Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

KoSuKe-2
Hi,

I have some problems with this card. I followed the instructions of http://blog.runtux.com/2009/12/05/150/, I used his pre-compiled version of applet and his install file. I uploaded the applet and everythig works fine.

After, I tried the following commands:

root@TheHell:/home/kosuke# opensc-tool -s 00:A4:04:00:06:A0:00:00:00:01:01 -s B0:2A:00:00:38:08:4D:75:73:63:6C:65:30:30:04:01:08:30:30:30:30:30:30:30:30:08:30:30:30:30:30:30:30:30:05:02:08:30:30:30:30:30:30:30:30:08:30:30:30:30:30:30:30:30:00:00:17:70:00:02:01

root@TheHell:/home/kosuke# pkcs15-init -E --create-pkcs15 --no-so-pin
Using reader with a card: C3PO LTC31 (00483736) 00 00
Unspecified PIN [reference 1] required.
Please enter Unspecified PIN [reference 1]:

root@TheHell:/home/kosuke# pkcs15-init --store-pin --auth-id 01 --label "Blas" -vvv
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 0
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 0
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Using reader with a card: C3PO LTC31 (00483736) 00 00
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Connecting to card in reader C3PO LTC31 (00483736) 00 00...
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-pcsc.c:532:pcsc_connect: After connect protocol = 1
[pkcs15-init] reader-pcsc.c:551:pcsc_connect: Requesting reader features ...
[pkcs15-init] reader-pcsc.c:592:pcsc_connect: Reader supports pinpad PIN verification
[pkcs15-init] reader-pcsc.c:602:pcsc_connect: Reader supports pinpad PIN modification
[pkcs15-init] reader-pcsc.c:621:pcsc_connect: Returned PIN properties structure has bad length (8)
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called
[pkcs15-init] card-default.c:51:autodetect_class: autodetecting CLA byte
[pkcs15-init] card-default.c:54:autodetect_class: trying with 0x00
[pkcs15-init] card-default.c:75:autodetect_class: got strange SWs: 0x6D 0x00
[pkcs15-init] card-default.c:82:autodetect_class: detected CLA byte as 0x00
[pkcs15-init] card-default.c:86:autodetect_class: SELECT FILE returned 0 bytes
[pkcs15-init] card.c:221:sc_connect_card: card info: Muscle Card, -1, 0x3
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0
Using card driver Muscle Card Driver.
[pkcs15-init] card.c:668:sc_card_ctl: called
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:399:sc_read_binary: called; 128 bytes at index 0
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: 0      Length: 128
[pkcs15-init] card-muscle.c:198:muscle_read_binary: returning with: 128
[pkcs15-init] card.c:430:sc_read_binary: returning with: 128
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] profile.c:318:sc_profile_load: Trying profile file /usr/share/opensc/pkcs15.profile
[pkcs15-init] profile.c:326:sc_profile_load: profile /usr/share/opensc/pkcs15.profile loaded ok
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] profile.c:318:sc_profile_load: Trying profile file /usr/share/opensc/muscle.profile
[pkcs15-init] profile.c:326:sc_profile_load: profile /usr/share/opensc/muscle.profile loaded ok
[pkcs15-init] pkcs15.c:700:sc_pkcs15_bind: called
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f002f00
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:399:sc_read_binary: called; 128 bytes at index 0
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: 0      Length: 128
[pkcs15-init] card-muscle.c:198:muscle_read_binary: returning with: 128
[pkcs15-init] card.c:430:sc_read_binary: returning with: 128
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155031
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:399:sc_read_binary: called; 256 bytes at index 0
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: 0      Length: 255
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: ff     Length: 1
[pkcs15-init] card-muscle.c:198:muscle_read_binary: returning with: 256
[pkcs15-init] card.c:430:sc_read_binary: returning with: 256
[pkcs15-init] pkcs15.c:623:sc_pkcs15_bind_internal: The following DFs were found:
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal:   DF type 8, path 3f0050154401, index 0, count -1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155032
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:399:sc_read_binary: called; 128 bytes at index 0
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: 0      Length: 128
[pkcs15-init] card-muscle.c:198:muscle_read_binary: returning with: 128
[pkcs15-init] card.c:430:sc_read_binary: returning with: 128
Found MUSCLE
About to store PIN.
New User PIN.
Please enter User PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
[pkcs15-init] pkcs15.c:1684:sc_pkcs15_read_file: called, path=3f0050154401, index=0, count=-1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154401
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:399:sc_read_binary: called; 256 bytes at index 0
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: 0      Length: 255
[pkcs15-init] muscle.c:84:msc_partial_read_object: READ: Offset: ff     Length: 1
[pkcs15-init] card-muscle.c:198:muscle_read_binary: returning with: 256
[pkcs15-init] card.c:430:sc_read_binary: returning with: 256
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3317:sc_pkcs15init_authenticate: path=3f005015, op=3
[pkcs15-init] pkcs15-lib.c:3327:sc_pkcs15init_authenticate: r:[0x00000000]
[pkcs15-init] pkcs15-lib.c:3328:sc_pkcs15init_authenticate: acl:[0x7f2546a0]
[pkcs15-init] pkcs15-lib.c:3338:sc_pkcs15init_authenticate: none
[pkcs15-init] pkcs15-lib.c:2624:sc_pkcs15init_add_object: called, DF 8 obj 0x1742c70
[pkcs15-init] pkcs15-lib.c:3452:sc_pkcs15init_update_file: called, path=3f0050154401, 67 bytes
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154401
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3317:sc_pkcs15init_authenticate: path=3f0050154401, op=1
[pkcs15-init] pkcs15-lib.c:3327:sc_pkcs15init_authenticate: r:[0x00000000]
[pkcs15-init] pkcs15-lib.c:3328:sc_pkcs15init_authenticate: acl:[0x017463f0]
[pkcs15-init] pkcs15-lib.c:3345:sc_pkcs15init_authenticate: verify
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154401
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] sec.c:154:sc_pin_cmd: called
[pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=0F
[pkcs15-init] sec.c:201:sc_pin_cmd: returning with: Card command failed
[pkcs15-init] pkcs15-lib.c:3161:do_get_and_verify_secret: Failed to verify user PIN (ref=0x1)
Failed to store PIN: Card command failed

[pkcs15-init] pkcs15-lib.c:3452:sc_pkcs15init_update_file: called, path=3f0050155032, 57 bytes
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155032
[pkcs15-init] card-muscle.c:432:muscle_select_file: returning with: 0
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3317:sc_pkcs15init_authenticate: path=3f0050155032, op=1
[pkcs15-init] pkcs15-lib.c:3327:sc_pkcs15init_authenticate: r:[0x00000000]
[pkcs15-init] pkcs15-lib.c:3328:sc_pkcs15init_authenticate: acl:[0x7f2546a0]
[pkcs15-init] pkcs15-lib.c:3338:sc_pkcs15init_authenticate: none
[pkcs15-init] card.c:483:sc_update_binary: called; 128 bytes at index 0
[pkcs15-init] muscle.c:191:msc_partial_update_object: WRITE: Offset: 0  Length: 128
[pkcs15-init] card.c:514:sc_update_binary: returning with: 128
[pkcs15-init] pkcs15.c:819:sc_pkcs15_unbind: called
[pkcs15-init] card.c:236:sc_disconnect_card: called
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0
[pkcs15-init] ctx.c:765:sc_release_context: called
[pkcs15-init] reader-openct.c:168:openct_reader_release: called
[pkcs15-init] reader-openct.c:168:openct_reader_release: called
[pkcs15-init] reader-openct.c:154:openct_reader_finish: called


What am I doing wrong?

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

Martin Paljak-2
Hello,

On Sat, Oct 9, 2010 at 15:18, KoSuKe <[hidden email]> wrote:

> root@TheHell:/home/kosuke# pkcs15-init -E --create-pkcs15 --no-so-pin
> Using reader with a card: C3PO LTC31 (00483736) 00 00
> Unspecified PIN [reference 1] required.
> Please enter Unspecified PIN [reference 1]:
> [pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=0F
> [pkcs15-init] sec.c:201:sc_pin_cmd: returning with: Card command failed
> [pkcs15-init] pkcs15-lib.c:3161:do_get_and_verify_secret: Failed to verify
> user PIN (ref=0x1)

As the same PIN is apparently correctly verified before, please send a
debug output with the APDU-s by setting "debug=9" in opensc.conf for
both --create-pkcs15 as well as --store-pin

The error itself means "incorrect parameter".
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

KoSuKe-2
Hi,

The only way to make work this card is if I use the same PIN for everything

root@TheHell:/home/kosuke# pkcs15-init -E --create-pkcs15 --no-so-pin
Using reader with a card: C3PO LTC31 (00483736) 00 00
Unspecified PIN [reference 1] required.
Please enter Unspecified PIN [reference 1]: 00000000

root@TheHell:/home/kosuke# pkcs15-init --store-pin --auth-id 01 --label "Fernando M. Imedio"
Using reader with a card: C3PO LTC31 (00483736) 00 00
New User PIN.
Please enter User PIN: 00000000
Please type again to verify: 00000000
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): 00000000
Please type again to verify: 00000000

If I use a diferent PIN or PUK pkcs15-init fails. Can't I change the PIN?

Then, I try to upload a P12 certificate

root@TheHell:/tmp/SSL# pkcs15-init --split-key -S cert_usuario.p12 -f PKCS12 -a 01
Using reader with a card: C3PO LTC31 (00483736) 00 00
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Please enter passphrase to unlock secret key:
Importing 2 certificates:
  0: /C=ES/ST=Madrid/L=Madrid/O=Labs/CN=Fernando/emailAddress=[hidden email]
  1: /C=ES/ST=Madrid/L=Madrid/O=Labs/CN=CA_cool/emailAddress=[hidden email]
User PIN required.
Please enter User PIN: 00000000
[pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=02
[pkcs15-init] sec.c:201:sc_pin_cmd: returning with: Card command failed
[pkcs15-init] pkcs15-lib.c:3161:do_get_and_verify_secret: Failed to verify user PIN (ref=0x1)
[pkcs15-init] pkcs15-muscle.c:192:muscle_store_key: returning with: Not supported
Failed to store private key: Not supported


Is that possible? or at first i have to generate a key into the card and then I have to generate a certificate request with this key?
Can I upload a private key? How?
I can generate the key witout problems

root@TheHell:/home/kosuke# pkcs15-init --generate-key rsa/2048 --auth-id 01 --split-key
Using reader with a card: C3PO LTC31 (00483736) 00 00
User PIN required.
Please enter User PIN: 00000000
root@TheHell:/home/kosuke# pkcs15-tool --list-keys
Using reader with a card: C3PO LTC31 (00483736) 00 00
Private RSA Key [Private Key]
        Com. Flags  : 3
        Usage       : [0x4], sign
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
        ModLength   : 2048
        Key ref     : 0
        Native      : yes
        Path        : 3f005015
        Auth ID     : 01
        ID          : 45


Thanks :)

Kosuke.

El 09/10/10 14:49, Martin Paljak escribió:
Hello,

On Sat, Oct 9, 2010 at 15:18, KoSuKe [hidden email] wrote:

root@TheHell:/home/kosuke# pkcs15-init -E --create-pkcs15 --no-so-pin
Using reader with a card: C3PO LTC31 (00483736) 00 00
Unspecified PIN [reference 1] required.
Please enter Unspecified PIN [reference 1]:
[pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=0F
[pkcs15-init] sec.c:201:sc_pin_cmd: returning with: Card command failed
[pkcs15-init] pkcs15-lib.c:3161:do_get_and_verify_secret: Failed to verify
user PIN (ref=0x1)
As the same PIN is apparently correctly verified before, please send a
debug output with the APDU-s by setting "debug=9" in opensc.conf for
both --create-pkcs15 as well as --store-pin

The error itself means "incorrect parameter".


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

KoSuKe-2
Hi,

In the end, everything work fine with this card (Linux login, etc), except that I can't change the PIN.

I have to use the same PIN for everything (00000000), then I can upload a private key, a public key, etc, without problems.

If I try to change the PIN with pkcs15-tool..

root@TheHell:/home/kosuke# pkcs15-tool --change-pin -a 01
Using reader with a card: C3PO LTC31 (00483736) 00 00
Enter old PIN [Blas]: 00000000
Enter new PIN [Blas]: 12345
Enter new PIN again [Blas]: 12345
[pkcs15-tool] iso7816.c:950:iso7816_pin_cmd: Card driver didn't set PIN offset
[pkcs15-tool] sec.c:201:sc_pin_cmd: returning with: Invalid arguments
PIN code change failed: Invalid arguments


This is the last thing that I need to finalize my tests.

Thanks to all :)


El 09/10/10 15:48, KoSuKe escribió:
Hi,

The only way to make work this card is if I use the same PIN for everything

root@TheHell:/home/kosuke# pkcs15-init -E --create-pkcs15 --no-so-pin
Using reader with a card: C3PO LTC31 (00483736) 00 00
Unspecified PIN [reference 1] required.
Please enter Unspecified PIN [reference 1]: 00000000

root@TheHell:/home/kosuke# pkcs15-init --store-pin --auth-id 01 --label "Fernando M. Imedio"
Using reader with a card: C3PO LTC31 (00483736) 00 00
New User PIN.
Please enter User PIN: 00000000
Please type again to verify: 00000000
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): 00000000
Please type again to verify: 00000000

If I use a diferent PIN or PUK pkcs15-init fails. Can't I change the PIN?

Then, I try to upload a P12 certificate

root@TheHell:/tmp/SSL# pkcs15-init --split-key -S cert_usuario.p12 -f PKCS12 -a 01
Using reader with a card: C3PO LTC31 (00483736) 00 00
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Please enter passphrase to unlock secret key:
Importing 2 certificates:
  0: /C=ES/ST=Madrid/L=Madrid/O=Labs/CN=Fernando/emailAddress=[hidden email]
  1: /C=ES/ST=Madrid/L=Madrid/O=Labs/CN=CA_cool/emailAddress=[hidden email]
User PIN required.
Please enter User PIN: 00000000
[pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=02
[pkcs15-init] sec.c:201:sc_pin_cmd: returning with: Card command failed
[pkcs15-init] pkcs15-lib.c:3161:do_get_and_verify_secret: Failed to verify user PIN (ref=0x1)
[pkcs15-init] pkcs15-muscle.c:192:muscle_store_key: returning with: Not supported
Failed to store private key: Not supported


Is that possible? or at first i have to generate a key into the card and then I have to generate a certificate request with this key?
Can I upload a private key? How?
I can generate the key witout problems

root@TheHell:/home/kosuke# pkcs15-init --generate-key rsa/2048 --auth-id 01 --split-key
Using reader with a card: C3PO LTC31 (00483736) 00 00
User PIN required.
Please enter User PIN: 00000000
root@TheHell:/home/kosuke# pkcs15-tool --list-keys
Using reader with a card: C3PO LTC31 (00483736) 00 00
Private RSA Key [Private Key]
        Com. Flags  : 3
        Usage       : [0x4], sign
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
        ModLength   : 2048
        Key ref     : 0
        Native      : yes
        Path        : 3f005015
        Auth ID     : 01
        ID          : 45


Thanks :)

Kosuke.

El 09/10/10 14:49, Martin Paljak escribió:
Hello,

On Sat, Oct 9, 2010 at 15:18, KoSuKe [hidden email] wrote:

root@TheHell:/home/kosuke# pkcs15-init -E --create-pkcs15 --no-so-pin
Using reader with a card: C3PO LTC31 (00483736) 00 00
Unspecified PIN [reference 1] required.
Please enter Unspecified PIN [reference 1]:
[pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=0F
[pkcs15-init] sec.c:201:sc_pin_cmd: returning with: Card command failed
[pkcs15-init] pkcs15-lib.c:3161:do_get_and_verify_secret: Failed to verify
user PIN (ref=0x1)
As the same PIN is apparently correctly verified before, please send a
debug output with the APDU-s by setting "debug=9" in opensc.conf for
both --create-pkcs15 as well as --store-pin

The error itself means "incorrect parameter".


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

Martin Paljak-2

On Oct 10, 2010, at 7:02 PM, KoSuKe wrote:

> Hi,
>
> In the end, everything work fine with this card (Linux login, etc), except that I can't change the PIN.
>
> I have to use the same PIN for everything (00000000), then I can upload a private key, a public key, etc, without problems.
>
> If I try to change the PIN with pkcs15-tool..
>
> root@TheHell:/home/kosuke# pkcs15-tool --change-pin -a 01
> Using reader with a card: C3PO LTC31 (00483736) 00 00
> Enter old PIN [Blas]: 00000000
> Enter new PIN [Blas]: 12345
> Enter new PIN again [Blas]: 12345
> [pkcs15-tool] iso7816.c:950:iso7816_pin_cmd: Card driver didn't set PIN offset
> [pkcs15-tool] sec.c:201:sc_pin_cmd: returning with: Invalid arguments
> PIN code change failed: Invalid arguments

Strange, this code is only used if you have a pinpad, which your reader does not have. What is the output of opensc-tool -l ?


--
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

KoSuKe-2


El 10/10/10 18:18, Martin Paljak escribió:

> On Oct 10, 2010, at 7:02 PM, KoSuKe wrote:
>
>> Hi,
>>
>> In the end, everything work fine with this card (Linux login, etc), except that I can't change the PIN.
>>
>> I have to use the same PIN for everything (00000000), then I can upload a private key, a public key, etc, without problems.
>>
>> If I try to change the PIN with pkcs15-tool..
>>
>> root@TheHell:/home/kosuke# pkcs15-tool --change-pin -a 01
>> Using reader with a card: C3PO LTC31 (00483736) 00 00
>> Enter old PIN [Blas]: 00000000
>> Enter new PIN [Blas]: 12345
>> Enter new PIN again [Blas]: 12345
>> [pkcs15-tool] iso7816.c:950:iso7816_pin_cmd: Card driver didn't set PIN offset
>> [pkcs15-tool] sec.c:201:sc_pin_cmd: returning with: Invalid arguments
>> PIN code change failed: Invalid arguments
> Strange, this code is only used if you have a pinpad, which your reader does not have. What is the output of opensc-tool -l ?
>
>

root@TheHell:/tmp/SSL# opensc-tool -l
Readers known about:
Nr.    Driver     Name
0      openct     OpenCT reader (detached)
1      openct     OpenCT reader (detached)
2      pcsc       C3PO LTC31 (00483736) 00 00

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

KoSuKe-2
  Sorry, It's my mistake. I had enable pinpad in
/etc/opensc/opensc.conf. After disabled it, everything is working fine.

Thanks.

El 10/10/10 18:24, KoSuKe escribió:

>
>
> El 10/10/10 18:18, Martin Paljak escribió:
>> On Oct 10, 2010, at 7:02 PM, KoSuKe wrote:
>>
>>> Hi,
>>>
>>> In the end, everything work fine with this card (Linux login, etc),
>>> except that I can't change the PIN.
>>>
>>> I have to use the same PIN for everything (00000000), then I can
>>> upload a private key, a public key, etc, without problems.
>>>
>>> If I try to change the PIN with pkcs15-tool..
>>>
>>> root@TheHell:/home/kosuke# pkcs15-tool --change-pin -a 01
>>> Using reader with a card: C3PO LTC31 (00483736) 00 00
>>> Enter old PIN [Blas]: 00000000
>>> Enter new PIN [Blas]: 12345
>>> Enter new PIN again [Blas]: 12345
>>> [pkcs15-tool] iso7816.c:950:iso7816_pin_cmd: Card driver didn't set
>>> PIN offset
>>> [pkcs15-tool] sec.c:201:sc_pin_cmd: returning with: Invalid arguments
>>> PIN code change failed: Invalid arguments
>> Strange, this code is only used if you have a pinpad, which your
>> reader does not have. What is the output of opensc-tool -l ?
>>
>>
>
> root@TheHell:/tmp/SSL# opensc-tool -l
> Readers known about:
> Nr.    Driver     Name
> 0      openct     OpenCT reader (detached)
> 1      openct     OpenCT reader (detached)
> 2      pcsc       C3PO LTC31 (00483736) 00 00
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

Martin Paljak-2
In reply to this post by KoSuKe-2

On Oct 10, 2010, at 7:24 PM, KoSuKe wrote:

> El 10/10/10 18:18, Martin Paljak escribió:
>> On Oct 10, 2010, at 7:02 PM, KoSuKe wrote:
>>
>>> Hi,
>>>
>>> In the end, everything work fine with this card (Linux login, etc), except that I can't change the PIN.
>>>
>>> I have to use the same PIN for everything (00000000), then I can upload a private key, a public key, etc, without problems.
>>>
>>> If I try to change the PIN with pkcs15-tool..
>>>
>>> root@TheHell:/home/kosuke# pkcs15-tool --change-pin -a 01
>>> Using reader with a card: C3PO LTC31 (00483736) 00 00
>>> Enter old PIN [Blas]: 00000000
>>> Enter new PIN [Blas]: 12345
>>> Enter new PIN again [Blas]: 12345
>>> [pkcs15-tool] iso7816.c:950:iso7816_pin_cmd: Card driver didn't set PIN offset
>>> [pkcs15-tool] sec.c:201:sc_pin_cmd: returning with: Invalid arguments
>>> PIN code change failed: Invalid arguments
>> Strange, this code is only used if you have a pinpad, which your reader does not have. What is the output of opensc-tool -l ?
>>
>>
>
> root@TheHell:/tmp/SSL# opensc-tool -l
> Readers known about:
> Nr.    Driver     Name
> 0      openct     OpenCT reader (detached)
> 1      openct     OpenCT reader (detached)
> 2      pcsc       C3PO LTC31 (00483736) 00 00
OK. Can you try a recent SVN snapshot[1]? The code should not be reached if a pinpad is not found either way, but newer version prints the capabilities of the reader in opensc-tool -l output.
Either way, a full debug log as instructed in [2] would be needed.

[1] http://www.opensc-project.org/files/opensc/snapshots/opensc-0.12.0-svn-r4706.tar.gz
[2] http://www.opensc-project.org/opensc/wiki/ReportingBugs
--
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

Martin Paljak-2
In reply to this post by KoSuKe-2

On Oct 10, 2010, at 7:29 PM, KoSuKe wrote:

>  Sorry, It's my mistake. I had enable pinpad in
> /etc/opensc/opensc.conf. After disabled it, everything is working fine.

This option should only control the detection of a pinpad and should normally be set to "true", unless you don't want to/can't use your pinpad for some reason.

Is [1] your reader ? As said, please send the full opensc-debug.log, or at least the beginning of it where the reader detection happens.

[1] http://pcsclite.alioth.debian.org/ccid/supported.html#0x07830x0006

--
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

Martin Paljak-2

On Oct 10, 2010, at 8:33 PM, KoSuKe wrote:

>> Is [1] your reader ? As said, please send the full opensc-debug.log, or at least the beginning of it where the reader detection happens.
>>
>> [1]
>> http://pcsclite.alioth.debian.org/ccid/supported.html#0x07830x0006
>>
>>
>>
> Yes, this is my reader.

Apparently not.

From the log:
[opensc-tool] reader-pcsc.c:595:pcsc_connect: Reader supports pinpad PIN verification but it's disabled in configuration file
[opensc-tool] reader-pcsc.c:605:pcsc_connect: Reader supports pinpad PIN modification but it's disabled in configuration file


But the reader in that link does NOT have a pinpad. Maybe you can follow [1]

[1] http://pcsclite.alioth.debian.org/ccid.html#CCID_compliant
--
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Gemalto TOP IM FIPS CY2 (Cyberflex 64k v2 Pegasus)

KoSuKe-2
  Here it is the output.txt file

  idVendor: 0x0783
   iManufacturer: C3PO
  idProduct: 0x0006
   iProduct: USB SMARTCARD READER
  bcdDevice: 2.50 (firmware release?)
  bLength: 9
  bDescriptorType: 4
  bInterfaceNumber: 0
  bAlternateSetting: 0
  bNumEndpoints: 3
   bulk-IN, bulk-OUT and Interrupt-IN
  bInterfaceClass: 0x0B [Chip Card Interface Device Class (CCID)]
  bInterfaceSubClass: 0
  bInterfaceProtocol: 0
   bulk transfer, optional interrupt-IN (CCID)
  iInterface: ?
  CCID Class Descriptor
   bLength: 0x36
   bDescriptorType: 0x21
   bcdCCID: 1.01
   bMaxSlotIndex: 0x00
   bVoltageSupport: 0x01
    5.0V
   dwProtocols: 0x0000 0x0003
    T=0
    T=1
   dwDefaultClock: 4.000 MHz
   dwMaximumClock: 8.000 MHz
   bNumClockSupported: 0 (will use whatever is returned)
    IFD does not support GET CLOCK FREQUENCIES request: Success
   dwDataRate: 9600 bps
   dwMaxDataRate: 230400 bps
   bNumDataRatesSupported: 0 (will use whatever is returned)
    IFD does not support GET_DATA_RATES request: Success
   dwMaxIFSD: 254
   dwSynchProtocols: 0x00000007
    2-wire protocol
    3-wire protocol
    I2C protocol
   dwMechanical: 0x00000000
    No special characteristics
   dwFeatures: 0x000100BA
    ....02 Automatic parameter configuration based on ATR data
    ....08 Automatic ICC voltage selection
    ....10 Automatic ICC clock frequency change according to parameters
    ....20 Automatic baud rate change according to frequency and Fi, Di
params
    ....80 Automatic PPS made by the CCID
    01.... TPDU level exchange
   dwMaxCCIDMessageLength: 271 bytes
   bClassGetResponse: 0x00
   bClassEnveloppe: 0x00
   wLcdLayout: 0x0000
   bPINSupport: 0x03
    PIN Verification supported
    PIN Modification supported
   bMaxCCIDBusySlots: 1


El 10/10/10 20:02, Martin Paljak escribió:

> On Oct 10, 2010, at 8:33 PM, KoSuKe wrote:
>
>>> Is [1] your reader ? As said, please send the full opensc-debug.log, or at least the beginning of it where the reader detection happens.
>>>
>>> [1]
>>> http://pcsclite.alioth.debian.org/ccid/supported.html#0x07830x0006
>>>
>>>
>>>
>> Yes, this is my reader.
> Apparently not.
>
>  From the log:
> [opensc-tool] reader-pcsc.c:595:pcsc_connect: Reader supports pinpad PIN verification but it's disabled in configuration file
> [opensc-tool] reader-pcsc.c:605:pcsc_connect: Reader supports pinpad PIN modification but it's disabled in configuration file
>
>
> But the reader in that link does NOT have a pinpad. Maybe you can follow [1]
>
> [1] http://pcsclite.alioth.debian.org/ccid.html#CCID_compliant
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user