PKCS#15 binding failed: Unsupported card

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS#15 binding failed: Unsupported card

Andre Tampubolon
Hello everyone,

My supervisor asked me to do a little research on how to put key on smartcard, so when every time you use Thunderbird or Outlook, the key has to be plugged in first before.

He gave me this link:
https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php?id=public:smartcard

I didn't find how to put the key specifially on that link, so I did some Google search and found this:
https://code.google.com/p/seek-for-android/wiki/SmartCardPKI
So, to put they key into the card, you have you use pkcs15-tool.

For this testing purposes, I have 3 different smart card (one of them is Austria Card).
All of them failed during the creation of PKCS#15 structure:
$ pkcs15-tool.exe --dump
Using reader with a card: OMNIKEY CardMan 5x21 0
PKCS#15 binding failed: Unsupported card


So, does that mean I cannot use my cards for this purpose? Or is there any workaround?
Thank you.

--
Andre Tampubolon

R & D Engineer at PT Cipta Srigati Lestari
Jln. Kemang Utara No.10 Jakarta Selatan 12730, Indonesia
http://www2.cslgroup.co.id

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15 binding failed: Unsupported card

Umberto Rustichelli aka Ubi
On 07/24/2014 10:00 AM, Andre Tampubolon wrote:
> Hello everyone,
>
> My supervisor asked me to do a little research on how to put key on
> smartcard, so when every time you use Thunderbird or Outlook, the key has
> to be plugged in first before.

Do you mean a key and a certificate, that Thunderbird will use to
authenticate vs the mail server?

> He gave me this link:
> https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php?id=public:smartcard
>
> I didn't find how to put the key specifially on that link, so I did some
> Google search and found this:
> https://code.google.com/p/seek-for-android/wiki/SmartCardPKI
> So, to put they key into the card, you have you use pkcs15-tool.

You can also use pkcs11-tool and a smart card driver provided by the
card vendor.

> For this testing purposes, I have 3 different smart card (one of them is
> Austria Card).

The OpenSC FAQ
https://github.com/OpenSC/OpenSC/wiki/Frequently-Asked-Questions
will lead you to the list of supported cards
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

> All of them failed during the creation of PKCS#15 structure:
> $ pkcs15-tool.exe --dump
> Using reader with a card: OMNIKEY CardMan 5x21 0
> PKCS#15 binding failed: Unsupported card
>
>
> So, does that mean I cannot use my cards for this purpose? Or is there any
> workaround?
>
There is no workaround. You need a driver for the card, if none of the
three is supported by the OpenSC driver, you must get a copy of the
vendor driver or, better, convince your boss that it is better to buy a
card which comes with full specifications and makes an open source
driver available.



------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15 binding failed: Unsupported card

Frank Morgner
Hi!
> > So, does that mean I cannot use my cards for this purpose? Or is there any
> > workaround?
> >
> There is no workaround. You need a driver for the card, if none of the
> three is supported by the OpenSC driver, you must get a copy of the
> vendor driver or, better, convince your boss that it is better to buy a
> card which comes with full specifications and makes an open source
> driver available.

have you tried to use to add

    enable_default_driver = true;

to opensc.conf? This might work...

--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

attachment0 (985 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#15 binding failed: Unsupported card

Douglas E Engert
In reply to this post by Andre Tampubolon


On 7/24/2014 3:00 AM, Andre Tampubolon wrote:
> Hello everyone,
>
> My supervisor asked me to do a little research on how to put key on smartcard, so when every time you use Thunderbird or Outlook, the key has to be plugged in first before.
>
> He gave me this link:
> https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php?id=public:smartcard

This also describes writing the Muscle applet on a card. We really need to know what cards you have.

>
> I didn't find how to put the key specifially on that link,so I did some Google search and found this:
> https://code.google.com/p/seek-for-android/wiki/SmartCardPKI
> So, to put they key into the card, you have you use pkcs15-tool.
>
> For this testing purposes, I have 3 different smart card (one of them is Austria Card).

Is your intent to use country or organization issued card?
If so you as a user would not be using a browser to generate a key or create a certificate
as the these would already be on the card when issued to the end user.

What are the 3 cards you have?

opensc-tool -a should show the ATR.

Do they have an applet on the card?




> All of them failed during the creation of PKCS#15 structure:
> $ pkcs15-tool.exe --dump
> Using reader with a card: OMNIKEY CardMan 5x21 0

This could also be an issue, See:

  http://pcsclite.alioth.debian.org/ccid/

> PKCS#15 binding failed: Unsupported card
>
>
> So, does that mean I cannot use my cards for this purpose? Or is there any workaround?

As others have said, use a card that is supported by OPenSC or try the vendor's PKCS#11
drivers.


> Thank you.
>
> --
> *Andre Tampubolon*
>
> R & D Engineer at PT Cipta Srigati Lestari
> Jln. Kemang Utara No.10 Jakarta Selatan 12730, Indonesia
> http://www2.cslgroup.co.id
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel