PKCS15 Deauthenticate Function

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS15 Deauthenticate Function

evalues evalues
Hello,

I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for deauthenticate, does it exist? If it exist, what is?

Also, I want know if there is an API of pkcs15-function.

Thank you.


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS15 Deauthenticate Function

Viktor Tarasov-3
Hello,

Le 25/01/2012 11:45, evalues evalues a écrit :
> Hello,
>
> I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a
> function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for
> deauthenticate, does it exist? If it exist, what is?

Not all the cards natively support the 'deauthenticate' function.
There is no such function in the OpenSC pkcs15 API.
In libopensc API there is the sc_logout() one, that calls the card specific 'logout' handler, if this last one is implemented.

>
> Also, I want know if there is an API of pkcs15-function.
> Thank you.

Kind regards,
Viktor.
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS15 Deauthenticate Function

evalues evalues
Hello,

thanks for your answer. I'm working with Athena smartcard and I have seen that in the file card-asepcos.c, the function of logout is not implemented. I have seen in the file card-starcos.c that it have this function, and I have seen that the function is to send a certain APDU to the smartcard. I want know if it is possible to do the logout function for athena smartcard and the APDU that I should use.

Thank you.

On Sun, Jan 29, 2012 at 8:08 PM, Viktor Tarasov <[hidden email]> wrote:
Hello,

Le 25/01/2012 11:45, evalues evalues a écrit :
> Hello,
>
> I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a
> function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for
> deauthenticate, does it exist? If it exist, what is?

Not all the cards natively support the 'deauthenticate' function.
There is no such function in the OpenSC pkcs15 API.
In libopensc API there is the sc_logout() one, that calls the card specific 'logout' handler, if this last one is implemented.

>
> Also, I want know if there is an API of pkcs15-function.
> Thank you.

Kind regards,
Viktor.


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS15 Deauthenticate Function

Viktor Tarasov-3


On Wed, Feb 8, 2012 at 6:04 PM, evalues evalues <[hidden email]> wrote:
Hello,

thanks for your answer. I'm working with Athena smartcard and I have seen that in the file card-asepcos.c, the function of logout is not implemented. I have seen in the file card-starcos.c that it have this function, and I have seen that the function is to send a certain APDU to the smartcard. I want know if it is possible to do the logout function for athena smartcard and the APDU that I should use.


Athena card has a proprietary APDU to reset the PIN's 'verified' flag:
> Asepcos cards have a Clear Security Status command - it is encoded as following:
> 80 28 01 00 Lc <data>
> Where <data> is 4 bytes: 00, <level>, <MSByte of pin's FID>, <LSByte of pin's FID>
> <level> is the directory depth of the pin's location - e.g., 0 for a pin in the MF, 1 for a pin in a DF under the MF, etc.
> For example, to clear the status of the pin with FID=1 under the MF, use the following apdu:
> 80 28 01 00 04 00 00 00 01


Thank you.

Kind regards,
Viktor.


 
On Sun, Jan 29, 2012 at 8:08 PM, Viktor Tarasov <[hidden email]> wrote:
Hello,

Le 25/01/2012 11:45, evalues evalues a écrit :
> Hello,
>
> I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a
> function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for
> deauthenticate, does it exist? If it exist, what is?

Not all the cards natively support the 'deauthenticate' function.
There is no such function in the OpenSC pkcs15 API.
In libopensc API there is the sc_logout() one, that calls the card specific 'logout' handler, if this last one is implemented.

>
> Also, I want know if there is an API of pkcs15-function.
> Thank you.

Kind regards,
Viktor.



_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS15 Deauthenticate Function

evalues evalues
The code would be as shown bellow:

    sc_apdu_t apdu;
    const u8 mf_buf[4] = {0x00, 0x00, 0x00, 0x01};
    sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x28, 0x01, 0x00);
    apdu.le = 0;
    apdu.lc = 4;
    apdu.data    = mf_buf;
    apdu.datalen = 4;
    apdu.resplen = 0;
   
    r = sc_transmit_apdu(card, &apdu);

Thank you.
 

On Fri, Feb 17, 2012 at 10:37 AM, Viktor Tarasov <[hidden email]> wrote:


On Wed, Feb 8, 2012 at 6:04 PM, evalues evalues <[hidden email]> wrote:
Hello,

thanks for your answer. I'm working with Athena smartcard and I have seen that in the file card-asepcos.c, the function of logout is not implemented. I have seen in the file card-starcos.c that it have this function, and I have seen that the function is to send a certain APDU to the smartcard. I want know if it is possible to do the logout function for athena smartcard and the APDU that I should use.


Athena card has a proprietary APDU to reset the PIN's 'verified' flag:
> Asepcos cards have a Clear Security Status command - it is encoded as following:
> 80 28 01 00 Lc <data>
> Where <data> is 4 bytes: 00, <level>, <MSByte of pin's FID>, <LSByte of pin's FID>
> <level> is the directory depth of the pin's location - e.g., 0 for a pin in the MF, 1 for a pin in a DF under the MF, etc.
> For example, to clear the status of the pin with FID=1 under the MF, use the following apdu:
> 80 28 01 00 04 00 00 00 01


Thank you.

Kind regards,
Viktor.


 
On Sun, Jan 29, 2012 at 8:08 PM, Viktor Tarasov <[hidden email]> wrote:
Hello,

Le 25/01/2012 11:45, evalues evalues a écrit :
> Hello,
>
> I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a
> function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for
> deauthenticate, does it exist? If it exist, what is?

Not all the cards natively support the 'deauthenticate' function.
There is no such function in the OpenSC pkcs15 API.
In libopensc API there is the sc_logout() one, that calls the card specific 'logout' handler, if this last one is implemented.

>
> Also, I want know if there is an API of pkcs15-function.
> Thank you.

Kind regards,
Viktor.




_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS15 Deauthenticate Function

evalues evalues
If I use this command I get the next response: SW1 = 6D and SW2 = 00, and its meaning is that "Instruction code not supported or invalid". There is anything wrong? Can you explain to my how is the process to deauthenticate.

Thank you

On Thu, Feb 23, 2012 at 4:00 PM, evalues evalues <[hidden email]> wrote:
The code would be as shown bellow:

    sc_apdu_t apdu;
    const u8 mf_buf[4] = {0x00, 0x00, 0x00, 0x01};
    sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x28, 0x01, 0x00);
    apdu.le = 0;
    apdu.lc = 4;
    apdu.data    = mf_buf;
    apdu.datalen = 4;
    apdu.resplen = 0;
   
    r = sc_transmit_apdu(card, &apdu);

Thank you.

 

On Fri, Feb 17, 2012 at 10:37 AM, Viktor Tarasov <[hidden email]> wrote:


On Wed, Feb 8, 2012 at 6:04 PM, evalues evalues <[hidden email]> wrote:
Hello,

thanks for your answer. I'm working with Athena smartcard and I have seen that in the file card-asepcos.c, the function of logout is not implemented. I have seen in the file card-starcos.c that it have this function, and I have seen that the function is to send a certain APDU to the smartcard. I want know if it is possible to do the logout function for athena smartcard and the APDU that I should use.


Athena card has a proprietary APDU to reset the PIN's 'verified' flag:
> Asepcos cards have a Clear Security Status command - it is encoded as following:
> 80 28 01 00 Lc <data>
> Where <data> is 4 bytes: 00, <level>, <MSByte of pin's FID>, <LSByte of pin's FID>
> <level> is the directory depth of the pin's location - e.g., 0 for a pin in the MF, 1 for a pin in a DF under the MF, etc.
> For example, to clear the status of the pin with FID=1 under the MF, use the following apdu:
> 80 28 01 00 04 00 00 00 01


Thank you.

Kind regards,
Viktor.


 
On Sun, Jan 29, 2012 at 8:08 PM, Viktor Tarasov <[hidden email]> wrote:
Hello,

Le 25/01/2012 11:45, evalues evalues a écrit :
> Hello,
>
> I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a
> function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for
> deauthenticate, does it exist? If it exist, what is?

Not all the cards natively support the 'deauthenticate' function.
There is no such function in the OpenSC pkcs15 API.
In libopensc API there is the sc_logout() one, that calls the card specific 'logout' handler, if this last one is implemented.

>
> Also, I want know if there is an API of pkcs15-function.
> Thank you.

Kind regards,
Viktor.





_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PKCS15 Deauthenticate Function

Viktor Tarasov-3


On Fri, Feb 24, 2012 at 2:04 PM, evalues evalues <[hidden email]> wrote:
If I use this command I get the next response: SW1 = 6D and SW2 = 00, and its meaning is that "Instruction code not supported or invalid". There is anything wrong? Can you explain to my how is the process to deauthenticate.


1. Initialized with OpenSC, this card has both PINs locals -- SoPIN and UserPIN.
   They are defined in the first level DF (5015).
    So, in your APDU data the 'level' has to be '1'.

2. The CLA of the APDU has to be 0x80, as for proprietary command:
Your code has to be like this:
    ....
    sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x28, 0x01, 0x00);
    apdu.cla = 0x80;
    apdu.le = 0;
    ...

For me works the manual test with generic variant of 'Athena ASEPCOS' (reset SoPIN):
OpenSC [3F00/5015]> apdu 80:28:01:00:04:00:01:00:01

 

Thank you

Kind regards,
Viktor.

 


On Thu, Feb 23, 2012 at 4:00 PM, evalues evalues <[hidden email]> wrote:
The code would be as shown bellow:

    sc_apdu_t apdu;
    const u8 mf_buf[4] = {0x00, 0x00, 0x00, 0x01};
    sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x28, 0x01, 0x00);
    apdu.le = 0;
    apdu.lc = 4;
    apdu.data    = mf_buf;
    apdu.datalen = 4;
    apdu.resplen = 0;
   
    r = sc_transmit_apdu(card, &apdu);

Thank you.

 

On Fri, Feb 17, 2012 at 10:37 AM, Viktor Tarasov <[hidden email]> wrote:


On Wed, Feb 8, 2012 at 6:04 PM, evalues evalues <[hidden email]> wrote:
Hello,

thanks for your answer. I'm working with Athena smartcard and I have seen that in the file card-asepcos.c, the function of logout is not implemented. I have seen in the file card-starcos.c that it have this function, and I have seen that the function is to send a certain APDU to the smartcard. I want know if it is possible to do the logout function for athena smartcard and the APDU that I should use.


Athena card has a proprietary APDU to reset the PIN's 'verified' flag:
> Asepcos cards have a Clear Security Status command - it is encoded as following:
> 80 28 01 00 Lc <data>
> Where <data> is 4 bytes: 00, <level>, <MSByte of pin's FID>, <LSByte of pin's FID>
> <level> is the directory depth of the pin's location - e.g., 0 for a pin in the MF, 1 for a pin in a DF under the MF, etc.
> For example, to clear the status of the pin with FID=1 under the MF, use the following apdu:
> 80 28 01 00 04 00 00 00 01


Thank you.

Kind regards,
Viktor.


 
On Sun, Jan 29, 2012 at 8:08 PM, Viktor Tarasov <[hidden email]> wrote:
Hello,

Le 25/01/2012 11:45, evalues evalues a écrit :
> Hello,
>
> I need know if at Opensc (opensc.dll version 0.12.1.0) there is a pkcs15-function that allows me to deauthenticate on a smart card. For example, I was looking the source code of this opensc version, and I found that in the file minidriver.c there is a
> function (CardAuthenticatePin) that uses the function sc_pkcs15_verify_pin for check if the PIN is correct, and if so authenticate the user on the smartcard. Besides, I was looking the function CaredDeauthenticate, but I did not find a pkcs15-funtion for
> deauthenticate, does it exist? If it exist, what is?

Not all the cards natively support the 'deauthenticate' function.
There is no such function in the OpenSC pkcs15 API.
In libopensc API there is the sc_logout() one, that calls the card specific 'logout' handler, if this last one is implemented.

>
> Also, I want know if there is an API of pkcs15-function.
> Thank you.

Kind regards,
Viktor.






_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel