Oberthur Cosmo v7.0-n card support

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Oberthur Cosmo v7.0-n card support

Fabian Leiros Carrera
Hello everyone,

I'm trying to make OpenSC work with different models of Oberthur smartcards:

- Cosmo64 RSA v5.2 (applet: 2.17)
- Cosmo v7.0-n (applet: 2.17)

Up until now I only have been able to make the first card model work with OpenSC 0.14.0.

After reading this https://github.com/OpenSC/OpenSC/wiki/Oberthur-AuthentIC-applet-v2.2 I assumed that Cosmo v7.0-n model is not supported, but I am not quite sure.

Could anyone confirm if Cosmo v7.0-n model is supported by OpenSC please?

If no, what would need to be done in order to support it?

If it is supported, I am detailing at the end of the email how I am installing and setting up OpenSC. What am I doing wrong?

Thank you so much for your help.
Best regards
Fabián

------------------------------------------------------------------------------------------------------------------

- Install both x86 and x64 versions of OpenSC on a Windows 7 x64 computer
- Add a new entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\" for Cosmo64 RSA v5.2 including its ATR:

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthenticV5]
        "80000001"="opensc-minidriver.dll"
        "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
        "ATR"=hex:3b,7d,18,00,00,00,31,80,71,8e,64,77,e3,01,00,82,90,00
        "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
        "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"

- Add the same entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\"
- Restart "Certificate Propagation" service.

- Plug-in the Cosmo64 RSA v5.2:
        - the certificate will be imported correctly to Windows certificate store.
        - "opensc-tool.exe -n" will return the name of the card correctly
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                AuthentIC v5

        -  "opensc-tool.exe -a" returns the card's ATR
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:7d:18:00:00:00:31:80:71:8e:64:77:e3:01:00:82:90:00

        - "pkcs15-tool.exe -c" will output information about my certificate

- So far, so good, so now I add two new Registry entries, on both x86 and x64 hives, for the Cosmo v7.0-n card:

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthentIC v7]
        "80000001"="opensc-minidriver.dll"
        "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
        "ATR"=hex:3b,5b,96,00,00,31,c0,64,ba,fc,10,00,0f,90,00
        ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
        "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"

- Now I plug in the Cosmo v7.0-n card and:
        - the certificate is not imported to Windows certificate store.
        -"opensc-tool -n" returns " Unsupported card"
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Unsupported card

        - "opensc-tool.exe -a" returns the card's ATR
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00

        - "pkcs15-tool.exe -c" also returns an error:
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: Card is invalid or cannot be handled

- "opensc-tool.exe --list-drivers " shows two Oberthur drivers:
        oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
        authentic        Oberthur AuthentIC v3.1

- I add a new "atr" entry on "opensc.conf" at "Program Files" and "Program Files (x86)" folders:

        # Oberthur's AuthentIC v7
        card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
                                type = 11100;
                                driver = "authentic";
                                name = "AuthentIC v7";
                }

- Plug in the Cosmo v7.0-n card and:
        -"opensc-tool -n" changes its output:
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

        - Same thing with "opensc-tool.exe -a":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

        - And with "pkcs15-tool.exe -c":
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                Failed to connect to card: File not found

- Now I change the "atr" entries on "opensc.conf" files to:

        # Oberthur's AuthentIC v7
        card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
                                type = 11100;
                                driver = "oberthur";
                                name = "AuthentIC v7";
                }

- And I get this outputs with Cosmo v7.0-n card plugged in:
        -"opensc-tool -n":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                AuthentIC v5

        -"opensc-tool -a":
                C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00

        - "pkcs15-tool.exe -c":
                C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
                Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
                PKCS#15 binding failed: Unsupported card

________________________________

AVISO DE CONFIDENCIALIDAD.
Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene información confidencial cuyo uso, copia, reproducción o distribución está expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de ningún modo.

CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur Cosmo v7.0-n card support

Douglas E Engert


On 5/26/2015 7:01 AM, Fabian Leiros Carrera wrote:
> Hello everyone,
>
> I'm trying to make OpenSC work with different models of Oberthur smartcards:
>
> - Cosmo64 RSA v5.2 (applet: 2.17)
> - Cosmo v7.0-n (applet: 2.17)

How did you get them?
Are the blank?
Did you get a manual with transport keys, etc.

Do they an applet on the card?

Card issuers like governments, usually have the manufacturer provide the cards with
an applet installed. You could write an applet, like muscle to the card,
but you need the manual with the keys.

Google for: Oberthur Cosmo v7.0-n muscle
or Oberthur Cosmo v7.0-n

>
> Up until now I only have been able to make the first card model work with OpenSC 0.14.0.
>
> After reading this https://github.com/OpenSC/OpenSC/wiki/Oberthur-AuthentIC-applet-v2.2 I assumed that Cosmo v7.0-n model is not supported, but I am not quite sure.
>
> Could anyone confirm if Cosmo v7.0-n model is supported by OpenSC please?
>
> If no, what would need to be done in order to support it?
>
> If it is supported, I am detailing at the end of the email how I am installing and setting up OpenSC. What am I doing wrong?
>
> Thank you so much for your help.
> Best regards
> Fabián
>
> ------------------------------------------------------------------------------------------------------------------
>
> - Install both x86 and x64 versions of OpenSC on a Windows 7 x64 computer
> - Add a new entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\" for Cosmo64 RSA v5.2 including its ATR:
>
>          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthenticV5]
>          "80000001"="opensc-minidriver.dll"
>          "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
>          "ATR"=hex:3b,7d,18,00,00,00,31,80,71,8e,64,77,e3,01,00,82,90,00
>          "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>          "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
>
> - Add the same entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\"
> - Restart "Certificate Propagation" service.
>
> - Plug-in the Cosmo64 RSA v5.2:
>          - the certificate will be imported correctly to Windows certificate store.
>          - "opensc-tool.exe -n" will return the name of the card correctly
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  AuthentIC v5
>
>          -  "opensc-tool.exe -a" returns the card's ATR
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  3b:7d:18:00:00:00:31:80:71:8e:64:77:e3:01:00:82:90:00
>
>          - "pkcs15-tool.exe -c" will output information about my certificate
>
> - So far, so good, so now I add two new Registry entries, on both x86 and x64 hives, for the Cosmo v7.0-n card:
>
>          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthentIC v7]
>          "80000001"="opensc-minidriver.dll"
>          "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
>          "ATR"=hex:3b,5b,96,00,00,31,c0,64,ba,fc,10,00,0f,90,00
>          ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>          "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
>
> - Now I plug in the Cosmo v7.0-n card and:
>          - the certificate is not imported to Windows certificate store.
>          -"opensc-tool -n" returns " Unsupported card"
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Unsupported card
>
>          - "opensc-tool.exe -a" returns the card's ATR
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00
>
>          - "pkcs15-tool.exe -c" also returns an error:
>                  C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: Card is invalid or cannot be handled
>
> - "opensc-tool.exe --list-drivers " shows two Oberthur drivers:
>          oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
>          authentic        Oberthur AuthentIC v3.1
>
> - I add a new "atr" entry on "opensc.conf" at "Program Files" and "Program Files (x86)" folders:
>
>          # Oberthur's AuthentIC v7
>          card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
>                                  type = 11100;
>                                  driver = "authentic";
>                                  name = "AuthentIC v7";
>                  }
>
> - Plug in the Cosmo v7.0-n card and:
>          -"opensc-tool -n" changes its output:
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: File not found
>
>          - Same thing with "opensc-tool.exe -a":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: File not found
>
>          - And with "pkcs15-tool.exe -c":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: File not found
>
> - Now I change the "atr" entries on "opensc.conf" files to:
>
>          # Oberthur's AuthentIC v7
>          card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
>                                  type = 11100;
>                                  driver = "oberthur";
>                                  name = "AuthentIC v7";
>                  }
>
> - And I get this outputs with Cosmo v7.0-n card plugged in:
>          -"opensc-tool -n":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  AuthentIC v5
>
>          -"opensc-tool -a":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00
>
>          - "pkcs15-tool.exe -c":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  PKCS#15 binding failed: Unsupported card
>
> ________________________________
>
> AVISO DE CONFIDENCIALIDAD.
> Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene información confidencial cuyo uso, copia, reproducción o distribución está expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de ningún modo.
>
> CONFIDENTIALITY WARNING.
> This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur Cosmo v7.0-n card support

Fabian Leiros Carrera


On 5/26/2015 7:01 AM, Fabian Leiros Carrera wrote:
> Hello everyone,
>
> I'm trying to make OpenSC work with different models of Oberthur smartcards:
>
> - Cosmo64 RSA v5.2 (applet: 2.17)
> - Cosmo v7.0-n (applet: 2.17)

Thank you for your answer Douglas

> How did you get them?
I got them from a client who is currently using Oberthur's AWP and who is considering the possibility of changing to OpenSC.

> Are the blank?
No they are not, both cards are initialized.

>Did you get a manual with transport keys, etc.
No, I didn't

>Do they an applet on the card?
 I am quite new to this technologies and I am not really sure, but I suppose they do because Oberthur's software (Authentic Web Pack) shows an "Applet: 2.17" line in the card's information tab.

>Card issuers like governments, usually have the manufacturer provide the cards with an applet installed. You could write an applet, like muscle to the card, but you need the manual with the keys.
Could you elaborate on this please? What will this applet do? How will it allow OpenSC to recognise the v7.0-n cards?

>Google for: Oberthur Cosmo v7.0-n muscle or Oberthur Cosmo v7.0-n
>
> Up until now I only have been able to make the first card model work with OpenSC 0.14.0.
>
> After reading this https://github.com/OpenSC/OpenSC/wiki/Oberthur-AuthentIC-applet-v2.2 I assumed that Cosmo v7.0-n model is not supported, but I am not quite sure.
>
> Could anyone confirm if Cosmo v7.0-n model is supported by OpenSC please?
>
> If no, what would need to be done in order to support it?
>
> If it is supported, I am detailing at the end of the email how I am installing and setting up OpenSC. What am I doing wrong?
>
> Thank you so much for your help.
> Best regards
> Fabián
>
> ----------------------------------------------------------------------
> --------------------------------------------
>
> - Install both x86 and x64 versions of OpenSC on a Windows 7 x64
> computer
> - Add a new entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\" for Cosmo64 RSA v5.2 including its ATR:
>
>          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthenticV5]
>          "80000001"="opensc-minidriver.dll"
>          "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
>          "ATR"=hex:3b,7d,18,00,00,00,31,80,71,8e,64,77,e3,01,00,82,90,00
>          "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>          "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
>
> - Add the same entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\"
> - Restart "Certificate Propagation" service.
>
> - Plug-in the Cosmo64 RSA v5.2:
>          - the certificate will be imported correctly to Windows certificate store.
>          - "opensc-tool.exe -n" will return the name of the card correctly
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  AuthentIC v5
>
>          -  "opensc-tool.exe -a" returns the card's ATR
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  3b:7d:18:00:00:00:31:80:71:8e:64:77:e3:01:00:82:90:00
>
>          - "pkcs15-tool.exe -c" will output information about my
> certificate
>
> - So far, so good, so now I add two new Registry entries, on both x86 and x64 hives, for the Cosmo v7.0-n card:
>
>          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthentIC v7]
>          "80000001"="opensc-minidriver.dll"
>          "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
>          "ATR"=hex:3b,5b,96,00,00,31,c0,64,ba,fc,10,00,0f,90,00
>          ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>          "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
>
> - Now I plug in the Cosmo v7.0-n card and:
>          - the certificate is not imported to Windows certificate store.
>          -"opensc-tool -n" returns " Unsupported card"
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Unsupported card
>
>          - "opensc-tool.exe -a" returns the card's ATR
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00
>
>          - "pkcs15-tool.exe -c" also returns an error:
>                  C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: Card is invalid or cannot
> be handled
>
> - "opensc-tool.exe --list-drivers " shows two Oberthur drivers:
>          oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
>          authentic        Oberthur AuthentIC v3.1
>
> - I add a new "atr" entry on "opensc.conf" at "Program Files" and "Program Files (x86)" folders:
>
>          # Oberthur's AuthentIC v7
>          card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
>                                  type = 11100;
>                                  driver = "authentic";
>                                  name = "AuthentIC v7";
>                  }
>
> - Plug in the Cosmo v7.0-n card and:
>          -"opensc-tool -n" changes its output:
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: File not found
>
>          - Same thing with "opensc-tool.exe -a":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: File not found
>
>          - And with "pkcs15-tool.exe -c":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  Failed to connect to card: File not found
>
> - Now I change the "atr" entries on "opensc.conf" files to:
>
>          # Oberthur's AuthentIC v7
>          card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
>                                  type = 11100;
>                                  driver = "oberthur";
>                                  name = "AuthentIC v7";
>                  }
>
> - And I get this outputs with Cosmo v7.0-n card plugged in:
>          -"opensc-tool -n":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  AuthentIC v5
>
>          -"opensc-tool -a":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00
>
>          - "pkcs15-tool.exe -c":
>                  C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>                  Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>                  PKCS#15 binding failed: Unsupported card





> ----------------------------------------------------------------------
> -------- One dashboard for servers and applications across
> Physical-Virtual-Cloud Widest out-of-the-box monitoring support with
> 50+ applications Performance metrics, stats and reports that give you
> Actionable Insights Deep dive visibility with transaction tracing
> using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

________________________________

AVISO DE CONFIDENCIALIDAD.
Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene información confidencial cuyo uso, copia, reproducción o distribución está expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de ningún modo.

CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur Cosmo v7.0-n card support

Viktor Tarasov-3
Hi,

support of Oberthur's cards has been implemented long time ago, and have not been updated for the new cards.

AuthentIC applet has (had) it's own file system, not PKCS#15. OpenSC implements emulator PKCS#15 for 'read' and 'write' mode.
You can get an insight onto this file system from pkcs15-init profile files (authentic.profile, oberthur.profile).

On your place I would start from looking onto dialog between card and the native Oberthur's MW, using the USB sniffer.
 From here, with a little chance, you will get know the AIDs, expected file system, expected content, ...

Best regards,
Viktor.






On 06/02/2015 10:38 AM, Fabian Leiros Carrera wrote:

> On 5/26/2015 7:01 AM, Fabian Leiros Carrera wrote:
>> Hello everyone,
>>
>> I'm trying to make OpenSC work with different models of Oberthur smartcards:
>>
>> - Cosmo64 RSA v5.2 (applet: 2.17)
>> - Cosmo v7.0-n (applet: 2.17)
> Thank you for your answer Douglas
>
>> How did you get them?
> I got them from a client who is currently using Oberthur's AWP and who is considering the possibility of changing to OpenSC.
>
>> Are the blank?
> No they are not, both cards are initialized.
>
>> Did you get a manual with transport keys, etc.
> No, I didn't
>
>> Do they an applet on the card?
>   I am quite new to this technologies and I am not really sure, but I suppose they do because Oberthur's software (Authentic Web Pack) shows an "Applet: 2.17" line in the card's information tab.
>
>> Card issuers like governments, usually have the manufacturer provide the cards with an applet installed. You could write an applet, like muscle to the card, but you need the manual with the keys.
> Could you elaborate on this please? What will this applet do? How will it allow OpenSC to recognise the v7.0-n cards?
>
>> Google for: Oberthur Cosmo v7.0-n muscle or Oberthur Cosmo v7.0-n
>>
>> Up until now I only have been able to make the first card model work with OpenSC 0.14.0.
>>
>> After reading this https://github.com/OpenSC/OpenSC/wiki/Oberthur-AuthentIC-applet-v2.2 I assumed that Cosmo v7.0-n model is not supported, but I am not quite sure.
>>
>> Could anyone confirm if Cosmo v7.0-n model is supported by OpenSC please?
>>
>> If no, what would need to be done in order to support it?
>>
>> If it is supported, I am detailing at the end of the email how I am installing and setting up OpenSC. What am I doing wrong?
>>
>> Thank you so much for your help.
>> Best regards
>> Fabián
>>
>> ----------------------------------------------------------------------
>> --------------------------------------------
>>
>> - Install both x86 and x64 versions of OpenSC on a Windows 7 x64
>> computer
>> - Add a new entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\" for Cosmo64 RSA v5.2 including its ATR:
>>
>>           [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthenticV5]
>>           "80000001"="opensc-minidriver.dll"
>>           "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
>>           "ATR"=hex:3b,7d,18,00,00,00,31,80,71,8e,64,77,e3,01,00,82,90,00
>>           "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>>           "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
>>
>> - Add the same entry at "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\"
>> - Restart "Certificate Propagation" service.
>>
>> - Plug-in the Cosmo64 RSA v5.2:
>>           - the certificate will be imported correctly to Windows certificate store.
>>           - "opensc-tool.exe -n" will return the name of the card correctly
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   AuthentIC v5
>>
>>           -  "opensc-tool.exe -a" returns the card's ATR
