Pinpad reader

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Pinpad reader

J.Witvliet
Hi all,
 
I know that (beyond this list) the number of smardcard users is rather limited.
And the number of people who are using a (more expensive) pinpad reader is even smaller.
 
From the list of supported hardware I ordered the OK omnikey 3621
I can see the reader and the card within, I can even do simple things.
One of the things I can not do is do a pin-verification.
 
Do I have to tweak something in the config, or does the reader pushes it capabilities towards the driver?
I mean where/how is the decision made wether to use the regular keyboard or the pinpad.
Same for where the message is send for "enter your PIN".
Nomally it goes to the default display, but some readers (not mine)  have a display of their own.
 
I presume it is the driver that makes the switch, not the application above...
 
Defensie/CDC/IVENT/Research en Innovation Centrum
Ing J. (Hans) Witvliet Systeembeheer, CAcert-assurer
T   0174-539053
Coldenhovelaan 1, 3155RC Maasland, kamer A109
 
 
 

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad reader

Martin Paljak-2
Hello,

On Jul 8, 2010, at 3:26 PM, <[hidden email]> <[hidden email]> wrote:
> From the list of supported hardware I ordered the OK omnikey 3621
> I can see the reader and the card within, I can even do simple things.
> One of the things I can not do is do a pin-verification.
>  
> Do I have to tweak something in the config, or does the reader pushes it capabilities towards the driver?
> I mean where/how is the decision made wether to use the regular keyboard or the pinpad.
With OpenSC 0.11.X you can enable the pinpad support in opensc.conf by tuning enable_pinpad option. It is off by default.
With OpenSC SVN (0.12.X) you can disable pinpad support (if it does not work for some reason) by turning the same option off (as it is on by default).

> Same for where the message is send for "enter your PIN".
> Nomally it goes to the default display, but some readers (not mine)  have a display of their own.
The application has to have support for pinpads, as the application has to either acquire the PIN or display an informative dialog "please enter PIN on pinpad".


--
Martin Paljak
@martinpaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad reader

J.Witvliet
In reply to this post by J.Witvliet
 

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Martin Paljak
Sent: Friday, July 09, 2010 11:31 AM
To: Witvliet, J, CDC/IVENT/OPS/I&S/PLS/SMP/HRM/RP1
Cc: [hidden email]
Subject: Re: [opensc-user] Pinpad reader

Hello,

On Jul 8, 2010, at 3:26 PM, <[hidden email]> <[hidden email]> wrote:
> From the list of supported hardware I ordered the OK omnikey 3621 I
> can see the reader and the card within, I can even do simple things.
> One of the things I can not do is do a pin-verification.
>  
> Do I have to tweak something in the config, or does the reader pushes it capabilities towards the driver?
> I mean where/how is the decision made wether to use the regular keyboard or the pinpad.
With OpenSC 0.11.X you can enable the pinpad support in opensc.conf by tuning enable_pinpad option. It is off by default.
With OpenSC SVN (0.12.X) you can disable pinpad support (if it does not work for some reason) by turning the same option off (as it is on by default).

> Same for where the message is send for "enter your PIN".
> Nomally it goes to the default display, but some readers (not mine)  have a display of their own.
The application has to have support for pinpads, as the application has to either acquire the PIN or display an informative dialog "please enter PIN on pinpad".

Hi Martin.

Well, i'm using opensc 0.11.12

In /etc/opensc/opensc.conf i removed the # before line 90,"enable_pinpad = true;

However if i do on an ordinary reader a "pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 -O -l"
I'm prompted for a pin and i see all objects.

If i do it with an omnikey 3621, all i get is:
"error: PKCS11 function C_login failed: rv = CKR_DEVICE_ERROR (0x30)"

On the other hand, if i remove the "-l" , thus not logging in,
Previous command works, but showing only a unprotected certificate (which proves that the reader can do something)


Any other flags to alter?

Kind regards, Hans

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad reader

Martin Paljak-2

On Jul 9, 2010, at 1:15 PM, <[hidden email]> <[hidden email]> wrote:
> In /etc/opensc/opensc.conf i removed the # before line 90,"enable_pinpad = true;
>
> However if i do on an ordinary reader a "pkcs11-tool --module /usr/lib/libaetpkss.so.3.0 -O -l"
You are not using OpenSC PKCS#11 module, so changing opensc.conf does not make sense. You are using the (quite generic) pkcs11-tool from OpenSC with a PKCS#11 module for SafeSign?

Enabling pinpad operation for that proprietary PKCS#11 module is out of reach for OpenSC.

--
Martin Paljak
@martinpaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user