Re: MUSCLE Is 61xx handled in your driver?
I agree that the application should not have to deal with this. But I don't think the driver should either. Anything that every driver must do in the same way really belongs at a higher level, in pc/sc. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Is 61xx handled in your driver?
When a card returns 61.xx, it means that the card has xx byte to return to host. Does a smartcard reader driver handle this, usually? My Todos driver does. It seemed useful at the time. I would like to know whether this is correct or not. Most other reader drivers I have looked at do not. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Schlumberger Cards with Gemplus reader
Apparently, at least with the Cyberflex, the card responds with its maximum speed and the Gemplus driver interprets this as the requested speed. If so, that would be a bug in the reader driver. The card remains at default timings until the reader sends it a PPS. By the way, the Cyberflex card actually will run at higher speeds than the atr would normally indicate. You can take advantage of the higher speeds by sending the card a ChangeJavaATR with different timings. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Error using an IBM MFC in GemPlus readers.
I didn't think there was a conflict at all between N and CWT/BWT. N is how long the reader waits before sending the next byte. CWT is how long it waits before giving up on receiving the next byte. BWT is how long it waits before giving up on receiving the next block. Also, I'm not getting the same proto bytes you are. I think TD2=31 says that TA3=ff and TB3=65, not TB3=FF and TC3=65. I'm just counting bits from the right side of the left half of TD2. That would give something like CWT=4 ms, BWT=6.4 sec, which seem like reasonable values. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Error using an IBM MFC in GemPlus readers.
The Gemplus reader shouldn't wimp out just because BWT is "reserved." My Todos driver does its best to talk to the card and uses defaults when the protocol parameters don't make sense. There are an amazing number of cards out there that aren't strictly 7816 compliant. Besides, isn't BWT given by TC1 in this case, not TC3? TC1 isn't present so it defaults? I don't have part 3 in front of me so I could be wrong. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE need help
When I looked in cyberflex toolkit they were requiring xcard. The xcard that I have ( provided in the toolkit) didn't work. I don't know the usefulness of xcard and can I get another tool with which I can work. I recommend you use "pay" from our web site: http://www.citi.umich.edu/projects/smartcard/cyberflex_starter/ I am working on a better tool but it's not done yet. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Disk encryption and more
Ok, so you have a bunch of executables and a table of pre-computed CRC's. No, you have a bunch of executables, and for each you have a crypto hash signed with a private key. You could store the public key in the secure rom, but this guy wants to use a smart card, presumably because he wants to be able to re-key. Of course the card and the secure hardware still have to share a key (or key pair) so they can mutually authenticate. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Disk encryption and more
Aren't CRC algorithms easy to reverse? Sorry for the sloppy terminology. Obviously this has to be a cryptographic hash, not just a crc. But I still think performance will not be a huge issue. dumaguete# ls -l /bsd -rwxr-xr-x 1 rees wheel 2172784 Jan 25 16:11 /bsd dumaguete# time md5 /bsd MD5 (/bsd) = c0f5740842c563d820906a318461d1e4 0.2u 0.0s 0:00.76 31.5% 0+0k 49+2io 13pf+0w *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Disk encryption and more
I know that checking the CRC of the executable can lead to slowlyness (have to load each page of it), but I don't think I have the choice. This shouldn't be slow at all. You have to load the pages anyway, right? I hope you're not thinking about sending the entire kernel to the card, that would be silly. Just ship the signed crc to the card for checking. I'm a little curious about the legal aspects. This certainly seems to go against the spirit of the GPL. But technically it's probably legal. The user can still modify the software, he just can't run it once he's modified it. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Disk encryption and more
I don't know about the rest of it, but a former colleague of mine worked on a secure booting system using a smartcard. I don't see anything on his web page about it but you could contact him directly. http://www.citi.umich.edu/u/itoi/ But if you really are concerned about "very skilled hackers" you will need significant hardware protection, like a processor with integrated boot code or an epoxy potted processor and boot rom module. Even then you won't be able to completely protect the system against everyone. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Linux Login with RSA SmartCards
For accessing remote computers (which the original query was about) something like ssh or secure telnet using smart card based keys for authentication would be more appropriate. Of course what you really want is for the session to be secure all the way to the card, not just to the terminal. And since you can't use the PIN as an encryption key, you need something like a diffie-hellman exchange. And since the terminal makes a perfect man-in-the-middle, you need to add some more protocol and use something like EKE, SPEKE, or OKE. We did all this and wrote a paper: N. Itoi, T. Fukuzawa, and P. Honeyman, "Secure Internet Smartcards," August 2000. Java Card Workshop, Cannes (September 2000). http://www.citi.umich.edu/projects/smartcard/scpapers.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Work Waiting Time question
I'm not sure how to calculate this value when etu = 1/9600 s (default value when there is no PTS): My interpretation of 7816-3 is that it should be a) wwt = 960 * WI * F / 3571200 But I could be wrong. In particular, Cyberflex almost always requires a longer wwt, and I usually set my own atr to increase it to about 5 seconds. So maybe it should be b) ? I will go re-read 7816-3 and see if I can make better sense of it. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE French translation needed
Would anyone like to do me a really big favor and help translate my Sesame application from English to French? I took a stab at it with the help of Babelfish but the result is pretty horrible. English and French versions are here: http://www.citi.umich.edu/u/rees/sesame-2001.txt http://www.citi.umich.edu/u/rees/sesame-2001-fr.txt *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Towitoko Chipdrive 100?
Has anyone used a Towitoko Chipdrive 100 with Carlos's driver? It's substantially cheaper than the 110 and looks like it should work just as well if you don't need memory card compatibility. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE pcsc problem?
0x77 is not a valid sw1. Read up on 7816-3. However, I think you are solving the timeout problem the wrong way. Your applet should stall by sending nulls (0x60) until it is ready with the reply. You do this by calling apdu.waitExtension(). You may also have to change the protocol bytes in your atr to give the card a longer wwt. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Uploading and activating Cardlet on a Schlumberger Access (Newbie question)
The "pay" application from CITI contains code to sign and load Cyberflex applets. You can get it here: http://www.citi.umich.edu/projects/smartcard/sc7816.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE SC on Atari (BOUNCE)
You can't just go #defining those things without understanding why they're needed. If they aren't in your system include files then your OS probably doesn't support them. You didn't say which driver you're trying to compile so I can't help trying to track this down. TCSETS, TIOCMBIS, etc are not standard termios things. They might be bsd. I don't see them in any of the towitoko drivers I looked at. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE timeout problem...
How can we increase the timeout? Is there something wrong in our ATR? That atr specifies a 35 second waiting time, which should be plenty (it also lies about the card type). One possibility is that your reader driver is ignoring the timing info in the atr. Have you tried a different reader? Can you get an apdu log and see where it's failing? You may need a very large number of calls to apdu.waitExtension(). *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE AMEX Blue Reader..
It's a Gemplus and uses the Gemcore version 1.2. The driver for the gcr410 should be pretty close, but I haven't heard from anyone who has tried it. Anyone get this to work? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE PCSC programming on Winsoz...
p.s.: How much is PCSC-Lite tied with Linux/Unix O.S. and unportable to Windows ? If you replaced serial-port primitives, would it (in theory) work under Windows ? It would be pretty funny if people started using MUSCLE pc/sc on Windows in preference to the Microsoft version. But I don't think it's likely. I used to have a Windows version of my Todos reader driver, and the changes were substantial. There might be some kind of unix emulation library for Windows that would make things easier. Even so, the rest of MUSCLE pc/sc would be quite a job to port. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Linux iButton support?
We have some iButton code, including an ifd driver that should work with muscle pc/sc, a Kerberos applet, and an ssh applet. You can get them here: http://www.citi.umich.edu/projects/smartcard/ibutton.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE PTS commmand
I think the driver should take care of protocol selection, and choose the "best" available (highest speed, prefer T=1) without bothering the application with the details. That's how my Todos/PC3 driver is written. Does anyone agree with me? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE RNG's
The "get challenge" apdu, 0x84, normally returns a random number. I once collected 160 bytes from a Payflex P1 card and ran some simple tests. I don't know how the rng is implemented in Payflex, and it's probably a highly guarded secret. If anyone wants to run some tests, the bits are here: http://www.citi.umich.edu/projects/smartcard/mc1-noise-200k.bin *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE cyberflex sdk for linux
You can get the class files by ordering the Windows sdk, but that would be an expensive way to do it. And you still need mksolo. I wonder if we could convince Schlumberger to re-release the linux sdk as unsupported software. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE cyberflex sdk for linux
The linux sdk was there two weeks ago, but now I can't find it. Maybe it has been removed now that Danny is gone. You can put most of it together yourself except for mksolo and the class files. The Readme is still there and describes what was in the sdk: http://www.cyberflex.slb.com/Support/cyberflex_linux_readme.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE CT-API problem
In CT-API specification have a function call CT-init(ctn,pn) About pn(PortNumber) how to define for PCMCIA card reader? Most pc-card smartcard readers emulate a terminal device (16550 uart or equiv). If yours does, just map port numbers to tty numbers like the other card drivers do. If it does something else, you'll have to be creative. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: [Smartsign-users] Re: MUSCLE ..Error communicating to: Schlumberger Reflex 62
I've tried differents values for "partial", "253" is the highest that worked. with 254 I would get the same error. Why does this happen? My guess is that there is a bug somewhere in the libraries or the reader driver, and that it is not allowing for the two status bytes. pc/sc has this bad habit of appending the status bytes to the data rather than treating them separately. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Re: Towitoko driver and T=1
I have modified Carlos's 1.6.3 driver to support T=1. You can get my patch here: http://www.citi.umich.edu/projects/smartcard/palmreader/pilot-serial.tar.gz You don't want the whole thing (it's a Palm driver), just the T=1 part. Take the scT1.c file and maybe scrw.h, and throw away the other source files. You probably want most of the patch. The important thing is the part that connects T1_Command() to scioT1(). *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Cyberflex atr
I've had several requests to clarify the Cyberflex atr issue. It's pretty confusing. Cyberflex has two atrs. One is called the "default loader atr" and the other is called the "java atr." If you have selected an applet to run at reset, via the ManageInstance apdu InitCurrent option, then you'll get the java atr. If not, you'll get the default loader atr. The default loader atr can't be changed. The java atr is made up of three parts, one of which is fixed, one is set by use of the ChangeJavaATR apdu, and one of which is determined in an obscure and stupid way by the applet itself. As shipped from the factory, the java atr is not a valid 7816 atr. If you forget to change it, or you change it to something that's invalid, you won't be able to talk to the card using standard muscle drivers. To make matters worse, the ChangeJavaATR apdu is not protected in any way, so anyone can disable a Cyberflex card by setting an invalid atr. You don't need to validate any keys to do this. So it makes sense to have a reader driver handy that can talk to a card with an invalid atr. I have seen other cards with invalid atrs, usually too many or not enough historical bytes. I haven't been keeping a list so I can't name names. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE passing reset flags to drivers
Our Todos driver does a number of things we find useful but that have no equivalent interface in the ifd api. Here are two that we're struggling with now. One is a flag that tells the driver to go ahead and use the card, with default timing and T=0, even though the atr is no good. This is useful for Cyberflex and other cards that have an invalid default atr. Another is a flag that says to parse the atr to find its length rather than timing out. This is useful for cards that actually have a valid atr (yes, they're rare but they do exist). Using this flag cuts one second off the time needed to reset a card. What would be the best way to pass these flags through the ifd interface to the driver? I think it has to be IFD_Set_Capabilities(). Right now we're just inventing our own tags but maybe this should be standardized. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE IR card reader?
Does anyone make a usable card reader with an infrared port? I prefer IRcomm but I'll take what I can get. Towitoko used to list one in their catalog, but they weren't actually selling it. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Open Port Failed
I think it's useful for the driver to accept both the old and the new style channel IDs. Is there any reason why it shouldn't? That was my plan for the Towitoko driver. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Reflex 20 driver for linux out there?
Why are you so determined to use the Reflex 20? There are other pc-card readers. I have always felt that if a manufacturer doesn't want me to use his products, I'll buy from someone else. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Carlos is not irritating
Just to clarify: Carlos is not irritating, he's a nice guy. But his web page is hosted by geocities, and they are irritating. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE T=1 for Towitoko?
I heard a rumor that there is an alpha version of a T=1 driver for Towitoko somewhere. There are two Towitoko drivers. The MUSCLE driver was written by Carlos Prados and is available here: http://www.geocities.com/cprados/ (warning: this is a very irritating web page) I know he's been working on T=1 but I don't know if it's in the latest version or not. I added my own T=1 to Carlos's driver. You can get this by grabbing the file scT1.c from the CITI sc7816 library, and applying the pilot-serial patch to Carlos's driver. The file and patch are available from the CITI smartcard web page: http://www.citi.umich.edu/projects/smartcard/ There is also another driver called scez that supports T=1 on the Towitoko. I don't know whether it fits in to pcsc or not. I don't like this driver because it's a "kitchen sink." I don't have a web page for it, but it was written by Matthias Bruestle <[EMAIL PROTECTED]> aka endergone Zwiebeltuete. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE length of atr?
I can't find any way to get the atr length from the ifd interface. IFD_Get_Capabilities returns the atr, but not its length. Is that right? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE ATR parameters "F" and "D"
The problem is that the commands for changing the serial speed are not going to be published by the manufacturer... Does their Windows driver do higher speeds? If so, it should be possible to discover the Chipdrive command by snooping. It might also be possible to figure it out without the spec. I would start by trying the unused bits in the set parity command. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE ATR parameters "F" and "D"
does this means that bitrate shold be set to D* 9600 when the parameter "D" is sent in the ATR ? No. The atr offers a set of possible protocols that the card can speak. The terminal gets to choose among them by sending a pps request. If it does not send such a request, default values of F and D are used. Those defaults (372, 1) result in a speed of 9600 bps if you use the common 3.57 MHz clock. If the terminal does send a pps, it gets to choose any F and D up to the maximum supported by that protocol, as given in the atr. See 7816-3 sections 6.6.3 and 6.5.2. I think the max for Cyberflex is FI=9, DI=4, which gives you 55928 bps. Or maybe that's just the fastest that's compatible with a standard 550 uart. I have never seen a card with internal clock so I don't know how those work. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE CardOS Reference?
At this stage it is always necessary to note that ISO standards are copyright and every copy has to be paid for. There are other standards that contain the same information for free (beer not speech). Try EMV 96 for example. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE
I walk up to my RH desktop machine, and touch my Java iButton to the blue spot reader. The PAM login uses the iButton key to identify me using list of known ssh public keys. If it matches, a key is stored in ssh-agent (or used for any other auth scheme, e.g. to get a Kerberos ticket) uses the key to derive tickets, and I am logged in as if a valid password had been entered for the corresponding username. We have something like this working with Cyberflex Access. There are a few issues you might want to think about. One is that you don't want any secrets to leak from the card (or button). So just reading the private key off the card and storing it in the ssh-agent is not acceptable. Instead, the crypto must be done on the card. Another problem is that you really don't want (or at least I don't want) the card to be present in the reader during the entire session. I want to insert the card, have it log me in, then remove the card. Now I stay logged in until I log out, either explicitly or by timeout. That means the card must be able to generate some kind of session key that can be used for a limited time by the host. This can be done with kerberos, but not ssh. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Security Design for PC/SC
Secure RPC is a joke and I guess there is supposed to be another form of this coming soon - does anyone know more about this ? You mean the stuff in NFSv4? We coincidentally happen to be implementing this right now. It's a real kitchen sink, uses gss-api, with kerberos 5 as one of the mandated auth mechanisms. I suspect it's way too heavyweight for pc/sc lite. More info here: http://www.citi.umich.edu/projects/nfsv4/index.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE New PC/SC Ideas
Is this PC/SC or the drivers though ? The Towitoko PC/SC driver for Win32 claims to release the serial port & only claim it 'on demand'. pc/sc requires card insertion events be delivered. So the drivers must keep the port open. Towitoko is technically in violation of the spec, which is one reason I like them. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE New PC/SC Ideas
Marten is absolutely right. One of the most irritating things about pc/sc is the way it hijacks the serial port. Last time I checked most computers only had two. If you insist on bug-for-bug compatibility with Microsoft, at least make port hijacking an option in the config file. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Chipdrive Mobile?
Anyone know anything about the Towitoko Chipdrive Mobile? It has an Irda interface, which could be useful with a Pilot, except that it uses a "proprietary protocol." There is nothing about it on the Towitoko web site, which hasn't been updated in a year, but here is a data sheet: http://www.zonedevelopment.com/datmobile.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE WWT on Towitoko's CHIPDRIVE reader
I posted a message here on Feb 9 that answers this question. Maybe you missed it? Here is an atr for Cyberflex that specifies a four second WWT: 3b 97 94 40 28 57 65 62 63 61 72 64 T=0 TA1=94 TD1=40 TC2=28 7 historical bytes: W e b c a r d 103 etu = 372 F / 1 D * 3.58 f 3990 cwt = (960 * 40 WI * 372 F) / 3.58 f / 1000 You can change the number of historical bytes, which is given in the bottom nibble of the second byte. Remember that all but the last two historical bytes are specified in the "set java atr" apdu, whereas the last two are specified in the exception thrown by your applet's main() method. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE PIN pad readers?
Can anyone recommend a reader with integrated PIN pad for use with Muscle pc/sc? Are there any that are supported, or at least have the necessary technical specs available? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: R: MUSCLE SSP for Cyberflex
As David pointed out, WWT is work waiting time. See 7816-3/8.2. It's the amount of time the terminal should wait before deciding the card isn't going to respond. It is normally 1 second for cards with default timing, such as Cyberflex. Every time you call apdu.waitExtension() it resets the timer, so you can sprinkle these through the code, but Cyberflex is so slow you have to put them in every few lines. Or you can increase WWT by specifying non-default timing in your atr. Problem with this is that most terminals seem to ignore WWT. Here is an atr for Cyberflex that specifies a four second WWT: 3b 97 94 40 28 57 65 62 63 61 72 64 T=0 TA1=94 TD1=40 TC2=28 7 historical bytes: W e b c a r d 103 etu = 372 F / 1 D * 3.58 f 3990 cwt = (960 * 40 WI * 372 F) / 3.58 f / 1000 You can change the number of historical bytes, which is given in the bottom nibble of the second byte. Remember that all but the last two historical bytes are specified in the "set java atr" apdu, whereas the last two are specified in the exception thrown by your applet's main() method. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE CyberflexAccess Infos
What is the rule of the "key number (key_nb)" parameter in such files and in the commands (if it uses always these files, it does not need any number ?!?) Each file holds four keys. That's what the key number refers to. b) In order to do a INT/EXT AUTHENTICATE for a DES key, for example, what should I take as initial parameters for the algorythm (the IVs) ? IV should be all zero, if there are no bugs in the card. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE GCR 415 support?
Has anyone gotten a GCR 415 to work with pcsc-lite? I promised David I'd try this, but I see you beat me to it. I asked atul PANDIT, the guy who wrote the driver, and here is what he said: sorry for replying late. i was not available for 2 months here. yes. i guess, it should work. i've never tried it in linux. but it should work. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Help where do I find cardlet loaders for linux?
If you are using a mailer that attaches html to the end of your messages, I have to wonder about your taste. -- I think Schlumberger had a version of makesolo for linux at one time but they dropped it. Cyberflex is not really Javacard 2.0, and you need the Schlumberger sdk to program it. In theory, Javacard 2.1 adds linking (makesolo) and applet loading to the spec, so that any sdk will work with any card. In practice I don't think we're quite there yet. And I don't know of a complete linux solution yet. "Which is best" is somewhat subjective. Cyberflex has problems, but it was the first, you can get it today, and it does work. When I order Cyberflex cards or sdks from the web site they arrive the next day. I haven't had as much luck with the others. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE pcsc-lite Windows port?
Has anyone considered porting MUSCLE PC/SC-lite to Windows? That's sick! *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE SCEZ ported to Palm Pilot
This has not directly to do with Linux, but I want to announce the port of my smart card library SCEZ to the Palm Pilot. If you need a card reader for your Pilot, there are instructions for building one here: http://www.citi.umich.edu/projects/sinciti/smartcard/palmreader/ I haven't tried this reader with scez, but it should work. I will try it later this week. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE SSH and Smartcards?
Does anybody know of a hook in ssh for using smartcard for authentification? Is anybody working on this feature? We use scfs to store the ssh private key on the card, but this is not ideal because the secret leaves the card during authentication. What you really want is to do the crypto on the card. Cyberflex should be capable of this but we're not working on it at the moment. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE pcsclite comments
Reading characters from the drive/card will be a little bit more complicated, as the exactly length of returned data canĀ“t be forseen. It would be nice if IO_Read would return the number of bytes actually read. But since it doesn't, I think the correct way to use it is to read one at a time in a loop until IO_Read returns FALSE (or until you know you have them all). I don't see any reason to bypass IO_Read. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE pcsclite comments
> - How do I find out about the length of an ATR ? The towitoko driver By parsing it. This is a less than satisfactory solution. It works if the card strictly complies with 7816, but it's nice to know if the card has returned too many or too few bytes, as some do. I have a T=1 protocol driver in my own library. About 600 lines. You could try to include it in MUSCLE. Is this for the Towitoko reader, or would it have to be modified to work with Carlos's driver? I would very much like to see T=1 for Towitoko. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Litronic Argus 210 and Cyberflex Access
Yes, a new Cyberflex Access card was released on March 19, and kits delivered after that date have the new card. The old card atr ends with 0f, the new one ends with 1f. There are three changes, ChangeJavaATR has been fixed, SetKey now works with the key in a byte array, and the serial number info is changed. There should be release notes on the Cyberflex web page describing these changes. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE BOUNCE kincses zoli ] (fwd)
I had in mind Cyberflex, which is 16K. Of course any card that already has md5 built in will require hardly any additional space for skey. I don't think gpk4000 is programmable, so it might or might not work. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE BOUNCE kincses zoli ] (fwd)
It's not necessary, or even possible, to put the ssh client on a card. What is possible is to put the ssh client private key on a card. I think we've done that, it's not hard. What's harder, and we have not done this, is to put the private key on the card, and also do the crypto on the card, so that the key is never exposed. There is an ssh client for Palm computers, from the Topgun group at Berkeley, so it is possible to put it on a small computer. But not on a card. I've been thinking about how to use smartcards with the Palm. I've got a working card reader, but it uses the only serial port. Most interesting (to me) applications require a network, so you would need to use IR for the net, and the serial port for the reader. One interesting non-networked app is skey, and I do plan to put my skey key on a card and use it with an OTP app on the Palm. Palm OTP with md5 is only 27K so there is some hope it would fit on a card, especially if I can find a javacard that does md5. I think Cyberflex only does sha1. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: Full T=1 support in MUSCLE?
I'm not familiar with IFD, but a full implementation of ct-api would include block chaining for T=1. In fact the application above ct-api shouldn't even have to know whether the card speaks T=0 or T=1. Whether this works in muscle pc/sc probably depends on the card driver. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE T=1 again
Does Intertex make the little pc-card reader? I think I've got one of those sitting around here. But why not just add T=1 support for a "dumb" reader? Is it harder than I thought? It's not extremely hard but not trivial, and I prefer purchase order technology when it's available. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE T=1 again
I am in need of a reader and linux (openbsd, really) ifd or ctapi driver for T=1. Any suggestions? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE ISO 7816
ISO makes some of its money from member fees, but most of it comes from selling copies of specs. So you won't often find free copies of 7816. The most interesting part of 7816 is part 3, usually called 7816-3. There used to be a copy of this on the SCDA web site, but it was an older version and I don't know if it's still there. Your friendly local University engineering library should have copies. They may not be the latest version. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Re: Todos and 115.2
I think this reader belongs to the category "dumb readers". To make things simple and cheap, they usually have a fixed 3.57 MHz clock to the card, thus yielding 9600 bps as default I/O speed. Then they more or less just connects I/O to the COM port. Yes, that's correct. My driver now sends the pps to raise the card speed, and sets the port speed to match. It works with a PC3 dumb reader, but not with the Todos. So there is something about the Todos that prevents this from working. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Todos and 115.2
I've just discovered that the Todos reader won't run at 115.2 Kbps. I haven't tried lower speeds other than 9600. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Palm Towitoko driver
I now have a working Towitoko driver that runs on the Palmpilot. It's actually a replacement serial.c, and uses the rest of the towitoko driver unchanged except for a workaround for broken Palm gcc includes. My hat's off to Carlos for the highly portable code. I have a rudimentary application that uses the driver, but it's not ready for release yet. You can get the driver at our smartcard page. http://www.citi.umich.edu/projects/sinciti/smartcard/ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Towitoko, OpenBSD, and Payflex
I just grabbed version 0.97.6 and it works unmodified on OpenBSD with Payflex cards. Thanks very much! To generate more useful diffs, use the -c or -u option. I'm working on a Palmpilot version of the Towitoko driver now. It compiles and talks to the reader, but it's not ready for release yet. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE Towitoko, OpenBSD, and Payflex
I've got the Towitoko reader working on OpenBSD now. I'm using Payflex P1 cards and there seem to be some problems in the ctapi library. Reset takes a long time, because Towitoko_ResetCard() goes through the loop three times. I don't know why. Then atr parsing fails, and ATR_Protocol() returns 0xf. Again, I don't know why. For now I've hardwired T=0 in the driver. Sending Active Low Reset Sending Active High Reset Sending Active Low Reset ATR: 3B 23 0 35 11 80 Here are the changes I ended up making to serial.c (this is against towitoko-0.97). I believe these are correct, but it would be nice if someone would verify that this still works on a linux system. *** serial.c- Wed Dec 2 14:52:59 1998 --- serial.cFri Feb 26 13:16:36 1999 *** *** 211,220 switch (baud) { case 9600: /* Baudrate 9600 */ ! newtio.c_cflag = B9600; break; case 19200: /* Baudrate 19200 */ ! newtio.c_cflag = B19200; break; default: close(handle); --- 211,222 switch (baud) { case 9600: /* Baudrate 9600 */ ! cfsetispeed(&newtio, B9600); ! cfsetospeed(&newtio, B9600); break; case 19200: /* Baudrate 19200 */ ! cfsetispeed(&newtio, B19200); ! cfsetospeed(&newtio, B19200); break; default: close(handle); *** *** 273,292 newtio.c_cflag |= CSTOPB; #endif newtio.c_cflag |= CREAD|HUPCL|CLOCAL; ! newtio.c_iflag &= ~(IGNPAR|PARMRK|INLCR|IGNCR|ICRNL); newtio.c_iflag |= BRKINT; ! newtio.c_lflag &= ~(ICANON|ECHO|ISTRIP); newtio.c_oflag = 0; newtio.c_lflag = 0; newtio.c_cc[VMIN] = 1; newtio.c_cc[VTIME] = 0; - if (tcflush(handle, TCIFLUSH) < 0) { /* Flush the serial port */ - close(handle); - return FALSE; - } - if (tcsetattr(handle, TCSANOW, &newtio) < 0) { /* Set the parameters */ close(handle); return FALSE; --- 275,289 newtio.c_cflag |= CSTOPB; #endif newtio.c_cflag |= CREAD|HUPCL|CLOCAL; ! newtio.c_iflag &= ~(IGNPAR|PARMRK|INLCR|IGNCR|ICRNL|ISTRIP); newtio.c_iflag |= BRKINT; ! newtio.c_lflag &= ~(ICANON|ECHO); newtio.c_oflag = 0; newtio.c_lflag = 0; newtio.c_cc[VMIN] = 1; newtio.c_cc[VTIME] = 0; if (tcsetattr(handle, TCSANOW, &newtio) < 0) { /* Set the parameters */ close(handle); return FALSE; *** *** 303,308 --- 300,310 select (handle+1, &rfds, NULL, NULL, &tv); /* END OF WORKAROUND */ + + if (tcflush(handle, TCIFLUSH) < 0) { /* Flush the serial port + */ + close(handle); + return FALSE; + } ioport.handle = handle; /* Record the handle */ ioport.baud = baud; /* Record the baudrate */ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE ct-api driver for Todos Argos Mini
I have completed a very rudimentary first draft of a ct-api driver for the Todos Argos Mini reader, based on our sc7816 driver for dumb readers. It hasn't been properly tested yet but does properly run David's little test program. You can get it at our Smart Card Research page. http://www.citi.umich.edu/projects/sinciti/smartcard/ Those of you at CITI will find it in /afs/citi.umich.edu/projects/sinciti/src/todos. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE /dev/cua* , /dev/ttyS* - Linux 2.2.*
I don't see any reason to restrict pc/sc to linux only. It's important to be able to configure the name of the smartcard device. One way to do this is to try /dev/smartcard first, and if that fails, then try the OS dependent device names. Another example of linux dependency that I've seen a few times is the port speed setting code. This is bad: t.c_cflag = B9600; This is good: cfsetispeed(&t, B9600); cfsetospeed(&t, B9600); *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE ToWiToKo Battery Charger Program
Q: Why would this be required? Q: How is it done? I left my reader plugged in overnight and it still doesn't work. I would guess the charger uses some particular rs232 signal for power, and the program asserts that signal. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE xcard for openbsd
I'm trying to build xcard for OpenBSD and not getting very far. There seems to be a bug in the configure script. Can anyone suggest an easy fix? % ./configure --with-tcl=/usr/local/src/tcl-tk-8.0.4/tcl8.0.4 --with-tk=/usr/local/src/tcl-tk-8.0.4/tk8.0.4 loading cache ./config.cache checking Tcl/Tk version... Tk8.0/Tcl8.0 checking how to run the C preprocessor... cc -E checking for X... libraries /usr/X11R6/lib, headers /usr/X11R6/include checking for main in -lXbsd... no checking for connect... yes checking for gethostbyname... yes checking for sin... no checking for main in -lieee... no checking for main in -ldl... no checking for main in -ltcl8.0... no checking for main in -ltcl... no configure: error: Unable to locate the Tcl libraries. Try using --with-tcl=DIR *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Cyberflex for Towitoko
which modifications do you think have to be done to port the Cyberflex development kit to Towitoko card readers... can you give me some hints for this?? I don't think the Cyberflex SDK depends at all on any particular card reader. It generates a file that you have to load on to the card, and you also have to authenticate to the card. The necessary card commands are documented in the SDK. So there shouldn't be any porting required at all. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Problems with Litronic 210 reader and Open16K
// Up to here, everything is ok. The next command returns a BYTE[] that // starts with "f2". The "Toolkit" application does not return such a byte. a0 f2 00 00 17 f2 00 00 00 62 69 69 02 3f 00 02 14 03 1b 13 00 02 00 00 00 00 00 00 00 90 00 That "f2" is the ack byte. This is followed by 23 bytes of data, and 90 00 status bytes, which means OK. So the command worked fine. The rest looks ok to me too. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE towitoko-0.97 and OpenBSD
I'm trying to use towitoko-0.97 on OpenBSD 2.4 and running into some problems. I'm starting to think linux isn't posix compliant for termios. I don't have posix in front of me, but... I don't think you can set speed by just assigning it to cflag. There are macros that should be used instead. INPCK is an iflag, not a cflag. ISTRIP is an iflag, not an lflag. There is a bug in OpenBSD; the cua device must be opened with O_NONBLOCK. And it's cua00, not cua0. This should be configurable somehow. With these changes it works better, but still isn't right. Is this the right place to discuss this? (I reckon it's more on-topic than test messages, anyway). *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***