PUTTYcard and e-gate

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PUTTYcard and e-gate

jari.heikkinen
Hi,

I finally understood that I actually need to download and install
PuTTYcard-0.58-V1.2.zip in addition to scb to have smart card support to
pageant. I was earlier using putty without pageant.

It is highly confusing that the first page at www.opensc.org states:
"Smart card bundle is a new binary package for windows featureing OpenSSL,
OpenSC and Putty with smart card patches. Putty and Pageant work fine with
smart card support"
which makes me to think that pageant should work with unmodified scb. I
would suggest including the modified pageant into scb unless there is a
really good reason to leave it out or at least change the front page to
mention that separate package is needed to have smartcard support to
pageant.

Anyway, now I am trying to find out the pageant magic string for the
Sclumberger e-gate without success. The card is initialized with
pkcs15-init, not with Schlumberger tools.

The output from pkcs15-tool is:

#pkcs15-tool --list-pins --list-public-keys -k -c -C
Private RSA Key [Private Key]
        Com. Flags  : 3
        Usage       : [0x22E], decrypt, sign, signRecover, unwrap,
nonRepudiation
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
        ModLength   : 2048
        Key ref     : 0
        Native      : yes
        Path        : 3F0050154B0130450012
        Auth ID     : 01
        ID          : 45

Public RSA Key [Public Key]
        Com. Flags  : 2
        Usage       : [0x2D1], encrypt, wrap, verify, verifyRecover,
nonRepudiation
        Access Flags: [0x0]
        ModLength   : 2048
        Key ref     : 0
        Native      : no
        Path        : 3F0050154445
        Auth ID     :
        ID          : 45

PIN [Security Officer PIN]
        Com. Flags: 0x3
        ID        : ff
        Flags     : [0xB2], local, initialized, needs-padding, soPin
        Length    : min_len:6, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 2
        Type      : ascii-numeric
        Path      : 3F005015

PIN [jaripin]
        Com. Flags: 0x3
        ID        : 01
        Flags     : [0x32], local, initialized, needs-padding
        Length    : min_len:4, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 1
        Type      : ascii-numeric
        Path      : 3F0050154B01

Dump from: http://www.opensc.org/opensc/wiki/PuTTYcard
PuTTYcard,PuTTYiso7786.dll,<path>,AA,BB,CCCC
<path> is the DF on your smart card that contains the RSA-key. This must
be specified as a 4,8,12 or 16digit hexadecimal number. Do NOT prefix the
path with 3F00. AA is the key-reference of the private key, BB is the
pin-reference of the pin that protects your private key. CCCC is the ID of
a file on your card that contains your public key

So the above lists the order as:
        dir, privatekey, pin, publickey
Your email below lists the order as:
        dir, publickey, privatekey, pin


I have tried several combinations unsuccessfully, like:
        PuTTYcard,PuTTYiso7816.dll,5015,4445,4B0130450012,4B01
So there is propably something else as well wrong excpt the order.

Questions:
1. Which order is correct, your email or
http://www.opensc.org/opensc/wiki/PuTTYcard?
2. Could you and any other users please post the magic lines and the
outputs of pkcs15-tool command above for the card you are using?
3. Does someone know right away what the magic line should be based on the
dump above?

Best Regards,

JARI HEIKKINEN

MODIRUM
Mobile +358 40 555 0125 Fax +358 9 251 66100
Tel. +358 9 25123737, +372 644 4205,
+1 650 557 2064, +44 20 7871 3122, +852 8199 0064
Mannerheimintie 12 B, FIN-00100 Helsinki, FINLAND
[hidden email] www.modirum.com




"Peter Koch" <[hidden email]>
19.05.2005 23:06

To
[hidden email]
cc

Subject
Re: PuTTYCard - any users out there






Hi Jari

Now I'm confused too.

I assume you start my patched pageant.exe with one
argument, i.e. the name of a smartcard keyfile.

This smartcard-keyfile does not contain a key but
the string "PuTTYcard," followed by the name of a
DLL and some additional information that the DLL
needs to find the key on your smartcard

So if you do:

pageant.exe file.ppt

than file.ppt should be a text file containing the
following line:

PuTTYcard,PuTTYiso7816.dll,AAAA,BBBB,CC,DD

This will  make pageant load the DLL PuTTYiso7816.dll
and the latter will load public key BBBB from directory AAAA
and will use private key CC in directory AAAA which
must be protected by PIN DD.

It's this additional information AAAA.BBBB.CC.DD that I
would like to put in the documentation. Without this
magic numbers you cannot use PuTTYcard and you
normally need infos from your cards manufacturer to
find out this numbers.

Somebody must have found out where the keys are
stored on finish ID-cards and Schlumberger e-token
and must have put this infosrmation into the keyfile
you are using.

I assumed that you were this person.

Or are you using the exampel keyfile from the ZIP-file?
If that was the case then finish ID cards and
Schlumberger e-token do store their keys at the exact
same position as the TCOS-card I'm using.

One easy way to find out those numbers is to look at
pageants keylist. They are invthe comment-field of the key.

Peter


Here's the README from PuTTYcard-1.0-DLL.zip:
=====================================
PuTTYcard is an extension to PuTTY, the free SSH-client
from Simon Tatham. With this extension PuTTY can use
RSA-keys from external devices, ie. smartcards, usb-tokens.

This archive contains PuTTYiso7816.dll, a DLL that
enables PuTTYcard to load keys from any ISO-7816-8
compatible smartcard.

PuTTYiso7816.dll was tested with TCOS-cards only.

You must specify the key that PuTTYiso7816.dll should
load in the keyfile in the following format.

PuTTYcard,PuTTYiso7816.dll,AAAA,BBBB,CC,DD

AAAA is the path of the DF that contains the RSA-key,
BBBB is the relative path of the public-key-file,
CC is ths key-reference of the private-key, DD is the
PIN-reference.

The public-key file must be a records-based file containing
2 records. THe first record must contain the modulus, the
second record must contain the public exponent, each
TLV-coded.

Let me know, if your card stores public-keys in a different
format.
______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: PUTTYcard and e-gate [u]

Andreas Jellinghaus-2
you can either use scb with putty and pageant
or the putty and pageant in puttycard.

both alternatives have a working putty and pageant
(I have several people who use pageant and putty from
scb 0.4 all day without complaints. I haven't had the
time so far to test puttycard, but I'm sure it works, too).

> which makes me to think that pageant should work with unmodified scb.

it does. if you have a problem, we need more details.

remember: scb 0.3 didn't have a working pageant,
but that was fixed in scb 0.4.

still, it would be nice if we can get a detailed example
for puttycard into the wiki documentation.

Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user