Dear all,
I’m trying to use the minidriver delivered with OpenSC 12.1 RC1 in order to
perform Smartcard logon on a XP or 2008 PC. So far, it’s not fully successful.
I have personalized my card using the following commands:
- pkcs15-init -C -T
- pkcs15-init -P --auth-id 01
- pkcs15-init -X c:\logoncertificate.der -f DER
- pkcs15-init -S c:\logonuserkey.pem --auth-id 01
When I perform a pkcs15-tool -D, I get this:
" PKCS#15 Card [OpenSC Card]:
Version : 0
Serial number : 0C07548051221F22
Manufacturer ID: OpenSC Project
Last update : 20110510092550Z
Flags : EID compliant
PIN [Security Officer PIN]
Object Flags : [0x3], private, modifiable
ID : ff
Flags : [0x92], local, initialized, soPin
Length : min_len:4, max_len:16, stored_len:8
Pad char : 0x00
Reference : 2
Type : ascii-numeric
Path : 3f005015
PIN []
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x12], local, initialized
Length : min_len:4, max_len:16, stored_len:8
Pad char : 0x00
Reference : 4
Type : ascii-numeric
Path : 3f005015
Private RSA Key [Private Key]
Object Flags : [0x3], private, modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 1024
Key ref : 0 (0x0)
Native : yes
Path : 3f0050150100
Auth ID : 01
ID : f9e3108ba923338ad5c03c3e7c29c9a1483a4fb7
GUID : {f9e3108b-a923-338a-d5c0-3c3e7c29c9a1}
Public RSA Key [Public Key]
Object Flags : [0x2], modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 1024
Key ref : 0
Native : no
Path : 3f0050153003
ID : f9e3108ba923338ad5c03c3e7c29c9a1483a4fb7
X.509 Certificate [Certificate]
Object Flags : [0x2], modifiable
Authority : no
Path : 3f0050153104
ID : f9e3108ba923338ad5c03c3e7c29c9a1483a4fb7
GUID : {f9e3108b-a923-338a-d5c0-3c3e7c29c9a1}
Encoded serial : 02 0A 6173874100000000005C"
I have added this in the registry to make my card recognized:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ASEPCOS
Smartcard logon]
"ATR"=hex:3b,d6,18,00,81,b1,80,7d,1f,03,80,51,00,61,10,30,8f
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
If I perform a "certutil -scinfo" or a SSL connection using IE, everything
works fine, the certificate is well propagated into the IE store & the
signature is successful. But if I try to perform a smartcard logon, I get the
following error in the event log:
"An error occurred while decrypting a message: Bad Data".
I get the same error on XP or 2008 (both 32 bits). Of course, the same
certificate & keys works fine with a different card & minidriver.
I have also tried to configure the card using the "onepin" option but the
results are the same. I have also tried the latest release from the nightly
builds.
Thanks for your help, I can provide some logs if needed.
Regards,
William
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage
exclusif de ses destinataires. Il peut également être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant
être assurée sur Internet, la responsabilité du groupe Atos Origin ne pourra
être recherchée quant au contenu de ce message. Bien que les meilleurs efforts
soient faits pour maintenir cette transmission exempte de tout virus,
l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne
saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for
the addressee; it may also be privileged. If you receive this e-mail in error,
please notify the sender immediately and destroy it. As its integrity cannot be
secured on the Internet, the Atos Origin group liability cannot be triggered
for the message content. Although the sender endeavours to maintain a computer
virus-free network, the sender does not warrant that this transmission is
virus-free and will not be liable for any damages resulting from any virus
transmitted.
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
