Fw: PuTTYCard - any users out there

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fw: PuTTYCard - any users out there

jari.heikkinen
Hi,

I got my card unlocked.

You listed:
> PuTTYcard,PuTTYiso7816.dll,3F00,BBBB,CC,DD
> AAAA is the path of the DF that contains the RSA-key,
> BBBB is the relative path of the public-key-file,
> CC is ths key-reference of the private-key, DD is the PIN-reference.


The path for the certificate in e-gate is
        3F00 5015 4545
and it uses pin number 01, which is your DD, CC I think is 45.

However I can not figure out what to put into BBBB?

> I assume you start my patched pageant.exe with one
> argument, i.e. the name of a smartcard keyfile.

Is the pageant included in the following bundle patched?
        http://www.opensc.org/files/scb-0.3.exe

Best Regards,

JARI HEIKKINEN

MODIRUM
Mobile +358 40 555 0125 Fax +358 9 251 66100
Tel. +358 9 25123737, +372 644 4205,
+1 650 557 2064, +44 20 7871 3122, +852 8199 0064
Mannerheimintie 12 B, FIN-00100 Helsinki, FINLAND
[hidden email] www.modirum.com

----- Forwarded by Jari Heikkinen/Modirum on 24.05.2005 17:04 -----

Jari Heikkinen/Modirum
24.05.2005 09:13

To
"Peter Koch" <[hidden email]>
cc

Subject
Re: PuTTYCard - any users out there






Hi,

I never got pageant working and I can not test it right now because I
managed to get my card locked. However putty worked right away by just
entering the dll name without any key parameters.

After the reply from Andreas, now I think I understand what you asked for.

I think the string you are looking for for finnish eid card is
3F00,5015,4332 but I am not sure. You propably can pick it up from the log

below:


OpenSC [3F00]> ls
FileID  Type  Size^
 2F01    wEF    18^
 0000    iEF    32^
 0002    wEF    32
 2F00    wEF    96
 0080    iEF    96
[5015]    DF     0      Name: \xA0\x00\x00\x00cPKCS-15

OpenSC [3F00]> cd 5015
OpenSC [3F00/5015]> ls
FileID  Type  Size
 5032    wEF    96
 5031    wEF    96
 4401    wEF   160
 0040    iEF    32
 4402    wEF   288
 4B01    iEF   364

OpenSC [3F00/5015]> get 433F
OpenSC [3F00/5015]> get 4332
exit

# openssl x509 -inform der -text -in 3F00_5015_4331 | grep -A 2 Key\ Usage
            X509v3 Key Usage: critical
                Non Repudiation

- this is the correct key, convert to pem
 # openssl x509 -inform der -text -in 3F00_5015_4331 -outform pem -out
mykey.pem


Step 7 - convert der public key to ssh public key
# cd tar
# gcc -lcrypto -lresolv  x509toOpenSSH.c -o X509toOpenSSH
# cd ..
# ./tar/x509toOpenSSH --help
# ./tar/x509toOpenSSH < mykey.pem > mykey.pub


Best Regards,

JARI HEIKKINEN

MODIRUM
Mobile +358 40 555 0125 Fax +358 9 251 66100
Tel. +358 9 25123737, +372 644 4205,
+1 650 557 2064, +44 20 7871 3122, +852 8199 0064
Mannerheimintie 12 B, FIN-00100 Helsinki, FINLAND
[hidden email] www.modirum.com




"Peter Koch" <[hidden email]>
19.05.2005 23:06

To
[hidden email]
cc

Subject
Re: PuTTYCard - any users out there






Hi Jari

Now I'm confused too.

I assume you start my patched pageant.exe with one
argument, i.e. the name of a smartcard keyfile.

This smartcard-keyfile does not contain a key but
the string "PuTTYcard," followed by the name of a
DLL and some additional information that the DLL
needs to find the key on your smartcard

So if you do:

pageant.exe file.ppt

than file.ppt should be a text file containing the
following line:

PuTTYcard,PuTTYiso7816.dll,AAAA,BBBB,CC,DD

This will  make pageant load the DLL PuTTYiso7816.dll
and the latter will load public key BBBB from directory AAAA
and will use private key CC in directory AAAA which
must be protected by PIN DD.

It's this additional information AAAA.BBBB.CC.DD that I
would like to put in the documentation. Without this
magic numbers you cannot use PuTTYcard and you
normally need infos from your cards manufacturer to
find out this numbers.

Somebody must have found out where the keys are
stored on finish ID-cards and Schlumberger e-token
and must have put this infosrmation into the keyfile
you are using.

I assumed that you were this person.

Or are you using the exampel keyfile from the ZIP-file?
If that was the case then finish ID cards and
Schlumberger e-token do store their keys at the exact
same position as the TCOS-card I'm using.

One easy way to find out those numbers is to look at
pageants keylist. They are invthe comment-field of the key.

Peter


Here's the README from PuTTYcard-1.0-DLL.zip:
=====================================
PuTTYcard is an extension to PuTTY, the free SSH-client
from Simon Tatham. With this extension PuTTY can use
RSA-keys from external devices, ie. smartcards, usb-tokens.

This archive contains PuTTYiso7816.dll, a DLL that
enables PuTTYcard to load keys from any ISO-7816-8
compatible smartcard.

PuTTYiso7816.dll was tested with TCOS-cards only.

You must specify the key that PuTTYiso7816.dll should
load in the keyfile in the following format.

PuTTYcard,PuTTYiso7816.dll,AAAA,BBBB,CC,DD

AAAA is the path of the DF that contains the RSA-key,
BBBB is the relative path of the public-key-file,
CC is ths key-reference of the private-key, DD is the
PIN-reference.

The public-key file must be a records-based file containing
2 records. THe first record must contain the modulus, the
second record must contain the public exponent, each
TLV-coded.

Let me know, if your card stores public-keys in a different
format.
______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193




_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Fw: PuTTYCard - any users out there

Andreas Jellinghaus-2
Hi Jari,

scb 0.3 contains putty plus the patches by kevin.
pageant isn't patched so far. (i.e. you need to ignore
the putty from scb and install puttycard instead, which
is peters code).

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user