Andreas, greetings -- On Mon, Feb 27, 2012 at 12:54 PM, Andreas Kroehnert <akroehn...@go-lan.net> wrote: > Hi Anthony, > > I think its more beneficial to respond to this list, rather than just your > comment you left on the blog.
Of course. Thank you for replying so quickly and so thoroughly! > The little OpenCT patch I've done was originally done for the "standard" ikey > 4000 (04b9:1206). But should also work for the "non-standard" one > (04b9:1400). I am not sure what to order at SafeNet to get the 1400 one, > could be the old CIP initialised, kinda old-school version, but I am not > sure. However all 4k tokens I've collected over the years, even the latest, > come with a PID of 1206. (Which actually should be an ikey 2k series PID. To > mess it up even more SafeNet now renamed/rebranded the ikey 4000 to eToken > 5000) Yes, it's a mess. It seems that SafeNet has sold a few different combinations of reader+smartcard all under the "iKey4000" name. Their NDA requirements might even be driven by the variety of suppliers... I just went through and checked my 6 samples: they're all 0x1206 variants. > Back to topic: In general its claimed that regardless of the PID, the > ikey4000 / SC400 is a CCID compliant device, but I never got it to work using > libccid. > > While developing the first attempt of the patch I was confused why the ATR > from the card contains a trailing byte before it continues with 0x3B... Might > be that this is messing up the CCID compatibility. For the moment I've just > chopped that first byte off and the card mostly responds as expected. > > It's also said that once the ATR has been sent the card shall behave > according to PIV for most commands. I wasn't able to confirm that either as > of now. Hm. Maybe these are enough hints for me to do some digging on my own. I won't be able to look at it in detail for a few weeks yet; I was sending out emails to try to get a sense of where the community stands regarding support for this token. > So far I got some new commercial assignments, so I didn't have a chance to > continue with the development. The next stage (as said in the blog) is to get > OpenSC patched to support the card. Right. I'm looking forward to seeing your code, when you get the opportunity to rebuild that RAID... > I am happy to provide the code I've done so far, unfortunately I've done it > on a VM that is now on a crashed RAID, which I switched off to wait for > replacement disks before I make any recovery attempts. Which should hopefully > in the next few days. Ouch, sorry to hear about that. That never happens at a convenient time, does it... Thanks once again for your help! Best regards, Anthony Foiani _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
