about How to initialize Cryptoflex 32k e-gate IC-card

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

about How to initialize Cryptoflex 32k e-gate IC-card

Chezare
Hi,

I have a Cryptoflex 32k e-gate and
compiled and instaled the following packages:

pcsc-lite-1.1.1.tar.gz
opensc-0.9.6.tar.gz

Executing some OpenSC commands, the smart card and the card reader are
recognized:

host> opensc-tool --name -v
Connecting to card in reader AseIIIeUSB 0 0...
Using card driver Schlumberger Multiflex/Cryptoflex.
Card name: Cryptoflex 32K e-gate

host> opensc-tool --atr
3B 95 18 40 FF 62 01 02 01 04 ;..@.b....

To initialize this card, I try to do the following, but fail.
I don't know why the verification fail and what key I should input.
Please give me an advice.

---
host> pkcs15-init -CE -T

iso7816.c:98:iso7816_check_sw: Authentication method blocked
sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication key (ref=0x1)
Failed to erase card: Authentication method blocked

host> pkcs15-init -CE

Transport key (External authentication key #1) required.
Please enter key in hexadecimal notation (e.g. 00:11:22:aa:bb:cc),
or press return to accept default.

To use the default transport keys without being prompted,
specify the --use-default-transport-keys option on the
command line (or -T for short), or press Ctrl-C to abort.
Please enter key [2c:15:e5:26:e9:3e:8a:19]:
iso7816.c:98:iso7816_check_sw: Authentication method blocked
sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication key (ref=0x1)
Failed to erase card: Authentication method blocked


-- chezare

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: about How to initialize Cryptoflex 32k e-gate IC-card [u]

Andreas Jellinghaus-2
sorry, but your card is dead.

the transport key seems to be blocked, and there is nothing you
can do with such a card anymore (well, except using it as doorstopper
or demonstration object of a dead card).

buy a new one and be more careful with the transport key.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: about How to initialize Cryptoflex 32k e-gateIC-card [u]

Chezare
Andreas-san,

Thank you for your help.

I have one more IC card. But, I can't initialize it for PIN.
Where can I make sure the IC card PIN, or
How can I initialize PIN code?

---
[root@lx492935 bin]# opensc-tool -a
3B 85 40 20 68 01 01 0C 02 ;.@ h....

[root@lx492935 bin]# pkcs15-init -CE -T
sec.c:204:sc_pin_cmd: returning with: PIN code or key incorrect
pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication key (ref=0x1)
Failed to erase card: PIN code or key incorrect

[root@lx492935 bin]# pkcs15-init -E -T
sec.c:204:sc_pin_cmd: returning with: PIN code or key incorrect
pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication key (ref=0x1)
Failed to erase card: PIN code or key incorrect

[root@lx492935 bin]# pkcs15-init -C -T
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
sec.c:204:sc_pin_cmd: returning with: PIN code or key incorrect
pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication key (ref=0x1)
Failed to create PKCS #15 meta structure: PIN code or key incorrect


> sorry, but your card is dead.
>
> the transport key seems to be blocked, and there is nothing you
> can do with such a card anymore (well, except using it as doorstopper
> or demonstration object of a dead card).
>
> buy a new one and be more careful with the transport key.
>
> Regards, Andreas
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: about How to initialize Cryptoflex 32k e-gateIC-card [u]

Andreas Jellinghaus-2
Konbanwa,

are you sure your cards are not already initialized
with something?

> [root@lx492935 bin]# pkcs15-init -E -T
> sec.c:204:sc_pin_cmd: returning with: PIN code or key incorrect
> pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication
> key (ref=0x1) Failed to erase card: PIN code or key incorrect

Nils, any idea why the card is asking for some other pin?
With all cryptoflex cards I have the transportpin is good enough
for a erase.

I guess the card is already initialized in a strange way. Any idea?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: about How to initialize Cryptoflex 32k e-gateIC-card [u]

Nils Larsch
Andreas Jellinghaus [c] wrote:

> Konbanwa,
>
> are you sure your cards are not already initialized
> with something?
>
>
>>[root@lx492935 bin]# pkcs15-init -E -T
>>sec.c:204:sc_pin_cmd: returning with: PIN code or key incorrect
>>pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication
>>key (ref=0x1) Failed to erase card: PIN code or key incorrect
>
>
> Nils, any idea why the card is asking for some other pin?

a debug log would be nice to see what's going on (but on the other hand
I do not really want to encourage a user to repeat something what might
block the pin/card (if we can't unblock it)).

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: about How to initialize Cryptoflex 32k e-gateIC-card [u]

Stef Hoeben
Nils Larsch wrote:

>Andreas Jellinghaus [c] wrote:
>  
>
>>Konbanwa,
>>
>>are you sure your cards are not already initialized
>>with something?
>>
>>
>>    
>>
>>>[root@lx492935 bin]# pkcs15-init -E -T
>>>sec.c:204:sc_pin_cmd: returning with: PIN code or key incorrect
>>>pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify authentication
>>>key (ref=0x1) Failed to erase card: PIN code or key incorrect
>>>      
>>>
>>Nils, any idea why the card is asking for some other pin?
>>    
>>
>
>a debug log would be nice to see what's going on (but on the other hand
>I do not really want to encourage a user to repeat something what might
>block the pin/card (if we can't unblock it)).
>  
>
Maybe the card is not asking for another key/pin, but it's just that the
transport key is not the default one?

Or that the key file (0011) is deleted -- your can try with
opensc-explorer: "info 0011"

Stef

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel