Feitian FTCOS/PK-01 w/ OpenSC

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Feitian FTCOS/PK-01 w/ OpenSC

Jean-Michel Pouré - GOOZE
Dear Markus,

If you are planning to use the Feitian PKI under Windows and Linux at the same time,
you should only use OpenSC tools to initialize the card and write certificates.
In this case, do not use Feitian tools to initialize the card and write certificates.

If you are running only Windows, please use Feitian initialization tools,
PKCS11 library and mini-driver. But then don't use OpenSC.

In short, the Feitian smartcard has all needed drivers for Windows and Linux,
but you not mix open-source software (OpenSC) with proprietary software (Feitian).
Make a choice and stick to it.

If you are planning to use the card under all systems, you should prefer OpenSC.

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Feitian FTCOS/PK-01 w/ OpenSC

Markus Koetter
Hi,


On 05/16/2013 02:07 PM, Jean-Michel Pouré - GOOZE wrote:
> If you are planning to use the Feitian PKI under Windows and Linux at the same time,
> you should only use OpenSC tools to initialize the card and write certificates.
> In this case, do not use Feitian tools to initialize the card and write certificates.

I do use OpenSC to initialize and write certificates - but the Feitian
CSP does not work reading OpenSC written cards for me (in case the key
is not generated on the card).
The Feitian PKI Manager screenshots attached were just to show the
difference in cards written with OpenSC and Feitian tools.

I want to write cards with OpenSC, as I'm required to be able to write
pkcs12 files as well as generate the key on the card, sign the
certificate request and write the certificate to the card.
OpenSC makes both easy, I can call pkcs15-tool, and use the openssl
pkcs11 engine via m2crypto to sign a csr with a key created on the card.

 From the docs, I was positive this is supposed to work:
  * Cards initialized under GNU/Linux are read-only under Windows CAPI/CSP.
  * Ability to use proprietary drivers in conjunction with OpenSC.


> If you are running only Windows, please use Feitian initialization tools,
> PKCS11 library and mini-driver. But then don't use OpenSC.

I'll have to give the OpenSC mini-driver a shot, just due to the fact
there is nobody assisting me in reading OpenSC written cards with the
Feitian CSP.

> In short, the Feitian smartcard has all needed drivers for Windows and Linux,
> but you not mix open-source software (OpenSC) with proprietary software (Feitian).
> Make a choice and stick to it.

As I said - I was hoping to be able to write with OpenSC on linux and
read with Feitian CSP on Windows.
The Feitian CSP 'just works' for not OpenSC initialized/written cards,
getting the MiniDriver to work is slightly more than just installing
OpenSC.


> If you are planning to use the card under all systems, you should prefer OpenSC.

I will - if I can make it work.


MfG
Markus Kötter

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Feitian FTCOS/PK-01 w/ OpenSC

Jean-Michel Pouré - GOOZE
Le vendredi 17 mai 2013 à 10:34 +0200, Markus Kötter a écrit :
> I do use OpenSC to initialize and write certificates - but the
> Feitian
> CSP does not work reading OpenSC written cards for me (in case the
> key
> is not generated on the card).

Please refer to:
http://www.gooze.eu/howto/smartcard-quickstarter-guide/recommendations

* If you are running only Windows, it is recommended to install Feitian
proprietary drivers. Do not use with OpenSC.
* If you are using several systems, including GNU/Linux and Windows, you
must install OpenSC open source drivers on all platforms. Do not install
Feitian tools.

In other words, you cannot mix drivers. If you are planning to use
OpenSC, you should also initialize the card with OpenSC.

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Feitian FTCOS/PK-01 w/ OpenSC

Markus Koetter
On 05/17/2013 04:03 PM, Jean-Michel Pouré - GOOZE wrote:
> Please refer to:
> http://www.gooze.eu/howto/smartcard-quickstarter-guide/recommendations

Using (full install including the mini driver) 32bit OpenSC 0.13 on
Windows 7 x86 and the following registry entries

---------
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\FTCOS-PK-01C]
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,9f,95,81,31,fe,9f,00,65,46,53,05,30,06,71,df,00,00,00,80,6a,82,5e
"ATRMask"=hex:FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,00,FF,FF,FF,FF,FF,FF,00,00,00,00
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage
Provider"
---------

I grabbed the ATR&mask from the entersafe driver in OpenSC.

I have the same problem as you reported here:
http://permalink.gmane.org/gmane.comp.encryption.opensc.devel/12439
SCardGetCardTypeProviderName: The system cannot find the file specified.
0x2 (WIN32: 2)

The thread does not provide a solution to the problem though.

I did not modify the inf file - I just installed OpenSC, added the
registry entries, and expected things to work.


MfG
Markus Kötter

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Feitian FTCOS/PK-01 w/ OpenSC

Anders Rundgren
On 2013-05-23 14:34, Markus Koetter wrote:
> On 05/17/2013 04:03 PM, Jean-Michel Pouré - GOOZE wrote:
>> Please refer to:
>> http://www.gooze.eu/howto/smartcard-quickstarter-guide/recommendations
>
> Using (full install including the mini driver) 32bit OpenSC 0.13 on
> Windows 7 x86 and the following registry entries
>
> ---------
> Windows Registry Editor Version 5.00

I guess these guys will define a "Web Token" token so we can put this
[unmotivated] middleware hell to rest once for all:

http://goo.gl/DFLnS

Anders

>
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\FTCOS-PK-01C]
> "80000001"="opensc-minidriver.dll"
> "ATR"=hex:3b,9f,95,81,31,fe,9f,00,65,46,53,05,30,06,71,df,00,00,00,80,6a,82,5e
> "ATRMask"=hex:FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,00,FF,FF,FF,FF,FF,FF,00,00,00,00
> "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
> "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage
> Provider"
> ---------
>
> I grabbed the ATR&mask from the entersafe driver in OpenSC.
>
> I have the same problem as you reported here:
> http://permalink.gmane.org/gmane.comp.encryption.opensc.devel/12439
> SCardGetCardTypeProviderName: The system cannot find the file specified.
> 0x2 (WIN32: 2)
>
> The thread does not provide a solution to the problem though.
>
> I did not modify the inf file - I just installed OpenSC, added the
> registry entries, and expected things to work.
>
>
> MfG
> Markus Kötter
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel