SafeNet/Aladdin new eToken PRO (Java) - driver

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

SafeNet/Aladdin new eToken PRO (Java) - driver

Martin Čmelík
Hi,

I would like to ask you if someone can help with drivers for "new"
SafeNet eToken (Aladdin) 5100 (Java Card).
Based on this http://www.opensc-project.org/opensc/wiki/AladdinEtokenPro
it seems to be evolution version of eToken PRO (Java), more info here:
http://www.safenet-inc.com/Products/Data_Protection/two-factor-authentication/SafeNet_eToken_5100/

=== Some info ===
### opensc-tool -l
Readers known about:
Nr.    Driver     Name
0      pcsc       AKS VR 00 00
1      pcsc       AKS Ifdh 00 00

### opensc-tool --atr
Using reader with a card: AKS Ifdh 00 00
3b:d5:18:00:81:31:fe:7d:80:73:c8:21:10:f4

ATR - 3b d5 18 00 81 31 fe 7d 80 73 c8 21 10 f4
is wrongly identified as Bank of Lithuania Identification card, based
on this: http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt

### pkcs11-tool --module /usr/lib/opensc-pkcs11.so -L
[opensc-pkcs11] pkcs15.c:532:sc_pkcs15_bind_internal: unable to
enumerate apps: Incorrect parameters in APDU
[opensc-pkcs11] pkcs15.c:799:sc_pkcs15_bind: returning with: Unsupported card
[opensc-pkcs11] pkcs15.c:799:sc_pkcs15_bind: returning with: Unsupported card
[opensc-pkcs11] pkcs15.c:799:sc_pkcs15_bind: returning with: Unsupported card
Available slots:
Slot 0           (empty)
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
[opensc-pkcs11] pkcs15.c:799:sc_pkcs15_bind: returning with: Unsupported card
Slot 4           (empty)

### opensc-explorer -r 1
OpenSC Explorer version 0.11.13
[opensc-explorer] iso7816.c:99:iso7816_check_sw: Incorrect parameters P1-P2
[opensc-explorer] iso7816.c:462:iso7816_select_file: returning with:
Incorrect parameters in APDU
[opensc-explorer] card.c:554:sc_select_file: returning with: Incorrect
parameters in APDU
unable to select MF: Incorrect parameters in APDU

###pcsctest

MUSCLE PC/SC Lite Test Program

Testing SCardEstablishContext    : Command successful.
Testing SCardGetStatusChange
Please insert a working reader   : Command successful.
Testing SCardListReaders         : Command successful.
Reader 01: AKS VR 00 00
Reader 02: AKS Ifdh 00 00
Enter the reader number          : 02
Waiting for card insertion
                                 : Command successful.
Testing SCardConnect             : Command successful.
Testing SCardStatus              : Command successful.
Current Reader Name              : AKS Ifdh 00 00
Current Reader State             : 0x34
Current Reader Protocol          : 0x1
Current Reader ATR Size          : 14 (0xe)
Current Reader ATR Value         : 3B D5 18 00 81 31 FE 7D 80 73 C8 21 10 F4
Testing SCardDisconnect          : Command successful.
Testing SCardReleaseContext      : Command successful.
Testing SCardEstablishContext    : Command successful.
Testing SCardGetStatusChange
Please insert a working reader   : Command successful.
Testing SCardListReaders         : Command successful.

Middle-ware communication works fine (pcscd -d -f -a) I'm also able to
use SafeNet Authentication Client, but unable use pkcs11/15 tools at
all.

Information from SafeNet application:
Total memory: 73728
Card type: Java Card
OS version: eToken Java Applet 1.2.9

SafeNet buy/acquire Aladdin in 2009 so Aladdin product aren't
distributed/supported anymore and only those are in stock :[

Please let me know if you need more information

Thanks a lot


Martin Čmelík
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

Ludovic Rousseau
2012/9/3 Martin Čmelík <[hidden email]>:
> Hi,

Hello,

> I would like to ask you if someone can help with drivers for "new"
> SafeNet eToken (Aladdin) 5100 (Java Card).
> Based on this http://www.opensc-project.org/opensc/wiki/AladdinEtokenPro
> it seems to be evolution version of eToken PRO (Java), more info here:
> http://www.safenet-inc.com/Products/Data_Protection/two-factor-authentication/SafeNet_eToken_5100/

> ATR - 3b d5 18 00 81 31 fe 7d 80 73 c8 21 10 f4
> is wrongly identified as Bank of Lithuania Identification card, based
> on this: http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt

The ATR is also identified as a "Aladdin PRO/Java card
http://www.aladdin-rd.ru/catalog/etoken/java/"

See http://smartcard-atr.appspot.com/parse?ATR=3bd518008131fe7d8073c82110f4

> SafeNet buy/acquire Aladdin in 2009 so Aladdin product aren't
> distributed/supported anymore and only those are in stock :[

I can't help more.
Sorry.

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

Peter Bowen-5
In reply to this post by Martin Čmelík
On Mon, Sep 3, 2012 at 9:54 AM, Martin Čmelík <[hidden email]> wrote:
> I would like to ask you if someone can help with drivers for "new"
> SafeNet eToken (Aladdin) 5100 (Java Card).
> Based on this http://www.opensc-project.org/opensc/wiki/AladdinEtokenPro
> it seems to be evolution version of eToken PRO (Java), more info here:
> http://www.safenet-inc.com/Products/Data_Protection/two-factor-authentication/SafeNet_eToken_5100/
>
> Middle-ware communication works fine (pcscd -d -f -a) I'm also able to
> use SafeNet Authentication Client, but unable use pkcs11/15 tools at
> all.

I've got this same card and have no problems with the SafeNet eToken
PKCS#11 library with pkcs11-tool.  However the OpenSC PKCS#11 library
or PKCS#15 tools have issues.

I haven't found a way to use the 5100 with only open source software.

Thanks,
Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

Martin Čmelík
Hi Peter,

oh, really?
I was playing with that 5 hours. Seems that I maybe somehow ruined
official SafeNet libraries (but auth client works fine...).
One more note: I'm using it on Mac OS
Can you send me please your openssl and opensc settings? Something
like described here in "Testing with OpenSSL" -
http://www.opensc-project.org/opensc/wiki/QuickStart
I read everywhere that Java cards are unusable with OpenSC.
Did you initialize eToken with SafeNet Auth Client or pkcs15-init?

Thank you very much!


Martin Čmelík

2012/9/4 Peter Bowen <[hidden email]>:

> On Mon, Sep 3, 2012 at 9:54 AM, Martin Čmelík <[hidden email]> wrote:
>> I would like to ask you if someone can help with drivers for "new"
>> SafeNet eToken (Aladdin) 5100 (Java Card).
>> Based on this http://www.opensc-project.org/opensc/wiki/AladdinEtokenPro
>> it seems to be evolution version of eToken PRO (Java), more info here:
>> http://www.safenet-inc.com/Products/Data_Protection/two-factor-authentication/SafeNet_eToken_5100/
>>
>> Middle-ware communication works fine (pcscd -d -f -a) I'm also able to
>> use SafeNet Authentication Client, but unable use pkcs11/15 tools at
>> all.
>
> I've got this same card and have no problems with the SafeNet eToken
> PKCS#11 library with pkcs11-tool.  However the OpenSC PKCS#11 library
> or PKCS#15 tools have issues.
>
> I haven't found a way to use the 5100 with only open source software.
>
> Thanks,
> Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

Peter Bowen-5
I'm using it on Linux, but all I had to do was:

pkcs11-tool --module libeToken.so.8 -l -O

I don't know what the equivalent is on Mac OS X.

Thanks,
Peter

On Tue, Sep 4, 2012 at 5:19 AM, Martin Čmelík <[hidden email]> wrote:

> Hi Peter,
>
> oh, really?
> I was playing with that 5 hours. Seems that I maybe somehow ruined
> official SafeNet libraries (but auth client works fine...).
> One more note: I'm using it on Mac OS
> Can you send me please your openssl and opensc settings? Something
> like described here in "Testing with OpenSSL" -
> http://www.opensc-project.org/opensc/wiki/QuickStart
> I read everywhere that Java cards are unusable with OpenSC.
> Did you initialize eToken with SafeNet Auth Client or pkcs15-init?
>
> Thank you very much!
>
> —
> Martin Čmelík
>
> 2012/9/4 Peter Bowen <[hidden email]>:
>> On Mon, Sep 3, 2012 at 9:54 AM, Martin Čmelík <[hidden email]> wrote:
>>> I would like to ask you if someone can help with drivers for "new"
>>> SafeNet eToken (Aladdin) 5100 (Java Card).
>>> Based on this http://www.opensc-project.org/opensc/wiki/AladdinEtokenPro
>>> it seems to be evolution version of eToken PRO (Java), more info here:
>>> http://www.safenet-inc.com/Products/Data_Protection/two-factor-authentication/SafeNet_eToken_5100/
>>>
>>> Middle-ware communication works fine (pcscd -d -f -a) I'm also able to
>>> use SafeNet Authentication Client, but unable use pkcs11/15 tools at
>>> all.
>>
>> I've got this same card and have no problems with the SafeNet eToken
>> PKCS#11 library with pkcs11-tool.  However the OpenSC PKCS#11 library
>> or PKCS#15 tools have issues.
>>
>> I haven't found a way to use the 5100 with only open source software.
>>
>> Thanks,
>> Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

Martin Paljak-4
In reply to this post by Martin Čmelík
Hello

On Tue, Sep 4, 2012 at 3:19 PM, Martin Čmelík <[hidden email]> wrote:

> Hi Peter,
>
> oh, really?
> I was playing with that 5 hours. Seems that I maybe somehow ruined
> official SafeNet libraries (but auth client works fine...).
> One more note: I'm using it on Mac OS
> Can you send me please your openssl and opensc settings? Something
> like described here in "Testing with OpenSSL" -
> http://www.opensc-project.org/opensc/wiki/QuickStart
> I read everywhere that Java cards are unusable with OpenSC.
> Did you initialize eToken with SafeNet Auth Client or pkcs15-init?

OpenSC does NOT support the Aladdin PKI applet. What you *can* do is
sniff the APDU-s used with the Aladdin middleware with pcsc-spy for
example and reverse-engineer a driver. I'd *hope* it would be
something close to standards (whichever standards) thus you could
re-use existing code and existing documentation.

What are the chances of this being the case I don't have a clue. You
could as well as SafeNet for card reference manual...

Martin
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

fuzzyhypothesis
Hi,

I am willing to try and develop the driver for this card.  I am usually on the other end of opensc/pkcs11.  But I have need to use this card as well.  

From the looks of this post
http://ludovicrousseau.blogspot.com/2011/11/pcsc-api-spy-third-try.html

I just need to fake out the existing driver and it captures APDU commands...after that I am at a bit of a loss as to what to do next.  

From the looks of the libopensc source, I need to create a new card-*.c module and fill it in.  Any good examples to reference here?  Especially in relation to this card?

Robert
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

fuzzyhypothesis
All,

Gee you would think I was posting on the NetSNMP mailing list with all the responses.  

Anyways, I thought I would post up what most experts here already know, but might be of help to folks trying to build a driver for a card for the first time.

Oh and I have a question.

I found these nice pages on how to add in a new driver
https://www.opensc-project.org/opensc/wiki/DeveloperInformation/NewCardDriver
https://www.opensc-project.org/opensc/wiki/DeveloperInformation/NewCardDriver/EnterSafeExample

Which looks like you create a object for the new driver, and add in several key function definitions.  and put in the hooks in the appropriate headers (ctx.h for example).

My question is:
It doesn't look like there is any support for Java card applets in opensc.  Is this correct?

Robert
 
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

Andreas Schwier (ML)
Hi Robert,

we've recently added a driver for our SmartCard-HSM [1], which happens
to be a JavaCard applet.

The question is not so much about whether your card is a JavaCard or
not, but if your card/applet supports a PKCS#15 structure or requires an
emulation layer.

PKCS#15 is great on generic file system cards where you use a bunch of
files to describe what keys are located where, what they do and how they
can be used.

The emulation layer makes sense, if the token/card already has the keys
in place or implements basic management functions to enumerate files and
keys.

The questions is also if you want to provide read-only or read/write
support. For the former you need just the card-* and pkcs15-* module
like in libopensc, for the later you will also need to provide a
pkcs15-* module in pkcs15init.

Other than that: Just pick an existing driver that is close to your
model and start hacking.

Andreas

[2] https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM



Am 27.03.2013 13:27, schrieb fuzzyhypothesis:

> All,
>
> Gee you would think I was posting on the NetSNMP mailing list with all the
> responses.  
>
> Anyways, I thought I would post up what most experts here already know, but
> might be of help to folks trying to build a driver for a card for the first
> time.
>
> Oh and I have a question.
>
> I found these nice pages on how to add in a new driver
> https://www.opensc-project.org/opensc/wiki/DeveloperInformation/NewCardDriver
> https://www.opensc-project.org/opensc/wiki/DeveloperInformation/NewCardDriver/EnterSafeExample
>
> Which looks like you create a object for the new driver, and add in several
> key function definitions.  and put in the hooks in the appropriate headers
> (ctx.h for example).
>
> My question is:
> It doesn't look like there is any support for Java card applets in opensc.
> Is this correct?
>
> Robert
>  
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/SafeNet-Aladdin-new-eToken-PRO-Java-driver-tp8410p13797.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: SafeNet/Aladdin new eToken PRO (Java) - driver

fuzzyhypothesis
Andreas,

Thank you for the response.

It does support PKCS15 so I will have to remember to add that bit in too, thank you.  I only need to beable to read from the card, so I plan to ignore the write parts for now.

Hopefully I can turn this around and push it up to github in a month.

Robert