Oberthur smartcard driver

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Oberthur smartcard driver

Vieri


Hi,

I'm new to the world of smartcards so please bear with me.

Let's see if I have the general idea of how things usually work. One needs to have a driver in order to access the "card reader". However, one also needs another driver to access the "card itself". Some cards may have a proprietary format or a proprietary access method.
Is that right?

If so, according to the data I'm posting further down, I seem to have a ccid-compatible reader (so pcsc-lite+ccid is all I need in order to communicate with the reader) and an Oberthur smartcard that *requires* a specific driver. Is that what you may call "middleware"?

So after installing pcsc-lite and ccid on my Linux distro I can see the reader and I can detect events such as "card inserted", "card removed" (pcsc_scan).

I downloaded a card driver from a web site I found when reading the output of pcsc_scan (when it actually read some general card information).
Unfortunately the Oberthur card driver package is binary-only and the only thing of interest in its README file is that once the binary files are installed "the P11 cryptoki module is ready to be loaded and used in the preferred application (Firefox, Thunderbird etc.)".
I have a text console-only linux system and all I wish to do now is make sure I can access the certificate that's on the smartcard (I don't need to use it in a web browser).
I'm hoping to do this on the command line somehow.

Here's are the files within the extracted car driver package:

# ls -lR ./
./:
total 4
drwxr-xr-x 5 root root  120 abr  7 10:42 usr
-rwxr--r-- 1 root root 3680 feb  3  2010 WP_README_V1.3.txt

./usr:
total 1
drwxr-xr-x 2 root root 632 abr  7 14:12 lib
drwxr-xr-x 3 root root  72 abr  7 10:42 local
drwxr-xr-x 3 root root  72 abr  7 10:42 share

./usr/lib:
total 9112
lrwxrwxrwx 1 root     root              29 abr  7 14:11 libOcsAuthentIC22Mod.so -> libOcsAuthentIC22Mod.so.1.3.0
-rwxr--r-- 1 root root 1304138 dic  9  2009 libOcsAuthentIC22Mod.so.1.3.0
lrwxrwxrwx 1 root     root              23 abr  7 14:11 libOcsCryptoki.so -> libOcsCryptoki.so.1.3.0
-rwxr--r-- 1 root root 3316353 dic  9  2009 libOcsCryptoki.so.1.3.0
lrwxrwxrwx 1 root     root              18 abr  7 14:11 libOcsIAS.so -> libOcsIAS.so.1.3.0
-rwxr--r-- 1 root root 1556637 dic  9  2009 libOcsIAS.so.1.3.0
lrwxrwxrwx 1 root     root              30 abr  7 14:11 libOcsIDOneClassicMod.so -> libOcsIDOneClassicMod.so.1.3.0
-rwxr--r-- 1 root root 1292262 dic  9  2009 libOcsIDOneClassicMod.so.1.3.0
lrwxrwxrwx 1 root     root              27 abr  7 14:11 libOcsIDOneLiteMod.so -> libOcsIDOneLiteMod.so.1.3.0
-rwxr--r-- 1 root root 1432954 dic  9  2009 libOcsIDOneLiteMod.so.1.3.0
lrwxrwxrwx 1 root     root              28 abr  7 14:11 libOcsReaderOmnikey.so -> libOcsReaderOmnikey.so.1.3.0
-rwxr--r-- 1 root root  190789 dic  9  2009 libOcsReaderOmnikey.so.1.3.0
lrwxrwxrwx 1 root     root              24 abr  7 14:12 libOcsReaderStd.so -> libOcsReaderStd.so.1.3.0
-rwxr--r-- 1 root root  214694 dic  9  2009 libOcsReaderStd.so.1.3.0

./usr/local:
total 0
drwxr-xr-x 2 root root 152 abr  7 10:42 OCS

./usr/local/OCS:
total 20
-rwxr--r-- 1 root root 6569 dic  9  2009 OCSMiddlewareConf.xml
-rwxr--r-- 1 root root 6576 dic  9  2009 Omnikey.png
-rwxr--r-- 1 root root 3290 dic  9  2009 WP_README.txt

# cat usr/local/OCS/OCSMiddlewareConf.xml
<?xml version="1.0"?>
<Middleware>
        <Configuration>
                <Log Activate="0" Path="" DebugLevel="NO"></Log>
                <CachePin Activate="1" CspCache="1"></CachePin>
                <CacheData Activate="1"></CacheData>
                <ContainerCreation EmptyAuthorized="1"></ContainerCreation>
                <DialogBox WaitDialogBox="1"></DialogBox>
        </Configuration>
        <Readers>
                <CardMan3621 Name="OMNIKEY CardMan 3621" Library="OcsReaderOmnikeyCCID"></CardMan3621>
                <CardMan3821 Name="OMNIKEY CardMan 3821" Library="OcsReaderOmnikeyCCID"></CardMan3821>
                <CardMan8630 Name="OMNIKEY CardMan 8630" Library="OcsReaderOmnikey"></CardMan8630>
                <XSignPKI Name="XIRING XI-SIGN USB" Library="OcsReaderPCSC2"></XSignPKI>
                <XiSign6100 Name="MCI_OSR_0205:XIRING XSignUSB" Library="OcsReaderXiring"></XiSign6100>
                <XiSign6100 Name="MCI_OSR_0205:XIRING XSignUSB" Library="OcsReaderXiring"></XiSign6100>
                <ID3Biometric Name="id3 Semiconductors BIOTHENTIC USB" Library="OcsReaderBioAuthentIC"></ID3Biometric>
                <Covadis Name="Covadis USB Pinpad Vega-Alpha" Library="OcsReaderPCSC2"></Covadis>
        </Readers>
        <SmartCard>
        <IDOneClassicT1 ATR="3BFB1800008131FE450031C06477E9100000900062" ATRMask="FFFF00FFFF00FFFFFFFFFFFFFFFFFFFFFF00FFFF00" Library="libOcsIDOneClassicMod.so" Aid="A0000000770103000610000000000002"></IDOneClassicT1>
        <IDOneClassicT0 ATR="3B7B1800000031C06477E910000F9000" ATRMask="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" Library="libOcsIDOneClassicMod.so" Aid="A0000000770103000610000000000002"></IDOneClassicT0>
        <AuthentICCardv220T0 ATR="3b00000000003180718e6477e30000809000" ATRMask="ff0000ffffffffffffffffffff00ff00ffff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T0>
        <AuthentICCardv220T054 ATR="3b7d0000000031c06477e30400009000" ATRMask="ffff00ffffffffffffffffffff00ffff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T054>
        <AuthentICCardv220T154 ATR="3B009600008031FE450031C06477E0000000900000" ATRMask="FF00FFFFFFFFFFFFFFFFFFFFFFFFF0000000FFFF00" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T154>
        <AuthentICCardv220T0523 ATR="3b000000000031c06400000000009000" ATRMask="ff0000ffffffffffff000000ff00ffff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T0523>
        <AuthentICCardv220T1 ATR="3b000000008131fe45003180718e6477e30000809000" ATRMask="ff0000ffffffffffffffffffffffffffff00fff0ff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T1>
        <AuthentICCardv220T1523 ATR="3b000000008131fe450031c06400000000819000" ATRMask="f0000ffffffffffffffffffff000000ffffffff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T1523>
        <AuthentIC22TokenUSB ATR="3bfb1100008131fe450031c06477e910000090006a" ATRMask="ffff00ffffffffffffffffffffffffffff00ffff00" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentIC22TokenUSB>
        <AuthentICCardv220T0 ATR="3b00000000003180718e6477e30000809000" ATRMask="ff0000ffffffffffffffffffff00ff00ffff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentICCardv220T0>
        <AuthentIC22Token ATR="3B7F1800000031C0739E010B6452D90500829000" ATRMask="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentIC22Token>
        <SSIDAuthentICCardv220T0 ATR="3BFB1100008131FE450031C06477E910000090006A" ATRMask="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" Library="libOcsAuthentIC22Mod.so" Aid="A000000341000001"></SSIDAuthentICCardv220T0>
        <IDOneClassicT11 ATR="3B000000008031FE450031C06477E9100000900000" ATRMask="FF0000FFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFF00" Library="libOcsIDOneClassicMod.so" Aid="A0000000770103000610000000000002"></IDOneClassicT11>
        <AuthentICCardv220T051 ATR="3BFD9600008031FE45003180718E6477E30200009000" ATRMask="ffff00ffffffffffffffffffff00ffffffffff00ffff" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F1000000023"></AuthentICCardv220T051>
        <IDOneLite ATR="3B000000000031C06400000100009000" ATRMask="FF0000FFFFFFFFFFFF0000FFFF00FFFF" Library="libOcsIDOneLiteMod.so" Aid="A000000077018383081000F100000001"></IDOneLite>
        <IDOneLiteBanking ATR="3B0000000031C06495EA0100829000" ATRMask="FF0000FFFFFFFFFFFFFFFFFF00FFFF" Library="libOcsIDOneLiteMod.so" Aid="A000000077018383081000F100000001"></IDOneLiteBanking>
        <IAS-ECCv1.01 ATR="3BDF96008031FE45003100640000ECC17300010082900000" ATRMask="FFFFFFFFFFFFFFFFFFFF00FF0000FFFFFF00FF00FFFFFF00" Library="libOcsIASMod.so" Aid="A000000077010800070000FE00000100"></IAS-ECCv1.01>
        <IDOneClassicv7 ATR="3B00000080B1FE451F830031C0640000000000900000" ATRMask="FF0000FFFFFFFFFFFFFFFFFFFFFF000000FF00FFFF00" Library="libOcsIDOneClassicMod.so" Aid="A0000000770103000610000000000002"></IDOneClassicv7>
        <IASMiniDriver ATR="3B0000008131FE4580F9A00000007701080000900000" ATRMask="FF0000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFF00" Library="libOcsIASMod.so" Aid="A000000077010800070000FE00000100"></IASMiniDriver>
        <IDOneClassicMiniDriver ATR="3B0000008131FE4580F9A00000007701030006900000" ATRMask="ff0000ffffffffffffffffffffffffffffffffffff00" Library="libOcsIDOneClassicMod.so" Aid="A0000000770103000610000000000002"></IDOneClassicMiniDriver>
        <BioAuthentICV3 ATR="3B00000080B1FE451F830031C06400FC100000900000" ATRMask="FF0000FFFFFFFFFFFFFFFFFFFFFF00FFFFFF00FFFF00" Library="libOcsBioAuthentICV3Mod.so" Aid="A000000077010303051000F100000003"></BioAuthentICV3>
        <AuthentIC22v7 ATR="3B00000080B1FE451F830031C0640000000000900000" ATRMask="FF0000FFFFFFFFFFFFFFFFFFFFFF0000000000FFFF00" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentIC22v7>
        <IDOneLitev7 ATR="3B00000080B1FE451F830031C0640000000000900000" ATRMask="FF0000FFFFFFFFFFFFFFFFFFFFFF0000000000FFFF00" Library="libOcsIDOneLiteMod.so" Aid="A000000077018383081000F100000001"></IDOneLitev7>
        <IDOneClassicTokenUSB ATR="3B8B80010031C06477E9100000000011" ATRMask="FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" Library="libOcsIDOneClassicMod.so" Aid="A0000000770103000610000000000002"></IDOneClassicTokenUSB>
        <IDOneLiteItaly ATR="3B0000000031C064BE020100009000" ATRMask="FF00FFFFFFFFFFFFFFFFFFFF00FFFF" Library="libOcsIDOneLiteMod.so" Aid="A0000000770100000120000100000003"></IDOneLiteItaly>
        <AuthentIC22T0v7 ATR="3B0000000031C064BAFC1000009000" ATRMask="FF0000FFFFFFFFFFFFFFFFFF00FFFF" Library="libOcsAuthentIC22Mod.so" Aid="A000000077010303000000F100000002"></AuthentIC22T0v7>
</SmartCard>
</Middleware>

What's this xml file for and when should it be used?

I installed opencs and modified opencs.conf by specifying the Oberthur card driver:

        card_drivers = oberthur;

        card_driver oberthur {
                module = /usr/lib/libOcsCryptoki.so;
        }

        force_card_driver = oberthur;

Then I ran:

# pkcs11-tool --module /usr/lib/libOcsCryptoki.so -O

Using slot 0 with a present token (0x0)
Public Key Object; RSA 1024 bits
  label:     
  ID:         17f38f0ec9db8e9aefeaf2d666bfaf07ae9281da
  Usage:      encrypt, verify
Certificate Object, type = X.509 cert
  label:      IDone Classic Card:NAME XXXXXXX XXXXXX XXXXXXX - IDN 000000000's FNMT ID
  ID:         17f38f0ec9db8e9aefeaf2d666bfaf07ae9281da

Does this mean the card driver is correctly accessing the certificate?

However, runinng opencs-explorer or the following command gives an error (Card is invalid or cannot be handled):

# pkcs15-tool -c -vvvv...

0xb740d6c0 10:14:37.427 [pkcs15-tool] sc.c:231:sc_detect_card_presence: called
0xb740d6c0 10:14:37.427 [pkcs15-tool] reader-pcsc.c:370:pcsc_detect_card_presence: called
0xb740d6c0 10:14:37.427 [pkcs15-tool] reader-pcsc.c:283:refresh_attributes: ACS ACR 38U-CCID 00 00 check
0xb740d6c0 10:14:37.427 [pkcs15-tool] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0xb740d6c0 10:14:37.427 [pkcs15-tool] reader-pcsc.c:375:pcsc_detect_card_presence: returning with: 1
0xb740d6c0 10:14:37.427 [pkcs15-tool] sc.c:236:sc_detect_card_presence: returning with: 1
Using reader with a card: ACS ACR 38U-CCID 00 00
0xb740d6c0 10:14:37.427 [pkcs15-tool] sc.c:231:sc_detect_card_presence: called
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:370:pcsc_detect_card_presence: called
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:283:refresh_attributes: ACS ACR 38U-CCID 00 00 check
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:375:pcsc_detect_card_presence: returning with: 1
0xb740d6c0 10:14:37.428 [pkcs15-tool] sc.c:236:sc_detect_card_presence: returning with: 1
0xb740d6c0 10:14:37.428 [pkcs15-tool] card.c:125:sc_connect_card: called
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:450:pcsc_connect: called
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:283:refresh_attributes: ACS ACR 38U-CCID 00 00 check
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0xb740d6c0 10:14:37.428 [pkcs15-tool] reader-pcsc.c:479:pcsc_connect: Initial protocol: T=1
0xb740d6c0 10:14:37.429 [pkcs15-tool] apdu.c:687:sc_transmit_apdu: called
0xb740d6c0 10:14:37.429 [pkcs15-tool] card.c:315:sc_lock: called
0xb740d6c0 10:14:37.429 [pkcs15-tool] reader-pcsc.c:517:pcsc_lock: called
0xb740d6c0 10:14:37.429 [pkcs15-tool] apdu.c:654:sc_transmit: called
0xb740d6c0 10:14:37.429 [pkcs15-tool] apdu.c:509:sc_single_transmit: called
0xb740d6c0 10:14:37.429 [pkcs15-tool] apdu.c:514:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:C, data(7) 0xbfd98ef9
0xb740d6c0 10:14:37.429 [pkcs15-tool] reader-pcsc.c:249:pcsc_transmit: reader 'ACS ACR 38U-CCID 00 00'
0xb740d6c0 10:14:37.429 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Outgoing APDU data [   12 bytes] =====================================
00 A4 04 0C 07 A0 00 00 00 03 00 00 ............
======================================================================
0xb740d6c0 10:14:37.429 [pkcs15-tool] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb740d6c0 10:14:37.452 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Incoming APDU data [    2 bytes] =====================================
6A 86 j.
======================================================================
0xb740d6c0 10:14:37.452 [pkcs15-tool] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.452 [pkcs15-tool] apdu.c:676:sc_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.452 [pkcs15-tool] card.c:353:sc_unlock: called
0xb740d6c0 10:14:37.452 [pkcs15-tool] reader-pcsc.c:554:pcsc_unlock: called
0xb740d6c0 10:14:37.460 [pkcs15-tool] apdu.c:687:sc_transmit_apdu: called
0xb740d6c0 10:14:37.460 [pkcs15-tool] card.c:315:sc_lock: called
0xb740d6c0 10:14:37.460 [pkcs15-tool] reader-pcsc.c:517:pcsc_lock: called
0xb740d6c0 10:14:37.460 [pkcs15-tool] apdu.c:654:sc_transmit: called
0xb740d6c0 10:14:37.460 [pkcs15-tool] apdu.c:509:sc_single_transmit: called
0xb740d6c0 10:14:37.460 [pkcs15-tool] apdu.c:514:sc_single_transmit: CLA:80, INS:CA, P1:9F, P2:7F, data(0) (nil)
0xb740d6c0 10:14:37.460 [pkcs15-tool] reader-pcsc.c:249:pcsc_transmit: reader 'ACS ACR 38U-CCID 00 00'
0xb740d6c0 10:14:37.461 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Outgoing APDU data [    5 bytes] =====================================
80 CA 9F 7F 2D ....-
======================================================================
0xb740d6c0 10:14:37.461 [pkcs15-tool] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb740d6c0 10:14:37.475 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Incoming APDU data [   47 bytes] =====================================
9F 7F 2A 20 50 50 00 40 41 52 73 00 60 82 47 14 ..* PP.@ARs.`.G.
D7 38 43 11 00 11 42 91 66 11 43 91 66 11 44 91 .8C...B.f.C.f.D.
66 14 03 00 00 00 00 00 00 00 00 00 00 90 00    f..............
======================================================================
0xb740d6c0 10:14:37.475 [pkcs15-tool] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.475 [pkcs15-tool] apdu.c:676:sc_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.475 [pkcs15-tool] card.c:353:sc_unlock: called
0xb740d6c0 10:14:37.475 [pkcs15-tool] reader-pcsc.c:554:pcsc_unlock: called
0xb740d6c0 10:14:37.483 [pkcs15-tool] card-oberthur.c:188:auth_select_aid: serial number 349648963/0x14D73843
0xb740d6c0 10:14:37.483 [pkcs15-tool] apdu.c:687:sc_transmit_apdu: called
0xb740d6c0 10:14:37.483 [pkcs15-tool] card.c:315:sc_lock: called
0xb740d6c0 10:14:37.483 [pkcs15-tool] reader-pcsc.c:517:pcsc_lock: called
0xb740d6c0 10:14:37.483 [pkcs15-tool] apdu.c:654:sc_transmit: called
0xb740d6c0 10:14:37.483 [pkcs15-tool] apdu.c:509:sc_single_transmit: called
0xb740d6c0 10:14:37.483 [pkcs15-tool] apdu.c:514:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:C, data(16) 0xbfd98ce0
0xb740d6c0 10:14:37.483 [pkcs15-tool] reader-pcsc.c:249:pcsc_transmit: reader 'ACS ACR 38U-CCID 00 00'
0xb740d6c0 10:14:37.483 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Outgoing APDU data [   21 bytes] =====================================
00 A4 04 0C 10 A0 00 00 00 77 01 03 03 00 00 00 .........w......
F1 00 00 00 02                                  .....
======================================================================
0xb740d6c0 10:14:37.483 [pkcs15-tool] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb740d6c0 10:14:37.500 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Incoming APDU data [    2 bytes] =====================================
6A 86 j.
======================================================================
0xb740d6c0 10:14:37.500 [pkcs15-tool] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.500 [pkcs15-tool] apdu.c:676:sc_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.500 [pkcs15-tool] card.c:353:sc_unlock: called
0xb740d6c0 10:14:37.500 [pkcs15-tool] reader-pcsc.c:554:pcsc_unlock: called
0xb740d6c0 10:14:37.510 [pkcs15-tool] iso7816.c:103:iso7816_check_sw: Incorrect parameters P1-P2
0xb740d6c0 10:14:37.510 [pkcs15-tool] apdu.c:687:sc_transmit_apdu: called
0xb740d6c0 10:14:37.510 [pkcs15-tool] card.c:315:sc_lock: called
0xb740d6c0 10:14:37.510 [pkcs15-tool] reader-pcsc.c:517:pcsc_lock: called
0xb740d6c0 10:14:37.510 [pkcs15-tool] apdu.c:654:sc_transmit: called
0xb740d6c0 10:14:37.510 [pkcs15-tool] apdu.c:509:sc_single_transmit: called
0xb740d6c0 10:14:37.510 [pkcs15-tool] apdu.c:514:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:0, data(16) 0xbfd98ce0
0xb740d6c0 10:14:37.510 [pkcs15-tool] reader-pcsc.c:249:pcsc_transmit: reader 'ACS ACR 38U-CCID 00 00'
0xb740d6c0 10:14:37.510 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Outgoing APDU data [   21 bytes] =====================================
00 A4 04 00 10 A0 00 00 00 77 01 03 03 00 00 00 .........w......
F1 00 00 00 02                                  .....
======================================================================
0xb740d6c0 10:14:37.510 [pkcs15-tool] reader-pcsc.c:182:pcsc_internal_transmit: called
0xb740d6c0 10:14:37.527 [pkcs15-tool] apdu.c:185:sc_apdu_log:
Incoming APDU data [    2 bytes] =====================================
6A 82 j.
======================================================================
0xb740d6c0 10:14:37.527 [pkcs15-tool] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.527 [pkcs15-tool] apdu.c:676:sc_transmit: returning with: 0 (Success)
0xb740d6c0 10:14:37.527 [pkcs15-tool] card.c:353:sc_unlock: called
0xb740d6c0 10:14:37.527 [pkcs15-tool] reader-pcsc.c:554:pcsc_unlock: called
0xb740d6c0 10:14:37.529 [pkcs15-tool] iso7816.c:103:iso7816_check_sw: File not found
0xb740d6c0 10:14:37.529 [pkcs15-tool] iso7816.c:488:iso7816_select_file: returning with: -1201 (File not found)
0xb740d6c0 10:14:37.529 [pkcs15-tool] card-oberthur.c:196:auth_select_aid: rv -1201
0xb740d6c0 10:14:37.529 [pkcs15-tool] card-oberthur.c:197:auth_select_aid: select parent failed: -1201 (File not found)
0xb740d6c0 10:14:37.529 [pkcs15-tool] card-oberthur.c:245:auth_init: Failed to initialize (null)
0xb740d6c0 10:14:37.529 [pkcs15-tool] card-oberthur.c:246:auth_init: Failed to initialize: -1210 (Card is invalid or cannot be handled)
0xb740d6c0 10:14:37.529 [pkcs15-tool] card.c:179:sc_connect_card: driver 'Oberthur AuthentIC.v2/CosmopolIC.v4' init() failed: Card is invalid or cannot be handled
0xb740d6c0 10:14:37.529 [pkcs15-tool] reader-pcsc.c:504:pcsc_disconnect: called
0xb740d6c0 10:14:37.989 [pkcs15-tool] card.c:249:sc_connect_card: returning with: -1210 (Card is invalid or cannot be handled)
Failed to connect to card: Card is invalid or cannot be handled
0xb740d6c0 10:14:37.989 [pkcs15-tool] ctx.c:787:sc_release_context: called
0xb740d6c0 10:14:37.989 [pkcs15-tool] reader-pcsc.c:745:pcsc_finish: called
Connecting to card in reader ACS ACR 38U-CCID 00 00...

Eventually, my goal is to redirect the card reader to a Windows terminal server. I would use something like "rdesktop -r scard RDPserver". In that case, would the middleware still be necessary on the Linux client? Or should the "card reader driver" on the Linux client AND the "card driver/middleware" on the Windows server be enough?

In any case, I'd like to first get rid of all the error messages on the command line and be able to manually access the certificates (I'd also like to be able to use the pin).

Thanks for your time,

Vieri

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur smartcard driver

Ludovic Rousseau
2014-04-09 20:01 GMT+02:00 Vieri <[hidden email]>:
> Hi,

Hello,

> I'm new to the world of smartcards so please bear with me.
>
> Let's see if I have the general idea of how things usually work. One needs to have a driver in order to access the "card reader". However, one also needs another driver to access the "card itself". Some cards may have a proprietary format or a proprietary access method.
> Is that right?

Exact.

> If so, according to the data I'm posting further down, I seem to have a ccid-compatible reader (so pcsc-lite+ccid is all I need in order to communicate with the reader) and an Oberthur smartcard that *requires* a specific driver. Is that what you may call "middleware"?

Exact.

> I installed opencs and modified opencs.conf by specifying the Oberthur card driver:
>
>         card_drivers = oberthur;
>
>         card_driver oberthur {
>                 module = /usr/lib/libOcsCryptoki.so;
>         }
>
>         force_card_driver = oberthur;
>
> Then I ran:
>
> # pkcs11-tool --module /usr/lib/libOcsCryptoki.so -O
>
> Using slot 0 with a present token (0x0)
> Public Key Object; RSA 1024 bits
>   label:
>   ID:         17f38f0ec9db8e9aefeaf2d666bfaf07ae9281da
>   Usage:      encrypt, verify
> Certificate Object, type = X.509 cert
>   label:      IDone Classic Card:NAME XXXXXXX XXXXXX XXXXXXX - IDN 000000000's FNMT ID
>   ID:         17f38f0ec9db8e9aefeaf2d666bfaf07ae9281da
>
> Does this mean the card driver is correctly accessing the certificate?

Yes

> However, runinng opencs-explorer or the following command gives an error (Card is invalid or cannot be handled):

You can't use the internal drivers provided by OpenSC. You need to use
libOcsCryptoki.so
pkcs15-tool and opensc-explorer can't use an external PKCS#11 library.

> Eventually, my goal is to redirect the card reader to a Windows terminal server. I would use something like "rdesktop -r scard RDPserver". In that case, would the middleware still be necessary on the Linux client? Or should the "card reader driver" on the Linux client AND the "card driver/middleware" on the Windows server be enough?

Yes.

> In any case, I'd like to first get rid of all the error messages on the command line and be able to manually access the certificates (I'd also like to be able to use the pin).
>
> Thanks for your time,

Bye.

PS: your email was in my Gmail spam folder. Maybe yahoo.com is not
configured correctly or you made something wrong with your email
configuration.

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur smartcard driver

Martin Paljak-4


On 13/04/14 18:00 , Ludovic Rousseau wrote:
> PS: your email was in my Gmail spam folder. Maybe yahoo.com is not
> configured correctly or you made something wrong with your email
> configuration.

Maybe this:

http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html

--
Martin
+372 515 6495

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur smartcard driver

Vieri
In reply to this post by Ludovic Rousseau




----- Original Message -----
From: Ludovic Rousseau <[hidden email]>

>> Eventually, my goal is to redirect the card reader to a Windows terminal server. I would use
>> something like "rdesktop -r scard RDPserver". In that case, would the middleware still be
>> necessary on the Linux client? Or should the "card reader driver" on the Linux client AND the
>> "card driver/middleware" on the Windows server be enough?
>
> Yes.

Thanks Ludovic.
Just for clarity, is it a "yes" to my first or second question?
I'm guessing it's my second question, ie.:
my linux client ONLY requires a working "reader driver" when connecting with rdesktop and the remote Windows Terminal Server should have the appropriate "card driver", aka "middleware". The middleware is NOT required on the Linux RDP client.
Is this correct?

Thanks,

Vieri

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Oberthur smartcard driver

Ludovic Rousseau
2014-04-15 8:55 GMT+02:00 Vieri <[hidden email]>:

> ----- Original Message -----
> From: Ludovic Rousseau <[hidden email]>
>
>>> Eventually, my goal is to redirect the card reader to a Windows terminal server. I would use
>>> something like "rdesktop -r scard RDPserver". In that case, would the middleware still be
>>> necessary on the Linux client? Or should the "card reader driver" on the Linux client AND the
>>> "card driver/middleware" on the Windows server be enough?
>>
>> Yes.
>
> Thanks Ludovic.
> Just for clarity, is it a "yes" to my first or second question?

Second question.

Next time use only 1 question per paragraph :-)

> I'm guessing it's my second question, ie.:
> my linux client ONLY requires a working "reader driver" when connecting with rdesktop and the remote Windows Terminal Server should have the appropriate "card driver", aka "middleware". The middleware is NOT required on the Linux RDP client.
> Is this correct?

Correct.

Bye

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel