Functionality of a smartcard

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Functionality of a smartcard

Marcel Koopmans-2
Hello Everybody,

I am using Gemplus GPK 16K Standard smartcards in a Gemplus GemPC Twin.
Using the GemSafe Toolbox under windows I can do many things with the
smartcard.
e.g. Get a list of tokens, delete tokens etc.

Using Debian Linux, muscle, opensc my options are very limited.

zeus:~# opensc-tool -a -v
Connecting to card in reader GemPC Twin 00 00...
Using card driver Gemplus GPK driver.
Card ATR: 3B A7 00 40 18 80 65 A2 09 01 03 52 ;..@..e....R

zeus:~# opensc-explorer OpenSC Explorer version 0.9.6
OpenSC [3F00]> info

Dedicated File  ID 3F00

File path:     3F00
File size:     0 bytes
ACL for SELECT:          NONE
ACL for LOCK:            PROT
ACL for DELETE:          NEVR
ACL for CREATE:          PROT
ACL for REHABILITATE:    NEVR
ACL for INVALIDATE:      NEVR
ACL for LIST FILES:      NEVR

This is done with the same reader and card, just a different machine.
Is there any reason for the differences?

with kind regards,
 Marcel

Marcel Koopmans
Elysium Open Systems
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Andreas Jellinghaus-2
Hi Marcel,

opensc implements pkcs#15, but if that gem software does
not implement it, they are incompatible and put data
structures on the card that are incompatible.

I never heard they do implement pkcs#15, and if they
did it would be very likely that we had heard of.

so my best guess is: their software does not implement
pkcs#15 standard and thus is not compatible with anyone.
sorry. it is not a linux <-> windows issue (opensc
runs on both).

think file formats and you are quite close to the truth :)

also what I hear gemplus is not very good at giving us
details. so you could try to initialize a blank card
with opensc (I have a gemplus gpk 16k and it works
fine everytime I test). if that works, you can use
the same card with linux+opensc as well as windows+opensc.

> Card ATR: 3B A7 00 40 18 80 65 A2 09 01 03 52 ;..@..e....R
that card is supported by opensc. at least svn trunk, haven't
checked 0.9.6 release, but I guess both work well. also your
log file looks pretty good.

if you can wipe the card with the windows tool, you can try
initializing it once more with opensc. take a look at the
Quickstart file, it has the basic commands to do that.

Good luck!

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Nils Larsch
In reply to this post by Marcel Koopmans-2
Marcel Koopmans wrote:

> Hello Everybody,
>
> I am using Gemplus GPK 16K Standard smartcards in a Gemplus GemPC Twin.
> Using the GemSafe Toolbox under windows I can do many things with the
> smartcard.
> e.g. Get a list of tokens, delete tokens etc.
>
> Using Debian Linux, muscle, opensc my options are very limited.
>
> zeus:~# opensc-tool -a -v
> Connecting to card in reader GemPC Twin 00 00...
> Using card driver Gemplus GPK driver.
> Card ATR: 3B A7 00 40 18 80 65 A2 09 01 03 52 ;..@..e....R
>
> zeus:~# opensc-explorer OpenSC Explorer version 0.9.6
> OpenSC [3F00]> info
>
> Dedicated File  ID 3F00
>
> File path:     3F00
> File size:     0 bytes
> ACL for SELECT:          NONE
> ACL for LOCK:            PROT
> ACL for DELETE:          NEVR
> ACL for CREATE:          PROT
> ACL for REHABILITATE:    NEVR
> ACL for INVALIDATE:      NEVR
> ACL for LIST FILES:      NEVR
>
> This is done with the same reader and card, just a different machine.
> Is there any reason for the differences?

perhaps I'm overtired but which differences ? note: there's a
somewhat experimental gemsafe in the current trunk but the support
for gemsafe cards is somewhat problematic due to gemplus's information
policy.

Nils
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Marcel Koopmans-2
Nils Larsch wrote:

> Marcel Koopmans wrote:
>
>> Hello Everybody,
>>
>> I am using Gemplus GPK 16K Standard smartcards in a Gemplus GemPC Twin.
>> Using the GemSafe Toolbox under windows I can do many things with the
>> smartcard.
>> e.g. Get a list of tokens, delete tokens etc.
>>
>> Using Debian Linux, muscle, opensc my options are very limited.
>>
>> zeus:~# opensc-tool -a -v
>> Connecting to card in reader GemPC Twin 00 00...
>> Using card driver Gemplus GPK driver.
>> Card ATR: 3B A7 00 40 18 80 65 A2 09 01 03 52 ;..@..e....R
>>
>> zeus:~# opensc-explorer OpenSC Explorer version 0.9.6
>> OpenSC [3F00]> info
>>
>> Dedicated File  ID 3F00
>>
>> File path:     3F00
>> File size:     0 bytes
>> ACL for SELECT:          NONE
>> ACL for LOCK:            PROT
>> ACL for DELETE:          NEVR
>> ACL for CREATE:          PROT
>> ACL for REHABILITATE:    NEVR
>> ACL for INVALIDATE:      NEVR
>> ACL for LIST FILES:      NEVR
>>
>> This is done with the same reader and card, just a different machine.
>> Is there any reason for the differences?
>
>
> perhaps I'm overtired but which differences ? note: there's a
> somewhat experimental gemsafe in the current trunk but the support
> for gemsafe cards is somewhat problematic due to gemplus's information
> policy.
>
> Nils
>
> .
>
Hello Nils,

As the ACL's show I cannot, delete and list files.
I also cannot initialize the card using opensc.

To be honest I basically cannot do anything wit the card.

zeus:~# opensc-explorer
OpenSC Explorer version 0.9.6
OpenSC [3F00]> ls
card.c:516:sc_list_files: returning with: Not supported
unable to receive file listing: Not supported
OpenSC [3F00]> erase
iso7816.c:98:iso7816_check_sw: Wrong parameter(s) P1-P2
card-gpk.c:1439:gpk_erase_card: Card returned error: Incorrect
parameters in APDU
card.c:836:sc_card_ctl: returning with: Incorrect parameters in APDU
Failed to erase card: Incorrect parameters in APDU

More problems with the pkcs11-tool

zeus:~# pkcs11-tool -M
pkcs15.c:647:sc_pkcs15_bind: returning with: Wrong card
Supported mechanisms:

zeus:~# pkcs11-tool --pin 1234 -k
pkcs15.c:647:sc_pkcs15_bind: returning with: Wrong card
error: PKCS11 function C_GenerateKeyPair failed: rv =
CKR_FUNCTION_NOT_SUPPORTED (0x54)

Aborting.

I hope my question makes more sense now.

with kind regards,
  Marcel

Marcel Koopmans
Elysium Open Systems

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Andreas Jellinghaus-2
To me everything looks "normal" to me:
Card initialized in an incompatible way.
Nothing OpenSC can fix. try to get it formatted
so you can initialize it with OpenSC.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Marcel Koopmans-2
In reply to this post by Nils Larsch
When I try to format the smartcard with muscleTools I get the following
issue.

zeus:~# muscleTool

MuscleCard Shell - type help for help

muscle > format
ERR: List Tokens First ! (0x0 Unknown SW: 0000)
muscle > list
ERR: Must Connect First ! (0xFF1C110 Unknown SW: FF1C110)
muscle > connect
ERR: List Tokens First ! (0x0 Unknown SW: 0000)


And creating a new pkcs15 structure will fail because of it.


zeus:~# pkcs15-init -EC -v
Connecting to card in reader GemPC Twin 00 00...
Using card driver Gemplus GPK driver.
About to erase card.
pkcs15-gpk.c:98:gpk_erase_card: This card is already personalized,
unable to create PKCS#15 structure.
Failed to erase card: Not supported

maybe somebody has to point me to more documentation...

with kind regards,
  Marcel

Marcel Koopmans
Elysium Open Systems


Nils Larsch wrote:

> Marcel Koopmans wrote:
>
>> Hello Everybody,
>>
>> I am using Gemplus GPK 16K Standard smartcards in a Gemplus GemPC Twin.
>> Using the GemSafe Toolbox under windows I can do many things with the
>> smartcard.
>> e.g. Get a list of tokens, delete tokens etc.
>>
>> Using Debian Linux, muscle, opensc my options are very limited.
>>
>> zeus:~# opensc-tool -a -v
>> Connecting to card in reader GemPC Twin 00 00...
>> Using card driver Gemplus GPK driver.
>> Card ATR: 3B A7 00 40 18 80 65 A2 09 01 03 52 ;..@..e....R
>>
>> zeus:~# opensc-explorer OpenSC Explorer version 0.9.6
>> OpenSC [3F00]> info
>>
>> Dedicated File  ID 3F00
>>
>> File path:     3F00
>> File size:     0 bytes
>> ACL for SELECT:          NONE
>> ACL for LOCK:            PROT
>> ACL for DELETE:          NEVR
>> ACL for CREATE:          PROT
>> ACL for REHABILITATE:    NEVR
>> ACL for INVALIDATE:      NEVR
>> ACL for LIST FILES:      NEVR
>>
>> This is done with the same reader and card, just a different machine.
>> Is there any reason for the differences?
>
>
> perhaps I'm overtired but which differences ? note: there's a
> somewhat experimental gemsafe in the current trunk but the support
> for gemsafe cards is somewhat problematic due to gemplus's information
> policy.
>
> Nils
>
> .
>

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Nils Larsch
Marcel Koopmans wrote:

> When I try to format the smartcard with muscleTools I get the following
> issue.
>
> zeus:~# muscleTool
>
> MuscleCard Shell - type help for help
>
> muscle > format
> ERR: List Tokens First ! (0x0 Unknown SW: 0000)
> muscle > list
> ERR: Must Connect First ! (0xFF1C110 Unknown SW: FF1C110)
> muscle > connect
> ERR: List Tokens First ! (0x0 Unknown SW: 0000)

since when does muscle support normal gemplus gpk 16k cards ?

>
>
> And creating a new pkcs15 structure will fail because of it.
>
>
> zeus:~# pkcs15-init -EC -v
> Connecting to card in reader GemPC Twin 00 00...
> Using card driver Gemplus GPK driver.
> About to erase card.
> pkcs15-gpk.c:98:gpk_erase_card: This card is already personalized,
> unable to create PKCS#15 structure.
> Failed to erase card: Not supported

once the card has personalized it cannot be erased again (more
precisely, once a certain flag has been set the erase card doesn't
work anymore)

Nils

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Functionality of a smartcard

Ludovic Rousseau
On 09/09/05, Nils Larsch <[hidden email]> wrote:
> Marcel Koopmans wrote:
> > When I try to format the smartcard with muscleTools I get the following
> > issue.
> since when does muscle support normal gemplus gpk 16k cards ?

Musclecard does NOT support the GPK. Unless someone add the support of
course :-)


> > zeus:~# pkcs15-init -EC -v
> > Connecting to card in reader GemPC Twin 00 00...
> > Using card driver Gemplus GPK driver.
> > About to erase card.
> > pkcs15-gpk.c:98:gpk_erase_card: This card is already personalized,
> > unable to create PKCS#15 structure.
> > Failed to erase card: Not supported
>
> once the card has personalized it cannot be erased again (more
> precisely, once a certain flag has been set the erase card doesn't
> work anymore)

You can try to use the GemSafe emulation layer. I had some success
with it. You may not be able to add objects in the card using OpenSC
but you should be able to read/use objects created under Windows.

In /etc/opensc/opensc.conf add "gemsafe" to the "builtin_emulators" list.
You can also set "try_emulation_first = yes;" to avoid a warning.

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user