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   3b:7d:18:00:00:00:31:80:71:8e:64:77:e3:01:00:82:90:00
>>
>>           - "pkcs15-tool.exe -c" will output information about my
>> certificate
>>
>> - So far, so good, so now I add two new Registry entries, on both x86 and x64 hives, for the Cosmo v7.0-n card:
>>
>>           [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\AuthentIC v7]
>>           "80000001"="opensc-minidriver.dll"
>>           "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
>>           "ATR"=hex:3b,5b,96,00,00,31,c0,64,ba,fc,10,00,0f,90,00
>>           ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
>>           "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
>>
>> - Now I plug in the Cosmo v7.0-n card and:
>>           - the certificate is not imported to Windows certificate store.
>>           -"opensc-tool -n" returns " Unsupported card"
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   Unsupported card
>>
>>           - "opensc-tool.exe -a" returns the card's ATR
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00
>>
>>           - "pkcs15-tool.exe -c" also returns an error:
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   Failed to connect to card: Card is invalid or cannot
>> be handled
>>
>> - "opensc-tool.exe --list-drivers " shows two Oberthur drivers:
>>           oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
>>           authentic        Oberthur AuthentIC v3.1
>>
>> - I add a new "atr" entry on "opensc.conf" at "Program Files" and "Program Files (x86)" folders:
>>
>>           # Oberthur's AuthentIC v7
>>           card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
>>                                   type = 11100;
>>                                   driver = "authentic";
>>                                   name = "AuthentIC v7";
>>                   }
>>
>> - Plug in the Cosmo v7.0-n card and:
>>           -"opensc-tool -n" changes its output:
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   Failed to connect to card: File not found
>>
>>           - Same thing with "opensc-tool.exe -a":
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   Failed to connect to card: File not found
>>
>>           - And with "pkcs15-tool.exe -c":
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   Failed to connect to card: File not found
>>
>> - Now I change the "atr" entries on "opensc.conf" files to:
>>
>>           # Oberthur's AuthentIC v7
>>           card_atr 3B:5B:96:00:00:31:C0:64:BA:FC:10:00:0F:90:00 {
>>                                   type = 11100;
>>                                   driver = "oberthur";
>>                                   name = "AuthentIC v7";
>>                   }
>>
>> - And I get this outputs with Cosmo v7.0-n card plugged in:
>>           -"opensc-tool -n":
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -n
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   AuthentIC v5
>>
>>           -"opensc-tool -a":
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool.exe -a
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   3b:5b:96:00:00:31:c0:64:ba:fc:10:00:0f:90:00
>>
>>           - "pkcs15-tool.exe -c":
>>                   C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe -c
>>                   Using reader with a card: SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0
>>                   PKCS#15 binding failed: Unsupported card
>
>
>
>
>> ----------------------------------------------------------------------
>> -------- One dashboard for servers and applications across
>> Physical-Virtual-Cloud Widest out-of-the-box monitoring support with
>> 50+ applications Performance metrics, stats and reports that give you
>> Actionable Insights Deep dive visibility with transaction tracing
>> using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
> --
>
>    Douglas E. Engert  <[hidden email]>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
> ________________________________
>
> AVISO DE CONFIDENCIALIDAD.
> Este correo y la información contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene información confidencial cuyo uso, copia, reproducción o distribución está expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminación sin copiarlo, imprimirlo o utilizarlo de ningún modo.
>
> CONFIDENTIALITY WARNING.
> This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel