about the oberthur 2.2 thread: new profile?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

about the oberthur 2.2 thread: new profile?

Andreas Hasenack
I have an Oberthur smart card with all these names printed on it:
- Card Systems
- AuthentIC Web Pack
- applet AuthentIC 2.2
- Carte CosmopolIC 64k v5.2

opensc detects it as oberthur, but it doesn't work very well.
$ opensc-tool -n
AuthentIC v5

ATR is 3B 7B 18 00 00 00 31 C0 64 77 E3 03 00 82 90 00

Clear operation:
$ pkcs15-init -E -T
Unspecified PIN [reference 2] required.
Please enter Unspecified PIN [reference 2]:

This is a misterious pin. No matter what I get, the result is always
the same (no error on screen).
I have then to use opensc-explorer to manually delete the remaining
files/directories.

Now it's clean:
$ opensc-explorer
OpenSC Explorer version 0.10.0
OpenSC [3F00]> ls
FileID  Type  Size
OpenSC [3F00]>

Let's create the pkcs structure:
$ pkcs15-init -C -T
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
iso7816.c:98:iso7816_check_sw: Authentication method blocked
sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
pkcs15-lib.c:2803:do_get_and_verify_secret: Failed to verify PIN
(ref=0x2)
Failed to create PKCS #15 meta structure: Authentication method blocked

I don't know what this error means exactly.

Someone gave me a new oberthur profile and with that new profile, the card
works (diff attached).

Could someone else more experienced with the profiles take a look and tell me
if it's the correct thing to do? Or perhaps it is just lowering the security
bar too much? Is there a better and Correct fix?


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

oberthur-profile.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: about the oberthur 2.2 thread: new profile?

Tarasov Viktor
Andreas Hasenack wrote:

>I have an Oberthur smart card with all these names printed on it:
>- Card Systems
>- AuthentIC Web Pack
>- applet AuthentIC 2.2
>- Carte CosmopolIC 64k v5.2
>
>opensc detects it as oberthur, but it doesn't work very well.
>$ opensc-tool -n
>AuthentIC v5
>
>ATR is 3B 7B 18 00 00 00 31 C0 64 77 E3 03 00 82 90 00
>
>Clear operation:
>$ pkcs15-init -E -T
>Unspecified PIN [reference 2] required.
>Please enter Unspecified PIN [reference 2]:
>
>This is a misterious pin. No matter what I get, the result is always
>the same (no error on screen).
>I have then to use opensc-explorer to manually delete the remaining
>files/directories.
>
>Now it's clean:
>$ opensc-explorer
>OpenSC Explorer version 0.10.0
>OpenSC [3F00]> ls
>FileID  Type  Size
>OpenSC [3F00]>
>
>Let's create the pkcs structure:
>$ pkcs15-init -C -T
>New Security Officer PIN (Optional - press return for no PIN).
>Please enter Security Officer PIN:
>Please type again to verify:
>Unblock Code for New User PIN (Optional - press return for no PIN).
>Please enter User unblocking PIN (PUK):
>iso7816.c:98:iso7816_check_sw: Authentication method blocked
>sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
>pkcs15-lib.c:2803:do_get_and_verify_secret: Failed to verify PIN
>(ref=0x2)
>Failed to create PKCS #15 meta structure: Authentication method blocked
>
>I don't know what this error means exactly.
>
>Someone gave me a new oberthur profile and with that new profile, the card
>works (diff attached).
>
>Could someone else more experienced with the profiles take a look and tell me
>if it's the correct thing to do? Or perhaps it is just lowering the security
>bar too much? Is there a better and Correct fix?
>  
>
PIN reference 2 (CHV2) is SOPIN (default value '12345678').

AFAIS, probably, your card is blocked on SOPIN,
so, to use this card,
try to change acls SOPIN to acls NONE in pkcs15.profile also.

Kind wishes,
Viktor.


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel