cryptomate64 support

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

cryptomate64 support

Pierre LADEN
hi list,

we re trying to get cryptomate64 tokens to work.
http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x072F0x90DB

Despite being in "should work" status, it does not work yet. We ve tested with both stock Ubuntu ccid driver and ACS driver from vendor.

The result of the "parse" command is exactly the same as it is in
http://pcsclite.alioth.debian.org/ccid/readers/ACS_CryptoMate64.txt

# pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L
Available slots:
Slot 0 (0xffffffffffffffff): Virtual hotplug slot
Slot 1 (0x1): (GetSlotInfo failed, CKR_GENERAL_ERROR)

# pkcs15-tool -Dv
Using reader with a card: ACS CryptoMate64 00 00
Connecting to card in reader ACS CryptoMate64 00 00...
Using card driver Default driver for unknown cards.
Trying to find a PKCS#15 compatible card...
PKCS#15 binding failed: Unsupported card

how can we get this to work ?

Pierre

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cryptomate64 support

Martin Paljak-4
You are mixing up "CCID supported reader/token list" and cards supported
by OpenSC.


The device is CCID and working properly *on the reader level*.

None of the ACS cards is working with OpenSC, last time I checked.

You need to write a driver if you want that.

Martin

On 15/04/15 15:51, Pierre LADEN wrote:

> hi list,
>
> we re trying to get cryptomate64 tokens to work.
> http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x072F0x90DB
>
> Despite being in "should work" status, it does not work yet. We ve tested
> with both stock Ubuntu ccid driver and ACS driver from vendor.
>
> The result of the "parse" command is exactly the same as it is in
> http://pcsclite.alioth.debian.org/ccid/readers/ACS_CryptoMate64.txt
>
> # pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L
> Available slots:
> Slot 0 (0xffffffffffffffff): Virtual hotplug slot
> Slot 1 (0x1): (GetSlotInfo failed, CKR_GENERAL_ERROR)
>
> # pkcs15-tool -Dv
> Using reader with a card: ACS CryptoMate64 00 00
> Connecting to card in reader ACS CryptoMate64 00 00...
> Using card driver Default driver for unknown cards.
> Trying to find a PKCS#15 compatible card...
> PKCS#15 binding failed: Unsupported card
>
> how can we get this to work ?
>
> Pierre
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cryptomate64 support

Pierre LADEN
ok my mistake.
i was thinking that opensc and pcscd softwares were "teamed" projets, with same maintainers
so i guess i will try with pcsclite-muscle mailing list

thanks for the quick advise !

2015-04-15 15:18 GMT+02:00 Martin Paljak <[hidden email]>:
You are mixing up "CCID supported reader/token list" and cards supported
by OpenSC.


The device is CCID and working properly *on the reader level*.

None of the ACS cards is working with OpenSC, last time I checked.

You need to write a driver if you want that.

Martin

On 15/04/15 15:51, Pierre LADEN wrote:
> hi list,
>
> we re trying to get cryptomate64 tokens to work.
> http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x072F0x90DB
>
> Despite being in "should work" status, it does not work yet. We ve tested
> with both stock Ubuntu ccid driver and ACS driver from vendor.
>
> The result of the "parse" command is exactly the same as it is in
> http://pcsclite.alioth.debian.org/ccid/readers/ACS_CryptoMate64.txt
>
> # pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L
> Available slots:
> Slot 0 (0xffffffffffffffff): Virtual hotplug slot
> Slot 1 (0x1): (GetSlotInfo failed, CKR_GENERAL_ERROR)
>
> # pkcs15-tool -Dv
> Using reader with a card: ACS CryptoMate64 00 00
> Connecting to card in reader ACS CryptoMate64 00 00...
> Using card driver Default driver for unknown cards.
> Trying to find a PKCS#15 compatible card...
> PKCS#15 binding failed: Unsupported card
>
> how can we get this to work ?
>
> Pierre
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cryptomate64 support

Martin Paljak-4
On 15/04/15 16:27, Pierre LADEN wrote:
> ok my mistake.
> i was thinking that opensc and pcscd softwares were "teamed" projets, with
> same maintainers
> so i guess i will try with pcsclite-muscle mailing list

You are at the right place (they are not projects about the same thing).

The answer is still thee same: OpenSC does not have a (usable) driver
for ACS smart cards. You need to build one. If you are after PKCS#11
only, you *might* fond something else from the internet.

Martin

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cryptomate64 support

Pierre LADEN
You are at the right place (they are not projects about the same thing).

The answer is still thee same: OpenSC does not have a (usable) driver
for ACS smart cards. You need to build one. If you are after PKCS#11
only, you *might* fond something else from the internet.

Martin


Thanks for clarifying that.

So i guess ccid driver DOES support cryptomate64. This is why pcscd is able to see it and recognise it.
But opensc does not have support (yet) for it.

However it seems like opensc have some support for "acos5 / ACS ACOS5 card", which is quite near the ACOS5-64 included in Cryptomate64 (64k instead of 32k).

What i can't understand is that vendor (ACS) seems to provide Linux support through CCID driver and CT API binary module.
But no opensc driver ... How can the CCID module help anybody without opensc support ?

Is it a trivial work to link opensc to the binary ACS module ?

Thanks
Pierre


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cryptomate64 support

Martin Paljak-4
On 15/04/15 17:54, Pierre LADEN wrote:
> However it seems like opensc have some support for "acos5 / ACS ACOS5
> card", which is quite near the ACOS5-64 included in Cryptomate64 (64k
> instead of 32k).

The driver is incomplete, it just displays some basic information.


> What i can't understand is that vendor (ACS) seems to provide Linux support
> through CCID driver and CT API binary module.
> But no opensc driver ... How can the CCID module help anybody without
> opensc support ?

CCID is a standard, almost all smart card readers or dongles these days
implement it. Conformance to CCID guarantees interoperability with host
computers (like pcsc-lite and libccid).

Smart card on the other hand are not standard, the ISO 7816 family is
more or less "choose some to be similiar in spirit" rather than
"conformance guarantees interoperability" and everything else is
vendor-specific (where the "vendor" could be another standards body, be
it NIST or some EU thing or some other national body or some company. )

> Is it a trivial work to link opensc to the binary ACS module ?

No idea.


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: cryptomate64 support

Pierre LADEN
2015-04-15 16:59 GMT+02:00 Martin Paljak <[hidden email]>:
On 15/04/15 17:54, Pierre LADEN wrote:
> However it seems like opensc have some support for "acos5 / ACS ACOS5
> card", which is quite near the ACOS5-64 included in Cryptomate64 (64k
> instead of 32k).

The driver is incomplete, it just displays some basic information.


While it is a bit old, the author is mainly asking for a code review.
Anyway i didnt manage to get it to work for now.

The ATR for ACOS5-64 (=cryptomate64) has been added recently
https://github.com/OpenSC/OpenSC/commit/548c2780d3faf9419c09aea5d5909b5d82685515

How can we help to go further with these tokens ?

2015-04-15 16:59 GMT+02:00 Martin Paljak <[hidden email]>:
On 15/04/15 17:54, Pierre LADEN wrote:
> However it seems like opensc have some support for "acos5 / ACS ACOS5
> card", which is quite near the ACOS5-64 included in Cryptomate64 (64k
> instead of 32k).

The driver is incomplete, it just displays some basic information.


> What i can't understand is that vendor (ACS) seems to provide Linux support
> through CCID driver and CT API binary module.
> But no opensc driver ... How can the CCID module help anybody without
> opensc support ?

CCID is a standard, almost all smart card readers or dongles these days
implement it. Conformance to CCID guarantees interoperability with host
computers (like pcsc-lite and libccid).

Smart card on the other hand are not standard, the ISO 7816 family is
more or less "choose some to be similiar in spirit" rather than
"conformance guarantees interoperability" and everything else is
vendor-specific (where the "vendor" could be another standards body, be
it NIST or some EU thing or some other national body or some company. )

> Is it a trivial work to link opensc to the binary ACS module ?

No idea.


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel