Always login failed with pin incorrect - Gemalto PC Pinpad Reader

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Always login failed with pin incorrect - Gemalto PC Pinpad Reader

Rolf Wald-3
Hello all,
I don't know, which of the components (one or more) is responsible for
this error.

I'm using:
Linux Debian sid 2.6.38-2.dmz.1-liquorix-686
opensc version: 0.12.1
Gemalto PC Pinpad Reader HWP113026 D
Feitian PKI smartcard (FTCOS / PK-01C)
libccid 1.4.4-1
pcscd / libpcsclite1 1.7.2-2
Smartcard Driver: entersafe

pcsc-lite version 1.7.2.
Copyright (C) 1999-2002 by David Corcoran <[hidden email]>.
Copyright (C) 2001-2010 by Ludovic Rousseau <[hidden email]>.
Copyright (C) 2003-2004 by Damien Sauveron <[hidden email]>.
Report bugs to <[hidden email]>.
Enabled features: Linux i486-pc-linux-gnu serial usb libudev
usbdropdir=/usr/lib/pcsc/drivers ipcdir=/var/run/pcscd
configdir=/etc/reader.conf.d

When I disable pinpad in opensc.conf, everything is working without
problems, but with pinpad enabled, I don't get PIN verfication from the
reader. Pinpad is working, it shows: 'Bitte PIN eingeben' (german) and
it shows for every inputnumber a '*', but after that, no correct pinpad
verification.

Who can help me to make this work. I've put logfiles (only the relevant
details, I think) to this mail which shows the log of the command
(opensc.conf (debug=99))
'pkcs11-tool --module /usr/lib/onepin-opensc-pkcs11.so -I -l'
-> logfile.txt
pcscd was started with 'pcscd --foreground --debug --apdu'
-> logfileccid.txt  

I can mail the full logs if someone wanted them.

Thanks in advance
regards
Rolf


--
Mit freundlichen Grüßen (kindly regards) Rolf Wald
LUG-Balista Hamburg e.V., Germany
c/o Bürgerhaus in Barmbek
Lorichsstr. 28a
22307 Hamburg
http://www.lug-balista.de

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

logfile.txt (7K) Download Attachment
logfileccid.txt (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Always login failed with pin incorrect - Gemalto PC Pinpad Reader

Jean-Michel Pouré - GOOZE
Le vendredi 20 mai 2011 à 12:41 +0200, Rolf Wald a écrit :
> Gemalto PC Pinpad Reader HWP113026 D

I found this (not the same product):
http://pcsclite.alioth.debian.org/ccid/supported.html#0x08E60x3478

Features: PIN Verification, PIN Modification
Known problems/limitations:
Does not support minimum PIN length (wPINMaxExtraDigit) lower than 4
Does not support maximum PIN length (wPINMaxExtraDigit) greater than 8
Does send a VERIFY PIN command with an empty PIN to get the number of
remaining trials. This may be problematic with some smart cards like the
Belgian eID card that does not support this and will decrement the
counter

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Always login failed with pin incorrect - Gemalto PC Pinpad Reader

Ludovic Rousseau
In reply to this post by Rolf Wald-3
2011/5/20 Rolf Wald <[hidden email]>:

> Hello all,
> I don't know, which of the components (one or more) is responsible for
> this error.
>
> I'm using:
> Linux Debian sid 2.6.38-2.dmz.1-liquorix-686
> opensc version: 0.12.1
> Gemalto PC Pinpad Reader HWP113026 D
> Feitian PKI smartcard (FTCOS / PK-01C)
> libccid 1.4.4-1
> pcscd / libpcsclite1 1.7.2-2
> Smartcard Driver: entersafe
>
> pcsc-lite version 1.7.2.
> Copyright (C) 1999-2002 by David Corcoran <[hidden email]>.
> Copyright (C) 2001-2010 by Ludovic Rousseau <[hidden email]>.
> Copyright (C) 2003-2004 by Damien Sauveron <[hidden email]>.
> Report bugs to <[hidden email]>.
> Enabled features: Linux i486-pc-linux-gnu serial usb libudev
> usbdropdir=/usr/lib/pcsc/drivers ipcdir=/var/run/pcscd
> configdir=/etc/reader.conf.d
>
> When I disable pinpad in opensc.conf, everything is working without
> problems, but with pinpad enabled, I don't get PIN verfication from the
> reader. Pinpad is working, it shows: 'Bitte PIN eingeben' (german) and
> it shows for every inputnumber a '*', but after that, no correct pinpad
> verification.
>
> Who can help me to make this work. I've put logfiles (only the relevant
> details, I think) to this mail which shows the log of the command
> (opensc.conf (debug=99))
> 'pkcs11-tool --module /usr/lib/onepin-opensc-pkcs11.so -I -l'
> -> logfile.txt
> pcscd was started with 'pcscd --foreground --debug --apdu'
> -> logfileccid.txt

It is a known limitation of the Gemalto pinpad reader with the
entersafe opensc driver.

See [1] for a temporary fix.
The problem is in the reader that rejects a maximum pin size of more than 8.

If I find some free time I will propose a patch for OpenSC. I opened
ticket #361 [2] to track the issue.

Bye

[1] http://www.mail-archive.com/opensc-devel@.../msg05928.html
[2] https://www.opensc-project.org/opensc/ticket/361

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Always login failed with pin incorrect - Gemalto PC Pinpad Reader

Rolf Wald-3
Hello Ludovic and all,

I've made further tests...

same config as beyond, but with a SCM SPR 532 PinPad Reader.
I've got the same faults. But now I've tested some variants,
surprisingsly both PinPad Readers (SCM SCR 532 and Gemalto PC Pinpad
Reader) are working correct with setting the PIN to the min.length of
4. Every length greater as min.length (5 and more) isn't working. My
first tests had been with a PIN length of 7.

On Fri, 20 May 2011 21:08:23 +0200
Ludovic Rousseau <[hidden email]> wrote:

> 2011/5/20 Rolf Wald <[hidden email]>:
> > Hello all,
> > I don't know, which of the components (one or more) is responsible
> > for this error.
> >
> > I'm using:
> > Linux Debian sid 2.6.38-2.dmz.1-liquorix-686
> > opensc version: 0.12.1
> > Gemalto PC Pinpad Reader HWP113026 D
> > Feitian PKI smartcard (FTCOS / PK-01C)
> > libccid 1.4.4-1
> > pcscd / libpcsclite1 1.7.2-2
> > Smartcard Driver: entersafe
> >
> > pcsc-lite version 1.7.2.
> > Copyright (C) 1999-2002 by David Corcoran <[hidden email]>.
> > Copyright (C) 2001-2010 by Ludovic Rousseau
> > <[hidden email]>. Copyright (C) 2003-2004 by Damien
> > Sauveron <[hidden email]>. Report bugs to
> > <[hidden email]>. Enabled features: Linux
> > i486-pc-linux-gnu serial usb libudev
> > usbdropdir=/usr/lib/pcsc/drivers ipcdir=/var/run/pcscd
> > configdir=/etc/reader.conf.d
> >
> > When I disable pinpad in opensc.conf, everything is working without
> > problems, but with pinpad enabled, I don't get PIN verfication from
> > the reader. Pinpad is working, it shows: 'Bitte PIN
> > eingeben' (german) and it shows for every inputnumber a '*', but
> > after that, no correct pinpad verification.
> >
> > Who can help me to make this work. I've put logfiles (only the
> > relevant details, I think) to this mail which shows the log of the
> > command (opensc.conf (debug=99))
> > 'pkcs11-tool --module /usr/lib/onepin-opensc-pkcs11.so -I -l'
> > -> logfile.txt
> > pcscd was started with 'pcscd --foreground --debug --apdu'
> > -> logfileccid.txt
>
> It is a known limitation of the Gemalto pinpad reader with the
> entersafe opensc driver.
>
> See [1] for a temporary fix.
> The problem is in the reader that rejects a maximum pin size of more
> than 8.
>

This fix doesn't work for me. I'd tested the restriction.



> If I find some free time I will propose a patch for OpenSC. I opened
> ticket #361 [2] to track the issue.
>
> Bye
>
> [1]
> http://www.mail-archive.com/opensc-devel@.../msg05928.html
> [2] https://www.opensc-project.org/opensc/ticket/361
>

Is there an other bug in the driver?

If I use no pinpad, I can use the max size of PINs.

--
Mit freundlichen Grüßen (kindly regards) Rolf Wald
LUG-Balista Hamburg e.V., Germany
c/o Bürgerhaus in Barmbek
Lorichsstr. 28a
22307 Hamburg
http://www.lug-balista.de
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Always login failed with pin incorrect - Gemalto PC Pinpad Reader

Ludovic Rousseau
In reply to this post by Ludovic Rousseau
2011/5/20 Ludovic Rousseau <[hidden email]>:

> 2011/5/20 Rolf Wald <[hidden email]>:
>> Hello all,
>> I don't know, which of the components (one or more) is responsible for
>> this error.
>>
>> I'm using:
>> Linux Debian sid 2.6.38-2.dmz.1-liquorix-686
>> opensc version: 0.12.1
>> Gemalto PC Pinpad Reader HWP113026 D
>> Feitian PKI smartcard (FTCOS / PK-01C)
>> libccid 1.4.4-1
>> pcscd / libpcsclite1 1.7.2-2
>> Smartcard Driver: entersafe
>>
>> pcsc-lite version 1.7.2.
>> Copyright (C) 1999-2002 by David Corcoran <[hidden email]>.
>> Copyright (C) 2001-2010 by Ludovic Rousseau <[hidden email]>.
>> Copyright (C) 2003-2004 by Damien Sauveron <[hidden email]>.
>> Report bugs to <[hidden email]>.
>> Enabled features: Linux i486-pc-linux-gnu serial usb libudev
>> usbdropdir=/usr/lib/pcsc/drivers ipcdir=/var/run/pcscd
>> configdir=/etc/reader.conf.d
>>
>> When I disable pinpad in opensc.conf, everything is working without
>> problems, but with pinpad enabled, I don't get PIN verfication from the
>> reader. Pinpad is working, it shows: 'Bitte PIN eingeben' (german) and
>> it shows for every inputnumber a '*', but after that, no correct pinpad
>> verification.
>>
>> Who can help me to make this work. I've put logfiles (only the relevant
>> details, I think) to this mail which shows the log of the command
>> (opensc.conf (debug=99))
>> 'pkcs11-tool --module /usr/lib/onepin-opensc-pkcs11.so -I -l'
>> -> logfile.txt
>> pcscd was started with 'pcscd --foreground --debug --apdu'
>> -> logfileccid.txt
>
> It is a known limitation of the Gemalto pinpad reader with the
> entersafe opensc driver.
>
> See [1] for a temporary fix.
> The problem is in the reader that rejects a maximum pin size of more than 8.
>
> If I find some free time I will propose a patch for OpenSC. I opened
> ticket #361 [2] to track the issue.
I wrote a bugfix for #361.
Please apply the two attached patches and try again.

The patches are also available at
https://github.com/LudovicRousseau/OpenSC/tree/PCSCv2_PART10_PROPERTY_bMaxPINSize

Bye

> [1] http://www.mail-archive.com/opensc-devel@.../msg05928.html
> [2] https://www.opensc-project.org/opensc/ticket/361

--
 Dr. Ludovic Rousseau

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

0001-Add-PCSCv2_PART10_PROPERTY_-values.patch (1K) Download Attachment
0002-Fix-PIN-min-and-max-sizes-for-pinpads.patch (5K) Download Attachment