MuscleCard not usable with OpenSC

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

MuscleCard not usable with OpenSC

Florent Deybach
Hello,

I am using a Javacard which is compliant with Java Card 2.2.1 / GlobalPlatform 2.1.1

I am using opensc 0.13.0rc1.

I successfully compiled the MuscleApplet 0.9.11 using the JDK 1.4.1 and the JavaCard Kit 2.2.1 from Sun.
The applet was loaded into the card using GPJ and it is usable by muscleTool.
Partially because it seems I cannot generate RSA keys (but that is another issue)
As a proof:

root@ubuntu12-10:# muscleTool
MuscleCard shell - type "help" for help.
muscleTool > tokens
   1.    MuscleCard Applet

ListTokens Success.
muscleTool > connect 1
Connect Success.
muscleTool [MuscleCard Applet] > status
 Protocol Version: 0.1
 Software Version: 0.6
      Free Memory: 5998
     Total Memory: 6000
        PINs Used: 2
        Keys Used: 0
       Logged IDs: NONE
GetStatus Successful
muscleTool [MuscleCard Applet] >resume
Functions             Supported
-------------------------------
MSCGenerateKeys         
MSCImportKey            
MSCExportKey            
MSCComputeCrypt         
MSCExternalAuthenticate 
MSCListKeys             
MSCCreatePIN            
MSCVerifyPIN            
MSCChangePIN             X
MSCUnblockPIN            X
MSCListPINs             
MSCCreateObject         
MSCDeleteObject         
MSCWriteObject          
MSCReadObject           
MSCListObjects          
MSCLogoutAll             X
MSCGetChallenge          X
GetCapabilities Successful


The thing is that I cannot use my card with OpenSC.
I added the ATR card into the opensc.conf file in order to force the muscle driver :

card_atr 3B:F8:18:00:00:80:31:FE:45:00:73:C8:40:13:00:90:00:92 {
        driver = muscle;

}

However opensc tools don't work:

root@ubuntu12-10# pkcs15-tool -D
Using reader with a card: Gemalto USB Shell Token V2 00 00
PKCS#15 binding failed: Unsupported card
 
root@ubuntu12-10:# pkcs15-tool --list-applications
Using reader with a card: Gemalto USB Shell Token V2 00 00
PKCS#15 binding failed: Unsupported card


The attached debug output shows that no pkcs15 emulator is found (no emulator list in config file, trying all builtin emulators)

What is wrong?
Should I upgrade my opensc installation (I am using the one provided by Gooze - http://www.gooze.eu/)?

pkcs11-tool with libmusclepkcs11 seems to be a little more friendly:

root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1 -L
Available slots:
Slot 0 (0x1): Gemalto USB Shell Token V2 00 00
  token label        : MuscleCard Applet
  token manufacturer : Unknown MFR
  token model        : Unknown Model
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 6.0
  firmware version   : 1.0
  serial num         : 1
 
root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1 -M
Using slot 0 with a present token (0x1)
Supported mechanisms:
  RSA-PKCS, keySize={96,128}, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
  RSA-PKCS-KEY-PAIR-GEN, keySize={96,128}, generate, generate_key_pair
  SHA1-RSA-PKCS, encrypt, decrypt, sign, sign_recover, verify, verify_recover, generate, generate_key_pair, wrap, unwrap


But when it comes to generating keys:


root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1 -l -k --key-type rsa:2048 -p 00000000 --id 001
Using slot 0 with a present token (0x1)
Key pair generated:
Private Key Object; RSA
warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

  ID:         4b45593030303030303030303030303030303030
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Public Key Object; RSA 0 bits
warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

  ID:         4b45593030303030303030303030303030303031
warning: PKCS11 function C_GetAttributeValue(ENCRYPT) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

warning: PKCS11 function C_GetAttributeValue(VERIFY) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

warning: PKCS11 function C_GetAttributeValue(WRAP) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

  Usage:      none

Thanks is advance

Cheers

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

debug.txt (31K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: MuscleCard not usable with OpenSC

Martin Paljak-4
Hello,


Keep in mind that muscle applet and OpenSC don't match. If you crate
keys the "muscle way" they are not visible to OpenSC, which depends on
virtual objects that get mapped to file system and contain the
necessary directory files. Yet keys created by OpenSC should be usable
though muscle pkcs11.



--
Martin
+372 5156495


On Fri, Apr 19, 2013 at 6:56 PM, Florent Deybach <[hidden email]> wrote:

> Hello,
>
> I am using a Javacard which is compliant with Java Card 2.2.1 /
> GlobalPlatform 2.1.1
>
> I am using opensc 0.13.0rc1.
>
> I successfully compiled the MuscleApplet 0.9.11 using the JDK 1.4.1 and the
> JavaCard Kit 2.2.1 from Sun.
> The applet was loaded into the card using GPJ and it is usable by
> muscleTool.
> Partially because it seems I cannot generate RSA keys (but that is another
> issue)
> As a proof:
>
>> root@ubuntu12-10:# muscleTool
>> MuscleCard shell - type "help" for help.
>> muscleTool > tokens
>>    1.    MuscleCard Applet
>>
>> ListTokens Success.
>> muscleTool > connect 1
>> Connect Success.
>> muscleTool [MuscleCard Applet] > status
>>  Protocol Version: 0.1
>>  Software Version: 0.6
>>       Free Memory: 5998
>>      Total Memory: 6000
>>         PINs Used: 2
>>         Keys Used: 0
>>        Logged IDs: NONE
>> GetStatus Successful
>> muscleTool [MuscleCard Applet] >resume
>> Functions             Supported
>> -------------------------------
>> MSCGenerateKeys
>> MSCImportKey
>> MSCExportKey
>> MSCComputeCrypt
>> MSCExternalAuthenticate
>> MSCListKeys
>> MSCCreatePIN
>> MSCVerifyPIN
>> MSCChangePIN             X
>> MSCUnblockPIN            X
>> MSCListPINs
>> MSCCreateObject
>> MSCDeleteObject
>> MSCWriteObject
>> MSCReadObject
>> MSCListObjects
>> MSCLogoutAll             X
>> MSCGetChallenge          X
>> GetCapabilities Successful
>>
>
> The thing is that I cannot use my card with OpenSC.
> I added the ATR card into the opensc.conf file in order to force the muscle
> driver :
>
>> card_atr 3B:F8:18:00:00:80:31:FE:45:00:73:C8:40:13:00:90:00:92 {
>>         driver = muscle;
>>
>> }
>
>
> However opensc tools don't work:
>
>> root@ubuntu12-10# pkcs15-tool -D
>> Using reader with a card: Gemalto USB Shell Token V2 00 00
>> PKCS#15 binding failed: Unsupported card
>
>
>>
>> root@ubuntu12-10:# pkcs15-tool --list-applications
>> Using reader with a card: Gemalto USB Shell Token V2 00 00
>> PKCS#15 binding failed: Unsupported card
>>
>
> The attached debug output shows that no pkcs15 emulator is found (no
> emulator list in config file, trying all builtin emulators)
>
> What is wrong?
> Should I upgrade my opensc installation (I am using the one provided by
> Gooze - http://www.gooze.eu/)?
>
> pkcs11-tool with libmusclepkcs11 seems to be a little more friendly:
>
>> root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1
>> -L
>> Available slots:
>> Slot 0 (0x1): Gemalto USB Shell Token V2 00 00
>>   token label        : MuscleCard Applet
>>   token manufacturer : Unknown MFR
>>   token model        : Unknown Model
>>   token flags        : rng, login required, PIN initialized, token
>> initialized
>>   hardware version   : 6.0
>>   firmware version   : 1.0
>>   serial num         : 1
>
>
>>
>> root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1
>> -M
>> Using slot 0 with a present token (0x1)
>> Supported mechanisms:
>>   RSA-PKCS, keySize={96,128}, encrypt, decrypt, sign, sign_recover,
>> verify, verify_recover, wrap, unwrap
>>   RSA-PKCS-KEY-PAIR-GEN, keySize={96,128}, generate, generate_key_pair
>>   SHA1-RSA-PKCS, encrypt, decrypt, sign, sign_recover, verify,
>> verify_recover, generate, generate_key_pair, wrap, unwrap
>
>
>
> But when it comes to generating keys:
>
>
>> root@ubuntu12-10:# pkcs11-tool --module=/usr/lib/libmusclepkcs11.so.0.0.1
>> -l -k --key-type rsa:2048 -p 00000000 --id 001
>> Using slot 0 with a present token (0x1)
>> Key pair generated:
>> Private Key Object; RSA
>> warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>>   ID:         4b45593030303030303030303030303030303030
>>   Usage:      decrypt, sign, unwrap
>> warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed:
>> rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> Public Key Object; RSA 0 bits
>> warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>>   ID:         4b45593030303030303030303030303030303031
>> warning: PKCS11 function C_GetAttributeValue(ENCRYPT) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> warning: PKCS11 function C_GetAttributeValue(VERIFY) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>> warning: PKCS11 function C_GetAttributeValue(WRAP) failed: rv =
>> CKR_ATTRIBUTE_TYPE_INVALID (0x12)
>>
>>   Usage:      none
>
>
> Thanks is advance
>
> Cheers
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel