Athena IDProtect Key v2

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Athena IDProtect Key v2

Arne Rovet
Hi,

Trying to use an Athena IDProtect Key v2 token with opensc, using the
Debian jessie packages. Here are the command outputs:


opensc-tool --name
Using reader with a card: Athena IDProtect Key v2 [Main Interface] 00 00
Unsupported card


opensc-tool --atr
Using reader with a card: Athena IDProtect Key v2 [Main Interface] 00 00
3b:d5:18:ff:81:91:fe:1f:c3:80:73:c8:21:13:09


Any tricks to get it to work? I have a good number of them, so I could
supply one or two if needed.


Regards,
Arne

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

Arne Rovet
On 19 May 2014 01:21, Arne Rovet <[hidden email]> wrote:
> Any tricks to get it to work? I have a good number of them, so I could
> supply one or two if needed.

Sorry, I meant a number of tokens not tricks.

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

Douglas E Engert


On 5/18/2014 10:43 AM, Arne Rovet wrote:
> On 19 May 2014 01:21, Arne Rovet <[hidden email]> wrote:
>> Any tricks to get it to work? I have a good number of them, so I could
>> supply one or two if needed.
>
> Sorry, I meant a number of tokens not tricks.

http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt
says to look at:

http://www.athena-scs.com/product.asp?pid=33

This says "IDProtect Key LASER" implies it could have optional applications
loaded on the device (including PIV/FIPS 201/NIST 800-73-3) and that it can be supplied with
Windows, Linux and MAC OS middleware.

http://www.athena-scs.com/products-solutions/enterprise/pki#IDProtect%20Key%20LASER

Have you tried their middleware?

Do you know what applications are loaded on the device?

If it has PIV, then it should work with OpenSC. Windows 7 and 8 have Microsoft
drivers for PIV so no other software is nbeeded on the client side at least.

So I assume it does not have PIV, otherwise OpenSC should find it.










>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

Arne Rovet
In reply to this post by Arne Rovet
On 19 May 2014 08:40, Douglas E Engert <[hidden email]> wrote:
> Have you tried their middleware?

No, not under Linux. We actually purchased these a couple of years
back, only provided with Windows middleware.
But I've now lodged a support ticket with Athena about acquiring some
Linux middleware.

> Do you know what applications are loaded on the device?

No; I never specified any applications/applets to be loaded onto to
them when they were ordered. Always assumed that they were
unencumbered/"plain". Only ever used them via their pkcs11 interface,
but under Windows.

> If it has PIV, then it should work with OpenSC. Windows 7 and 8 have Microsoft
> drivers for PIV so no other software is nbeeded on the client side at least.
>
> So I assume it does not have PIV, otherwise OpenSC should find it.

Yes, I also assume it does not have PIV for reasons noted above.

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

Douglas E Engert


On 5/18/2014 11:13 PM, Arne Rovet wrote:

> On 19 May 2014 08:40, Douglas E Engert <[hidden email]> wrote:
>> Have you tried their middleware?
>
> No, not under Linux. We actually purchased these a couple of years
> back, only provided with Windows middleware.
> But I've now lodged a support ticket with Athena about acquiring some
> Linux middleware.
>
>> Do you know what applications are loaded on the device?
>
> No; I never specified any applications/applets to be loaded onto to
> them when they were ordered. Always assumed that they were
> unencumbered/"plain". Only ever used them via their pkcs11 interface,
> but under Windows.
>
>> If it has PIV, then it should work with OpenSC. Windows 7 and 8 have Microsoft
>> drivers for PIV so no other software is nbeeded on the client side at least.
>>
>> So I assume it does not have PIV, otherwise OpenSC should find it.
>
> Yes, I also assume it does not have PIV for reasons noted above.

The specifications say it is a Global Platform card, so it might be possible to load
the Muscle applet or one of the other applets supported by OpenSC:

https://github.com/OpenSC/OpenSC/wiki/JavaCards

https://github.com/OpenSC/OpenSC/wiki/Using-smart-cards-with-Java-SE

But if your intent it to use the same certificates and keys already on the card
and used for Windows, loading another applet would not have access to them.

>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

mikybrother
This post was updated on .
In reply to this post by Arne Rovet
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

mikybrother
This post was updated on .
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Athena IDProtect Key v2

mikybrother
I have an linux installation kit from Certsign Romania.
Click here for download page. Contact me privately in order to give you the user name and password (ethical reasons).
Or you can download from here: IDPC6.xz
You'll find there the PKCS11 implementation and a command line pin-tool for Athena IDProtect Key v2.
I've installed the pc/sc tools,libasedrive-usb and some pkcs things from repository. Gscriptor is an interesting tool but I find it useless.
Click here for the latest smartcard_list.txt file, copy and hide it into your home folder. It's useful for pscs-tools. Scan for cryptographic devices using "pcsc_scan" command.

If you prefer to download from the CertSign site there are some issues you have to take care:
1. Beware of installation script, it has syntax errors!!! Look carefully at it's content and make the corrections before starting the installation process.
2. The updated libASEP11.so from that link doesn't work on x64 systems (or maybe it needs more tests).
3. The IDPClientDB.xml has some errors. The ATR code coresponding to IDProtect device (the last from the xml file - line 43) is wrong and you need to replace it with the one provided by "pcsc_scan". Also there is needed to modify the ATRMask. I've simply wrote an ATRMask code with the same length as the one from ATR using only the "F" letter (line 44) and added "libASEP11.so" to LibName (line 40)

You can download the archive provided by me. The modifications are already made.

In order to add the pkcs11 to your security database follow this steps:
-> make sure you are in your homedir
cd
modutil -dbdir sql:.pki/nssdb/ -add "Athena IDProtect" -libfile /usr/lib/libASEP11.so
-> check if the library was successfully added
modutil -dbdir sql:.pki/nssdb/ -list