Hello again, I enrolled an IAS/ECC card with certsrv and explored it with OpenSC tools. I realized that Gemalto M/W does store certificate under Generic application, and not ECC eId at all !
So, here is the certificates and keys dump : > pkcs15-tool --bind-to-aid E828BD080FD25047656E65726963 -k -c -v > Using reader with a card: SpringCard CSB6 Family Contact 0 > Connecting to card in reader SpringCard CSB6 Family Contact 0... > Using card driver IAS-ECC. > Trying to find a PKCS#15 compatible card... > Found ECC eID! > Card has 1 certificate(s). > X.509 Certificate [Nicolas DUHAMEL's ID] > Flags : 2 > Authority: no > Path : E828BD080FD25047656E65726963::b001 > ID : 24804BC5CE68B229A3D812C1FE871DECEC134468 > Access Rules: read:<always>; update:C1; delete:C1; > Encoded serial: 02 0A 18B6545600010000004E > Card has 2 private key(s). > Private RSA Key [Nicolas DUHAMEL's ID] > Com. Flags : 3 > Usage : [0x26], decrypt, sign, unwrap > Access Flags: [0x15], sensitive, alwaysSensitive, local > Access Rules: update:C1; execute,pso_decrypt,int_auth:C1; > Supported algorithms: 6, 5 > ModLength : 1024 > Key ref : 137 > Native : yes > Path : E828BD080FD25047656E65726963:: > Auth ID : C1 > ID : 625299F4A603903CBD76D53190C49A22C13FE02F > Subject : > 306B31133011060A0992268993F22C6401191603636F6D31173015060A > 099226... > Private RSA Key [Nicolas DUHAMEL's ID] > Com. Flags : 3 > Usage : [0x26], decrypt, sign, unwrap > Access Flags: [0x15], sensitive, alwaysSensitive, local > Access Rules: update:C1; execute,pso_decrypt,int_auth:C1; > Supported algorithms: 6, 5 > ModLength : 1024 > Key ref : 138 > Native : yes > Path : E828BD080FD25047656E65726963:: > Auth ID : C1 > ID : 24804BC5CE68B229A3D812C1FE871DECEC134468 > Subject : > 306B31133011060A0992268993F22C6401191603636F6D31173015060A > 099226... My last question is : what is the best way to get the same results through OpenSC ? I'm trying to answer now, please give me feedback about it : pkcs15-init -X cert.cer -f DER --bind-to-aid E828BD080FD25047656E65726963 -v pkcs15-init -G rsa1024 --bind-to-aid E828BD080FD25047656E65726963 --auth-id C1 --key-usage digitalSignature,keyEncipherment -v , used twice ? Regards, Benjamin ALLEMAND 2011/10/5 Benjamin ALLEMAND <benallem...@gmail.com> > Thanks ! > > You're right, certificate has been stored ! > > and the command gives : > >> pkcs15-tool --bind-to-aid E828BD080FD >> 2504543432D654944 -k -c >> >> Using reader with a card: SpringCard CSB6 Family Contact 0 >> X.509 Certificate [Certificate] >> Flags : 2 >> Authority: no >> Path : E828BD080FD2504543432D654944::b000 >> ID : A001 >> Access Rules: read,update,delete:<always>; >> Encoded serial: 02 0A 6122B6C300010000002E >> X.509 Certificate [Certificate] >> Flags : 2 >> Authority: no >> Path : E828BD080FD2504543432D654944::b001 >> ID : A001 >> Access Rules: read,update,delete:<always>; >> Encoded serial: 02 0A 6122B6C300010000002E >> X.509 Certificate [Certificate] >> Flags : 2 >> Authority: no >> Path : E828BD080FD2504543432D654944::b002 >> ID : A001 >> Access Rules: read,update,delete:<always>; >> Encoded serial: 02 0A 6122B6C300010000002E > > > So, if I am right, I know must request SmartCard logon certificate from > PKI, and store this certificate as I've done with this one (three times, > lol) ? Maybe I'll have to store the certificate chain, I have to compare > with the certificates which are stored when I use certsrv (microsoft > certificate services enrollment web page)... > > Thanks a lot by the way ! > > 2011/10/5 Viktor Tarasov <viktor.tara...@gmail.com> > >> Le 05/10/2011 11:59, Benjamin ALLEMAND a écrit : >> >>> FYI, the associated log in attachment >>> >>> 2011/10/5 Benjamin ALLEMAND <benallem...@gmail.com <mailto: >>> benallem...@gmail.com>**> >>> >>> >>> I also explored the other ADF (ECC EID), and it already >>> contains all the file system. >>> Is it possible, through OpenSC, to put data in that file >>> system ? >>> >>> >>> Yes, if you have the keyset values present on your card. (Normally >>> any changes of file system in protected applications are protected by SM). >>> >>> >>> I tried the following command : >>> >>> pkcs15-init.exe -X cert.cer -f DER --id A001 --bind-to-aid >>> E828BD080FD2504543432D654944 >>> >>> Using reader with a card: SpringCard CSB6 Family Contact 0 >>> TODO: Encode contactless ACLs and life cycle status for all >>> IAS/ECC cards >>> >>> >>> But it has not written any data in targeted file ID : >>> >>> >> >> According to logs it has been written: >> (into application protected by SM -- so your card has default value of the >> keysets). >> >> Do: >> # pkcs15-tool --bind-to-aid E828BD080FD2504543432D654944 -k -c >> >> >> >> >>> opensc-explorer.exe >>> OpenSC Explorer version 0.13.0-svn >>> Using reader with a card: SpringCard CSB6 Family Contact 0 >>> Serial: 984000001079955F >>> OpenSC [3F00]> cd aid:**E828BD080FD2504543432D654944 >>> OpenSC [E828BD080FD2504543432D654944]**> cat A001 >>> 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000000A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000000C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000001A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000001B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000001C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000001D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000001E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000001F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000002A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000002B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000002C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000002D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000002E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000002F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000003A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000003B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000003C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000003D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000003E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000003F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000004A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000004B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000004C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000004D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000004E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000004F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 00000590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000005A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000005B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000005C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >>> ................ >>> 000005D0: 00 00 00 00 00 00 00 00 00 00 00 00 >>> ............ >>> >>> >>> If you have any idea of what problem it may be... >>> >>> >>> >> >
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
