ITA CNS "Class not supported" error while accessing CNS1

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

ITA CNS "Class not supported" error while accessing CNS1

Andrea Cremaschi
Hi

I am encountering an issue while trying to login to a smart card via PKCS11 to access the private key that I should use for electronic signature.
I am using two different Feitian Reader with an Italian CNS smart card, that should be fully supported by itacns module driver.
The card contains two different certificates (CNS0 and CNS1), one (CNS0) used for authentication and the other one (CNS1) for electronic signature.
Everything is ok if I use the CNS0. When I try to access the CNS1 the card fails to login resulting in a CKR_GENERAL_ERROR.
As I increase the debug level to 6 I can see that iso7816.c fails with "Class not supported" message right after sending the PIN via APDU (in attachment all the other relevant debug logs)

How should I interpret this error? Am I doing something not implemented in the itacns module driver?
How should I proceed to debug this further?

Thanks
Andrea Cremaschi

$ OPENSC_DEBUG=6 pkcs11-tool --module /Library/OpenSC/lib/opensc-pkcs11.so -l -p <MYPIN> -t --token-label 'ANDREA CREMASCHI (PIN CNS1)'


0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11] sec.c:157:sc_pin_cmd: called
0x7fff79804180 18:24:27.137 [opensc-pkcs11] apdu.c:559:sc_transmit_apdu: called
0x7fff79804180 18:24:27.137 [opensc-pkcs11] card.c:364:sc_lock: called
0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11] apdu.c:526:sc_transmit: called
0x7fff79804180 18:24:27.137 [opensc-pkcs11] apdu.c:380:sc_single_transmit: called
0x7fff79804180 18:24:27.137 [opensc-pkcs11] apdu.c:385:sc_single_transmit: CLA:0, INS:20, P1:0, P2:9A, data(8) 0x7fff5fbfc857
0x7fff79804180 18:24:27.140733193388169 [opensc-pkcs11] reader-pcsc.c:249:pcsc_transmit: reader 'Bluetooth Reader 00 00'
0x7fff79804180 18:24:27.140733193388169 [opensc-pkcs11] apdu.c:185:sc_apdu_log:
Outgoing APDU data [   13 bytes] =====================================
< DATA OMITTED ( MY PIN ) >
======================================================================
0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7fff79804180 18:24:27.-4294966908 [opensc-pkcs11] apdu.c:185:sc_apdu_log:
Incoming APDU data [    2 bytes] =====================================
6E 00 n.
======================================================================
0x7fff79804180 18:24:27.4412750542095253892 [opensc-pkcs11] apdu.c:395:sc_single_transmit: returning with: 0 (Success)
0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11] apdu.c:548:sc_transmit: returning with: 0 (Success)
0x7fff79804180 18:24:27.4294967684 [opensc-pkcs11] card.c:402:sc_unlock: called
0x7fff79804180 18:24:27.3763094162564448644 [opensc-pkcs11] iso7816.c:102:iso7816_check_sw: Class not supported
0x7fff79804180 18:24:27.4294967684 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: -1203 (Unsupported CLA byte in APDU)
0x7fff79804180 18:24:27.3616721591217422724 [opensc-pkcs11] pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1203
0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11] card.c:402:sc_unlock: called
0x7fff79804180 18:24:27.388 [opensc-pkcs11] reader-pcsc.c:554:pcsc_unlock: called
0x7fff79804180 18:24:27.2332074268570943876 [opensc-pkcs11] pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: -1203 (Unsupported CLA byte in APDU)
0x7fff79804180 18:24:27.388 [opensc-pkcs11] framework-pkcs15.c:1464:pkcs15_login: PKCS15 verify PIN returned -1203
0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc return value: -1203 (Unsupported CLA byte in APDU)
0x7fff79804180 18:24:27.389 [opensc-pkcs11] pkcs11-global.c:287:C_Finalize: C_Finalize()
0x7fff79804180 18:24:27.4294967685 [opensc-pkcs11] ctx.c:764:sc_cancel: called




------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

error_dump.txt (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ITA CNS "Class not supported" error while accessing CNS1

Martin Paljak-4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,


Just a wild guess: signature key requires secure messaging and this is
not implemented in your card driver.

Have you contacted the author? Emanuele Pucciarelli <[hidden email]>

Martin

On 14/03/14 17:25 , Andrea Cremaschi wrote:

> Hi
>
> I am encountering an issue while trying to login to a smart card
> via PKCS11 to access the private key that I should use for
> electronic signature. I am using two different Feitian Reader with
> an Italian CNS smart card, that should be fully supported by itacns
> module driver. The card contains two different certificates (CNS0
> and CNS1), one (CNS0) used for authentication and the other one
> (CNS1) for electronic signature. Everything is ok if I use the
> CNS0. When I try to access the CNS1 the card fails to login
> resulting in a CKR_GENERAL_ERROR. As I increase the debug level to
> 6 I can see that iso7816.c fails with "Class not supported" message
> right after sending the PIN via APDU (in attachment all the other
> relevant debug logs)
>
> How should I interpret this error? Am I doing something not
> implemented in the itacns module driver? How should I proceed to
> debug this further?
>
> Thanks Andrea Cremaschi
>
> $ OPENSC_DEBUG=6 pkcs11-tool --module
> /Library/OpenSC/lib/opensc-pkcs11.so -l -p <MYPIN> -t --token-label
> 'ANDREA CREMASCHI (PIN CNS1)'
>
> ? 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
> sec.c:157:sc_pin_cmd: called 0x7fff79804180 18:24:27.137
> [opensc-pkcs11] apdu.c:559:sc_transmit_apdu: called 0x7fff79804180
> 18:24:27.137 [opensc-pkcs11] card.c:364:sc_lock: called
> 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
> apdu.c:526:sc_transmit: called 0x7fff79804180 18:24:27.137
> [opensc-pkcs11] apdu.c:380:sc_single_transmit: called
> 0x7fff79804180 18:24:27.137 [opensc-pkcs11]
> apdu.c:385:sc_single_transmit: CLA:0, INS:20, P1:0, P2:9A, data(8)
> 0x7fff5fbfc857 0x7fff79804180 18:24:27.140733193388169
> [opensc-pkcs11] reader-pcsc.c:249:pcsc_transmit: reader 'Bluetooth
> Reader 00 00' 0x7fff79804180 18:24:27.140733193388169
> [opensc-pkcs11] apdu.c:185:sc_apdu_log: Outgoing APDU data [   13
> bytes] ===================================== < DATA OMITTED ( MY
> PIN ) >
> ======================================================================
>
>
0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
reader-pcsc.c:182:pcsc_internal_transmit: called
> 0x7fff79804180 18:24:27.-4294966908 [opensc-pkcs11]
> apdu.c:185:sc_apdu_log: Incoming APDU data [    2 bytes]
> ===================================== 6E 00 n.
> ======================================================================
>
>
0x7fff79804180 18:24:27.4412750542095253892 [opensc-pkcs11]
apdu.c:395:sc_single_transmit: returning with: 0 (Success)

> 0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11]
> apdu.c:548:sc_transmit: returning with: 0 (Success) 0x7fff79804180
> 18:24:27.4294967684 [opensc-pkcs11] card.c:402:sc_unlock: called
> 0x7fff79804180 18:24:27.3763094162564448644 [opensc-pkcs11]
> iso7816.c:102:iso7816_check_sw: Class not supported 0x7fff79804180
> 18:24:27.4294967684 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning
> with: -1203 (Unsupported CLA byte in APDU) 0x7fff79804180
> 18:24:27.3616721591217422724 [opensc-pkcs11]
> pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1203
> 0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11]
> card.c:402:sc_unlock: called 0x7fff79804180 18:24:27.388
> [opensc-pkcs11] reader-pcsc.c:554:pcsc_unlock: called
> 0x7fff79804180 18:24:27.2332074268570943876 [opensc-pkcs11]
> pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: -1203
> (Unsupported CLA byte in APDU) 0x7fff79804180 18:24:27.388
> [opensc-pkcs11] framework-pkcs15.c:1464:pkcs15_login: PKCS15 verify
> PIN returned -1203 0x7fff79804180 18:24:27.140733193388420
> [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc
> return value: -1203 (Unsupported CLA byte in APDU) 0x7fff79804180
> 18:24:27.389 [opensc-pkcs11] pkcs11-global.c:287:C_Finalize:
> C_Finalize() 0x7fff79804180 18:24:27.4294967685 [opensc-pkcs11]
> ctx.c:764:sc_cancel: called ?
>
>
>
>
> ------------------------------------------------------------------------------
>
>
Learn Graph Databases - Download FREE O'Reilly Book

> "Graph Databases" is the definitive new guide to graph databases
> and their applications. Written by three acclaimed leaders in the
> field, this first edition is now available. Download your free book
> today! http://p.sf.net/sfu/13534_NeoTech
>
>
>
> _______________________________________________ Opensc-devel
> mailing list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

- --
Martin
+372 515 6495
-----BEGIN PGP SIGNATURE-----
Comment: Pretty good, eh?

iQEcBAEBCAAGBQJTI16PAAoJEKzwIt3aPjKj5bcH/iqIWACp5LX4C0i0Zkt/5mjP
hdEqxkQco9APRPlDrfC4CTxlYBHdnXbWIg2H/66rpk2eVLkxfyCkKwtomRTJQyNB
AxZAADDqtMsAvGHqIlw01M4pcyfC30j7lnZYbBUAOIFvu7ULQDryQiPKaSN61E18
CIN4DyR4gVWAmCLzCrejMceUS7ckLPukuaEcKJ/Vc7TGCAFWVkFwdrSDD3ME0Re4
TRd8pGyCApflQTXPxSzR/ePEoV6balHnmVNSPhDJSTeWw6KJexbPb1XDlHpjdjCx
lcliMmLwP/jzLAlJnMcbSb8A1f3CgDEDVpCIX7M11qkw7sTsjqdSmLsQ27NXMgU=
=isXl
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ITA CNS "Class not supported" error while accessing CNS1

Andrea Cremaschi
Hi Martin,
thank you for your reply and for the suggestion, I’ll try to get in touch with him.
A.

Il giorno 14/mar/2014, alle ore 20:54, Martin Paljak <[hidden email]> ha scritto:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
>
> Just a wild guess: signature key requires secure messaging and this is
> not implemented in your card driver.
>
> Have you contacted the author? Emanuele Pucciarelli <[hidden email]>
>
> Martin
>
> On 14/03/14 17:25 , Andrea Cremaschi wrote:
>> Hi
>>
>> I am encountering an issue while trying to login to a smart card
>> via PKCS11 to access the private key that I should use for
>> electronic signature. I am using two different Feitian Reader with
>> an Italian CNS smart card, that should be fully supported by itacns
>> module driver. The card contains two different certificates (CNS0
>> and CNS1), one (CNS0) used for authentication and the other one
>> (CNS1) for electronic signature. Everything is ok if I use the
>> CNS0. When I try to access the CNS1 the card fails to login
>> resulting in a CKR_GENERAL_ERROR. As I increase the debug level to
>> 6 I can see that iso7816.c fails with "Class not supported" message
>> right after sending the PIN via APDU (in attachment all the other
>> relevant debug logs)
>>
>> How should I interpret this error? Am I doing something not
>> implemented in the itacns module driver? How should I proceed to
>> debug this further?
>>
>> Thanks Andrea Cremaschi
>>
>> $ OPENSC_DEBUG=6 pkcs11-tool --module
>> /Library/OpenSC/lib/opensc-pkcs11.so -l -p <MYPIN> -t --token-label
>> 'ANDREA CREMASCHI (PIN CNS1)'
>>
>> ? 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
>> sec.c:157:sc_pin_cmd: called 0x7fff79804180 18:24:27.137
>> [opensc-pkcs11] apdu.c:559:sc_transmit_apdu: called 0x7fff79804180
>> 18:24:27.137 [opensc-pkcs11] card.c:364:sc_lock: called
>> 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
>> apdu.c:526:sc_transmit: called 0x7fff79804180 18:24:27.137
>> [opensc-pkcs11] apdu.c:380:sc_single_transmit: called
>> 0x7fff79804180 18:24:27.137 [opensc-pkcs11]
>> apdu.c:385:sc_single_transmit: CLA:0, INS:20, P1:0, P2:9A, data(8)
>> 0x7fff5fbfc857 0x7fff79804180 18:24:27.140733193388169
>> [opensc-pkcs11] reader-pcsc.c:249:pcsc_transmit: reader 'Bluetooth
>> Reader 00 00' 0x7fff79804180 18:24:27.140733193388169
>> [opensc-pkcs11] apdu.c:185:sc_apdu_log: Outgoing APDU data [   13
>> bytes] ===================================== < DATA OMITTED ( MY
>> PIN ) >
>> ======================================================================
>>
>>
> 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
> reader-pcsc.c:182:pcsc_internal_transmit: called
>> 0x7fff79804180 18:24:27.-4294966908 [opensc-pkcs11]
>> apdu.c:185:sc_apdu_log: Incoming APDU data [    2 bytes]
>> ===================================== 6E 00 n.
>> ======================================================================
>>
>>
> 0x7fff79804180 18:24:27.4412750542095253892 [opensc-pkcs11]
> apdu.c:395:sc_single_transmit: returning with: 0 (Success)
>> 0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11]
>> apdu.c:548:sc_transmit: returning with: 0 (Success) 0x7fff79804180
>> 18:24:27.4294967684 [opensc-pkcs11] card.c:402:sc_unlock: called
>> 0x7fff79804180 18:24:27.3763094162564448644 [opensc-pkcs11]
>> iso7816.c:102:iso7816_check_sw: Class not supported 0x7fff79804180
>> 18:24:27.4294967684 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning
>> with: -1203 (Unsupported CLA byte in APDU) 0x7fff79804180
>> 18:24:27.3616721591217422724 [opensc-pkcs11]
>> pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1203
>> 0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11]
>> card.c:402:sc_unlock: called 0x7fff79804180 18:24:27.388
>> [opensc-pkcs11] reader-pcsc.c:554:pcsc_unlock: called
>> 0x7fff79804180 18:24:27.2332074268570943876 [opensc-pkcs11]
>> pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: -1203
>> (Unsupported CLA byte in APDU) 0x7fff79804180 18:24:27.388
>> [opensc-pkcs11] framework-pkcs15.c:1464:pkcs15_login: PKCS15 verify
>> PIN returned -1203 0x7fff79804180 18:24:27.140733193388420
>> [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc
>> return value: -1203 (Unsupported CLA byte in APDU) 0x7fff79804180
>> 18:24:27.389 [opensc-pkcs11] pkcs11-global.c:287:C_Finalize:
>> C_Finalize() 0x7fff79804180 18:24:27.4294967685 [opensc-pkcs11]
>> ctx.c:764:sc_cancel: called ?
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases
>> and their applications. Written by three acclaimed leaders in the
>> field, this first edition is now available. Download your free book
>> today! http://p.sf.net/sfu/13534_NeoTech
>>
>>
>>
>> _______________________________________________ Opensc-devel
>> mailing list [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>
> - --
> Martin
> +372 515 6495
> -----BEGIN PGP SIGNATURE-----
> Comment: Pretty good, eh?
>
> iQEcBAEBCAAGBQJTI16PAAoJEKzwIt3aPjKj5bcH/iqIWACp5LX4C0i0Zkt/5mjP
> hdEqxkQco9APRPlDrfC4CTxlYBHdnXbWIg2H/66rpk2eVLkxfyCkKwtomRTJQyNB
> AxZAADDqtMsAvGHqIlw01M4pcyfC30j7lnZYbBUAOIFvu7ULQDryQiPKaSN61E18
> CIN4DyR4gVWAmCLzCrejMceUS7ckLPukuaEcKJ/Vc7TGCAFWVkFwdrSDD3ME0Re4
> TRd8pGyCApflQTXPxSzR/ePEoV6balHnmVNSPhDJSTeWw6KJexbPb1XDlHpjdjCx
> lcliMmLwP/jzLAlJnMcbSb8A1f3CgDEDVpCIX7M11qkw7sTsjqdSmLsQ27NXMgU=
> =isXl
> -----END PGP SIGNATURE-----
>
>
>


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ITA CNS "Class not supported" error while accessing CNS1

Andrea Cremaschi
Hello again,

I got in touch with Emanuele, he confirmed that the issue I see is due to Secure Messaging.
Should the current implementation of SM in the project’s trunk work with Italian CNS too? If it could be of some interest for anyone in the list, I’d like to offer my support to test it with an actual CNS smart card (but I may use some tutorial).

As an alternative, Emanuele years ago submitted some patches that add SM support for itacns (https://www.opensc-project.org/opensc/ticket/177), but the patches were based on 0.11.4, and the moving to github broke the project’s history. is there an archive of the project’s source before 0.12.0 ? I looked on source forge but it seems not to be available anymore

ciao

a.


Il giorno 16/mar/2014, alle ore 19:31, Andrea Cremaschi <[hidden email]> ha scritto:

> Hi Martin,
> thank you for your reply and for the suggestion, I’ll try to get in touch with him.
> A.
>
> Il giorno 14/mar/2014, alle ore 20:54, Martin Paljak <[hidden email]> ha scritto:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hello,
>>
>>
>> Just a wild guess: signature key requires secure messaging and this is
>> not implemented in your card driver.
>>
>> Have you contacted the author? Emanuele Pucciarelli <[hidden email]>
>>
>> Martin
>>
>> On 14/03/14 17:25 , Andrea Cremaschi wrote:
>>> Hi
>>>
>>> I am encountering an issue while trying to login to a smart card
>>> via PKCS11 to access the private key that I should use for
>>> electronic signature. I am using two different Feitian Reader with
>>> an Italian CNS smart card, that should be fully supported by itacns
>>> module driver. The card contains two different certificates (CNS0
>>> and CNS1), one (CNS0) used for authentication and the other one
>>> (CNS1) for electronic signature. Everything is ok if I use the
>>> CNS0. When I try to access the CNS1 the card fails to login
>>> resulting in a CKR_GENERAL_ERROR. As I increase the debug level to
>>> 6 I can see that iso7816.c fails with "Class not supported" message
>>> right after sending the PIN via APDU (in attachment all the other
>>> relevant debug logs)
>>>
>>> How should I interpret this error? Am I doing something not
>>> implemented in the itacns module driver? How should I proceed to
>>> debug this further?
>>>
>>> Thanks Andrea Cremaschi
>>>
>>> $ OPENSC_DEBUG=6 pkcs11-tool --module
>>> /Library/OpenSC/lib/opensc-pkcs11.so -l -p <MYPIN> -t --token-label
>>> 'ANDREA CREMASCHI (PIN CNS1)'
>>>
>>> ? 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
>>> sec.c:157:sc_pin_cmd: called 0x7fff79804180 18:24:27.137
>>> [opensc-pkcs11] apdu.c:559:sc_transmit_apdu: called 0x7fff79804180
>>> 18:24:27.137 [opensc-pkcs11] card.c:364:sc_lock: called
>>> 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
>>> apdu.c:526:sc_transmit: called 0x7fff79804180 18:24:27.137
>>> [opensc-pkcs11] apdu.c:380:sc_single_transmit: called
>>> 0x7fff79804180 18:24:27.137 [opensc-pkcs11]
>>> apdu.c:385:sc_single_transmit: CLA:0, INS:20, P1:0, P2:9A, data(8)
>>> 0x7fff5fbfc857 0x7fff79804180 18:24:27.140733193388169
>>> [opensc-pkcs11] reader-pcsc.c:249:pcsc_transmit: reader 'Bluetooth
>>> Reader 00 00' 0x7fff79804180 18:24:27.140733193388169
>>> [opensc-pkcs11] apdu.c:185:sc_apdu_log: Outgoing APDU data [   13
>>> bytes] ===================================== < DATA OMITTED ( MY
>>> PIN ) >
>>> ======================================================================
>>>
>>>
>> 0x7fff79804180 18:24:27.4294967433 [opensc-pkcs11]
>> reader-pcsc.c:182:pcsc_internal_transmit: called
>>> 0x7fff79804180 18:24:27.-4294966908 [opensc-pkcs11]
>>> apdu.c:185:sc_apdu_log: Incoming APDU data [    2 bytes]
>>> ===================================== 6E 00 n.
>>> ======================================================================
>>>
>>>
>> 0x7fff79804180 18:24:27.4412750542095253892 [opensc-pkcs11]
>> apdu.c:395:sc_single_transmit: returning with: 0 (Success)
>>> 0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11]
>>> apdu.c:548:sc_transmit: returning with: 0 (Success) 0x7fff79804180
>>> 18:24:27.4294967684 [opensc-pkcs11] card.c:402:sc_unlock: called
>>> 0x7fff79804180 18:24:27.3763094162564448644 [opensc-pkcs11]
>>> iso7816.c:102:iso7816_check_sw: Class not supported 0x7fff79804180
>>> 18:24:27.4294967684 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning
>>> with: -1203 (Unsupported CLA byte in APDU) 0x7fff79804180
>>> 18:24:27.3616721591217422724 [opensc-pkcs11]
>>> pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1203
>>> 0x7fff79804180 18:24:27.140733193388420 [opensc-pkcs11]
>>> card.c:402:sc_unlock: called 0x7fff79804180 18:24:27.388
>>> [opensc-pkcs11] reader-pcsc.c:554:pcsc_unlock: called
>>> 0x7fff79804180 18:24:27.2332074268570943876 [opensc-pkcs11]
>>> pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: -1203
>>> (Unsupported CLA byte in APDU) 0x7fff79804180 18:24:27.388
>>> [opensc-pkcs11] framework-pkcs15.c:1464:pkcs15_login: PKCS15 verify
>>> PIN returned -1203 0x7fff79804180 18:24:27.140733193388420
>>> [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc
>>> return value: -1203 (Unsupported CLA byte in APDU) 0x7fff79804180
>>> 18:24:27.389 [opensc-pkcs11] pkcs11-global.c:287:C_Finalize:
>>> C_Finalize() 0x7fff79804180 18:24:27.4294967685 [opensc-pkcs11]
>>> ctx.c:764:sc_cancel: called ?
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>> Learn Graph Databases - Download FREE O'Reilly Book
>>> "Graph Databases" is the definitive new guide to graph databases
>>> and their applications. Written by three acclaimed leaders in the
>>> field, this first edition is now available. Download your free book
>>> today! http://p.sf.net/sfu/13534_NeoTech
>>>
>>>
>>>
>>> _______________________________________________ Opensc-devel
>>> mailing list [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>>
>> - --
>> Martin
>> +372 515 6495
>> -----BEGIN PGP SIGNATURE-----
>> Comment: Pretty good, eh?
>>
>> iQEcBAEBCAAGBQJTI16PAAoJEKzwIt3aPjKj5bcH/iqIWACp5LX4C0i0Zkt/5mjP
>> hdEqxkQco9APRPlDrfC4CTxlYBHdnXbWIg2H/66rpk2eVLkxfyCkKwtomRTJQyNB
>> AxZAADDqtMsAvGHqIlw01M4pcyfC30j7lnZYbBUAOIFvu7ULQDryQiPKaSN61E18
>> CIN4DyR4gVWAmCLzCrejMceUS7ckLPukuaEcKJ/Vc7TGCAFWVkFwdrSDD3ME0Re4
>> TRd8pGyCApflQTXPxSzR/ePEoV6balHnmVNSPhDJSTeWw6KJexbPb1XDlHpjdjCx
>> lcliMmLwP/jzLAlJnMcbSb8A1f3CgDEDVpCIX7M11qkw7sTsjqdSmLsQ27NXMgU=
>> =isXl
>> -----END PGP SIGNATURE-----
>>
>>
>>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
>


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ITA CNS "Class not supported" error while accessing CNS1

Roberto Resoli-2
On 18 marzo 2014 17:18:46 CET, Andrea Cremaschi
<[hidden email]> wrote:
 > Hello again,
 >
 > I got in touch with Emanuele, he confirmed that the issue I see is due
 > to Secure Messaging.
 > Should the current implementation of SM in the project’s trunk work
 > with Italian CNS too? If it could be of some interest for anyone in the
 > list, I’d like to offer my support to test it with an actual CNS smart
 > card (but I may use some tutorial).

The real problem with italian signature cards is that sm keys are used
as a vendor lock-in tool. Usually these are 3DES keys embedded in the
middleware (pkcs11 proprietary modules, in the cases I'm aware of),
and in Security Objects on the cards .
By the way, this is of course a very bad habit also for security.

If I remember well, SM implementation in OpenSC follows IAS-ECC
specification, where SM keys are per-session negotiated.

 > As an alternative, Emanuele years ago submitted some patches that add
 > SM support for itacns
 > (https://www.opensc-project.org/opensc/ticket/177), but the patches
 > were based on 0.11.4, and the moving to github broke the project’s
 > history. is there an archive of the project’s source before 0.12.0 ? I
 > looked on source forge but it seems not to be available anymore

In my opinion, it would not be good
for you (and for your users) to build new solutions on dead code.

ciao,
rob


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel