Re: [opensc-devel] Fail to initialize aladdin etoken pro 64k with pcks15-init

2012-01-02 Thread Viktor Tarasov 
Hello,

Le 30/12/2011 15:05, Felix Code a écrit :
> this problem has bothered me for many days, and after I have searched google  
> with great efforts then asked some people, I still can't solve it, so I ask 
> you here.
>
> the problem is I can't using "pkcs15-init -C" to initialize my etoken.
>
> my etoken is Aladdin etoken Pro 64K and I'm using debian 6.0 wheezy, opensc 
> is compiled from svn repository(also have used released version before)

The following commands works for the 'CardOS v4.3B'. In OpenSC this card is 
supported by the same driver as yours.
# cardos-tool -f
# pkcs15-init -E
# pkcs15-init -C --label "Test" -P --auth-id 53434D --so-pin "12345678" 
--so-puk "123456" --pin "" --puk ""

If these commands do not works with the sources that you've compiled, try the 
sources from
https://github.com/viktorTarasov/OpenSC/tree/secure-messaging

That are the sources that I'm currently working with and testing. For me it'll 
be easier to help you with these sources.

Kind regards,
Viktor.






>
> before I try to use opensc, I have already initialized etoken with safenet 
> authentication client tools from Aladdin, I've read the FAQ on the opensc 
> website, but I don't know after reinitialize etoken with SAC, is there free 
> space for opensc? and how
> should I initialize my etoken so that I can use it in opensc?
>
> I have both used pcscd and openct, and now I'm using openct.
>
>
> here is some information:
>
> #opensc-tool -l
> # Detected readers (openct)
> Nr.  Card  Features  Name
> 0Yes Aladdin eToken PRO 64k
> 1No  OpenCT reader (detached)
>
> #opensc-tool -ian
> opensc 0.12.2 [gcc  4.6.2]
> Enabled features: zlib openssl openct
> Using reader with a card: Aladdin eToken PRO 64k
> 3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a
> CardOS M
>
> #cardos-tool -i
> Using reader with a card: Aladdin eToken PRO 64k
> 3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a
> Info : CardOS V4.2 (C) Siemens AG 1994-2003
> Chip type: 124
> Serial number: 25 c5 37 17 2e 06
> Full prom dump:
> 33 66 00 09 61 61 61 61 7C FF 25 C5 37 17 2E 06 3f..|.%.7...
> 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 
> OS Version: 200.6 (that's CardOS M4.2)
> Current life cycle: 32 (administration)
> Security Status of current DF:
> Free memory : 1024
> ATR Status: 0x0 ROM-ATR
> Packages installed:
> E1 09 01 04 1C 01 C8 06 8F 01 01 E1 09 01 04 13 
> 02 C8 06 8F 01 01   ..
> Ram size: 4, Eeprom size: 64, cpu type: 66, chip config: 63
> Free eeprom memory: 42556
> System keys: PackageLoadKey (version 0x00, retries 10)
> System keys: StartKey (version 0xff, retries 10)
> Path to current DF:
>
> #pkcs15-init -E
> Using reader with a card: Aladdin eToken PRO 64k
>
> #pkcs15-init -C
> Using reader with a card: Aladdin eToken PRO 64k
> Failed to read PIN: Not supported
> Failed to create PKCS #15 meta structure: Generic PKCS#15 initialization error
>
>
> here is the opensc debug log level 9:
>
> 0xb74376c0 23:55:29.411 [pkcs15-init] ctx.c:659:sc_context_create: 
> ===
> 0xb74376c0 23:55:29.411 [pkcs15-init] ctx.c:660:sc_context_create: opensc 
> version: 0.12.2
> 0xb74376c0 23:55:29.411 [pkcs15-init] reader-openct.c:72:openct_reader_init: 
> called
> 0xb74376c0 23:55:29.411 [pkcs15-init] sc.c:195:sc_detect_card_presence: called
> 0xb74376c0 23:55:29.411 [pkcs15-init] 
> reader-openct.c:173:openct_reader_detect_card_presence: called
> 0xb74376c0 23:55:29.411 [pkcs15-init] sc.c:200:sc_detect_card_presence: 
> returning with: 1
> Using reader with a card: Aladdin eToken PRO 64k
> 0xb74376c0 23:55:29.411 [pkcs15-init] sc.c:195:sc_detect_card_presence: called
> 0xb74376c0 23:55:29.411 [pkcs15-init] 
> reader-openct.c:173:openct_reader_detect_card_presence: called
> 0xb74376c0 23:55:29.411 [pkcs15-init] sc.c:200:sc_detect_card_presence: 
> returning with: 1
> 0xb74376c0 23:55:29.411 [pkcs15-init] card.c:115:sc_connect_card: called
> 0xb74376c0 23:55:29.411 [pkcs15-init] 
> reader-openct.c:196:openct_reader_connect: called
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:136:sc_connect_card: matching 
> configured ATRs
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:175:sc_connect_card: matching 
> built-in ATRs
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:180:sc_connect_card: trying 
> driver: cardos
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:829:match_atr_table: ATR : 
> 3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:840:match_atr_table: ATR try : 
> 3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:843:match_atr_table: ignored - 
> wrong length
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:840:match_atr_table: ATR try : 
> 3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:843:match_atr_table: ignored - 
> wrong length
> 0xb74376c0 23:55:29.462 [pkcs15-init] card.c:840:match_atr_tab

[opensc-devel] pkcs11: support of 'RSA & hash' mechanisms

2012-01-02 Thread Viktor Tarasov 
Hello,

currently, when 'composed' mechanisms (like CKM_SHA1_RSA_PKCS) used,
the OpenSC PKCS#11 module 'helps' the cards with the first algorithm and 
calculates itself the hash.

Not all the cards are ready to accept such kindness of middleware. For example 
IAS/ECC card, when calculating digital signature,
needs to perform itself the final stage of hash.

For that reason I propose to introduce a new handler for the PKCS#15 framework 
object (private key),
that will be called by the handlers of mechanisms (signature and decryption)
to get know if card can itself perform totally the asked mechanism.

https://github.com/viktorTarasov/OpenSC/commit/7b2cf6f1d8010552350ff51ed31903e4deeef3db

Kind regards,
Viktor.




___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Securing a 3DES key on smartcard

2012-01-02 Thread Nikos Mavrogiannopoulos 
2012/1/2 Jean-Michel Pouré - GOOZE :
> Dear all,
> Is there a way to store a 3DES key on smartcard, so it cannot be
> extracted but still be usable by OpenSSL?

PKCS #11 allows that but opensc didn't support secret keys last time I
checked. Symmetric keys in smart-cards could be useful for Kerberos
and TLS-PSK (with C_DigestKey). However none of those two have ever
been used with such smart-cards to my knowledge.

regards,
Nikos
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel