.000000000
+0000
+++ opensc-0.11.13/src/libopensc/iso7816.c 2010-07-07 16:43:29.184100656
+0100
@@ -456,6 +456,10 @@ static int iso7816_select_file(sc_card_t
SC_FUNC_RETURN(card->ctx, 2, 0);
SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1,
apdu.sw2));
}
+ printf("resp len %x:", apdu.resplen);
+ for (r = 0; r < apdu.resplen; r++)
+ printf(" %02x", apdu.resp[r]);
+ printf("\n");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
if (r)
@@ -464,6 +468,7 @@ static int iso7816_select_file(sc_card_t
if (apdu.resplen < 2)
SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED);
switch (apdu.resp[0]) {
+ case 0x62:
case 0x6F:
file = sc_file_new();
if (file == NULL)
--
dwmw2
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
