Hi Peter,
sorry for the delay, I have been out of office.
When I delete the lines 1309-1314, nothing is better with
the TCOS card via Xiring. And the PIN of the CardOS card is not
accepted by firefox despite the fact, that you still can verify it
via opensc-tool.
Below I insert the analysis of my log file by Patrice Martin (Xiring).
I do not know how to test his suggestion, but I think it might also be
the solution for some other card readers that have problems
with the TCOS card.
Grüße
Johannes
-----------------------------------
From: Patrice MARTIN <p.mar...@xiring.com>
Indeed, this SPE requests a PIN input from 6 to 16 digits and the screen of the
Myleo
reader supports 12 characters "*" displayed in the bottom line when the user
types his
PIN/PUK on the reader keypad.
Therefore, the SPE is rejected and the PIN is never prompted on the reader.
We noted that using CardOS cards, the behavior of SPE command is different: it
requests
a range of PIN/PUK length below 12 digits.
On your website, it is mentioned that the PIN of the smart card consists of 6
digits
and the PUK consists of 8 digits maximum.
An update of the application, communicating with the smart card, used through
the web
browser could solve this issue: just change the range regarding the length
value of
digits required for the PIN/PUK during SPE command (Verify PIN and Modify PIN)
from 6
to 12. Then, the Myleo reader will enable you to be perfectly used by all the
students
with old and new cards.
Please let me know your comments and feedbacks.
Kind regards,
Patrice
Am Samstag 16 Juli 2011 schrieb Peter Koch:
> Hi Johannes!
>
> 2011/7/15 Johannes Becker <johannes.bec...@hrz.uni-giessen.de>
>
> > Hello,
> >
> > I'm testing a new Firmware for the Xiring MyLeo card reader. It
> > will support extended APDU. It works with a CardOS chip, but
> > with a TCOS chip firefox displays quickly the small window asking
> > you to enter the pin on the pinpad several times. You have no chance
> > to do so and there is subsequently no connection to the web site.
> >
> > To help the Xiring developers, does anybody know how to find the crucial
> > point in the log
>
> Here it is:
>
> Control TxBuffer: 1E 1E 02 00 00 10 06 02 FF 00 00 00 00 00 00 05 00 00 00
> 00 20 00 00 00
> -> 000000 69 14 00 00 00 00 39 00 00 00 00 1E 02 00 00 10 06 02 FF 00 00 00
> 00 00 00 00 20 00 00 00
> <- 000000 80 02 00 00 00 00 39 00 00 00 6B 80
> Control RxBuffer: 6B 80
>
> Your CardOS card has a fixed length PIN format while your TCOS card has a
> variable length PIN format. The PC/SC standard is not precise when it comes
> to secure PIN entry with avariable length PIN format.
>
> Some reader expect just 4 bytes (CLA INS P1 P2) without Le. Some other
> readers insist on getting a 0-Le byte. And very few readers handle both
> cases.
>
> OpenSC uses 5 bytes in the control buffer: 05:00:00:00 is the length
> followed
> by 00:20:00:00:00 with is CLA:INS:P1:P2:Le.
>
> The OpenSC developers could change this to 04:00:00:00 - 00:20:00:00
> and maybe your Xiring-reader will work then. But several other readers
> will stop working with this modification, so I would not suggest to do
> this.
>
> But you can try yourself. In function part10_build_verify_pin_block()
> in file reader-pcsc.c (line 1309-1314) you will find
>
> /* Copy data if not Case 1 */
> if (data->pin1.length_offset != 4) {
> pin_verify->abData[offset++] = apdu->lc;
> memcpy(&pin_verify->abData[offset], apdu->data, apdu->datalen);
> offset += apdu->datalen;
> }
>
> Just remove them and give it a try.
>
> So please tell the Xiring developers to change their firmware such that
> both versions are supported.
>
> And they should use better return codes than 6B:80 (no idea what this
> SW-value is supposed to mean)
>
> Peter
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
