help needed with etoken

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

help needed with etoken

Mag-2
Hi!

I have obtained an Aladdin eToken. Tried to reinitialize it with
pkcs15-init, but it does not seem to work.
I am positive that I know the CHV1 password, it did work with
the token once...
I do not know a PUK code for the token, is there a factory setting?
How could I reset the token to a known state?
Is it normal that verify and unblock works differently in
different directories? Are the PINs local to a directory?

You can find information below which might or might not be relevant.

Thank you for any help.

kusturica:~# openct-tool list
  0 Aladdin eToken PRO
kusturica:~# opensc-tool -n
CardOS M4
kusturica:~# opensc-tool -a
3B E2 00 FF C1 10 31 FE 55 C8 02 9C ;.....1.U...
kusturica:~# cardos-info
Info : CardOS/M4.0 (C) Siemens AG 1994-1999 (Feb 15 2000)
Chip type: 20
Serial number: 10 ac e7 1f 1b 07
Full prom dump:
33 FF EB 31 FF FF FF FF 14 65 10 AC E7 1F 1B 07 3..1.....e......
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
OS Version: 200.2 (that's CardOS M4.0)
Current life cycle: 32 (administration)
Security Status of current DF:
Free memory : 1024
ATR Status: 0x0 ROM-ATR
Packages installed:
01 04 01 01 C8 02 01 04 08 01 C8 02 01 04 03 01 ................
C8 02 01 04 0B 01 C8 02 01 04 07 03 C8 02       ..............
Ram size: 1024, Eeprom size: 16384, cpu type: 66, chip config: 61
Free eeprom memory: 1290
System keys: PackageLoadKey (version 1, retries 10)
System keys: StartKey (version 1, retries 10)
Path to current DF:
kusturica:~# pkcs15-init -C
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
card-etoken.c:180:etoken_check_sw: invalid parameters in data field
card-etoken.c:518:etoken_create_file: returning with: Incorrect parameters
in APDU
card.c:536:sc_create_file: returning with: Incorrect parameters in APDU
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU
kusturica:~# pkcs15-init -E
Unspecified PIN [reference 1] required.
Please enter Unspecified PIN [reference 1]:
card-etoken.c:180:etoken_check_sw: bs object blocked
sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
pkcs15-lib.c:2502:do_get_and_verify_secret: Failed to verify PIN (ref=0x1)
Failed to erase card: Authentication method blocked
kusturica:~# opensc-explorer
OpenSC Explorer version 0.9.6
OpenSC [3F00]> verify CHV1 66:66:66:66:66:66
card-etoken.c:180:etoken_check_sw: object not found
sec.c:204:sc_pin_cmd: returning with: Card command failed
Unable to verify PIN code: Card command failed
OpenSC [3F00]> ls
FileID  Type  Size
[6666]    DF  1290      Name: AKS
[5015]    DF  1290
OpenSC [3F00/5015]> verify CHV1 66:66:66:66:66:66
card-etoken.c:180:etoken_check_sw: bs object blocked
sec.c:204:sc_pin_cmd: returning with: Authentication method blocked
Unable to verify PIN code: Authentication method blocked
OpenSC [3F00/5015]> ls
FileID  Type  Size
 4401    wEF   256
 4946    wEF   128
OpenSC [3F00]> unblock CHV1 66:66:66:66:66:66
card-etoken.c:180:etoken_check_sw: object not found
sec.c:204:sc_pin_cmd: returning with: Card command failed
Unable to unblock PIN code: Card command failed
OpenSC [3F00]> ls
FileID  Type  Size
[6666]    DF  1290      Name: AKS
[5015]    DF  1290
OpenSC [3F00]> cd 5015
OpenSC [3F00/5015]> unblock CHV1 66:66:66:66:66:66
card-etoken.c:180:etoken_check_sw: p1/p2 invalid
sec.c:204:sc_pin_cmd: returning with: Incorrect parameters in APDU
Unable to unblock PIN code: Incorrect parameters in APDU
OpenSC [3F00/5015]> unblock CHV1 66:66:66:66:66:66 66:66:66:66:66:66
card-etoken.c:180:etoken_check_sw: object not found
sec.c:204:sc_pin_cmd: returning with: Card command failed
Unable to unblock PIN code: Card command failed
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: help needed with etoken

Andreas Jellinghaus-2
On Wednesday 28 September 2005 10:58, Mag wrote:
> How could I reset the token to a known state?

only with aladdins windows tool.

> kusturica:~# cardos-info
> Info : CardOS/M4.0 (C) Siemens AG 1994-1999 (Feb 15 2000)
> Chip type: 20
> Serial number: 10 ac e7 1f 1b 07
> Full prom dump:
> 33 FF EB 31 FF FF FF FF 14 65 10 AC E7 1F 1B 07 3..1.....e......
> 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
> OS Version: 200.2 (that's CardOS M4.0)
> Current life cycle: 32 (administration)
> Security Status of current DF:
> Free memory : 1024
> ATR Status: 0x0 ROM-ATR
> Packages installed:
> 01 04 01 01 C8 02 01 04 08 01 C8 02 01 04 03 01 ................
> C8 02 01 04 0B 01 C8 02 01 04 07 03 C8 02       ..............
> Ram size: 1024, Eeprom size: 16384, cpu type: 66, chip config: 61
> Free eeprom memory: 1290
> System keys: PackageLoadKey (version 1, retries 10)
> System keys: StartKey (version 1, retries 10)
> Path to current DF:

there is a format command, but it would completely delete
the token, and thus the functionality in the packages listed above
would be lost, too. you need the packages, without them the token
lacks essential commands. so your only way is the windows tool.

last time I tried (years ago) it had an option to not create
the aladdin structure (6666/).

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: help needed with etoken

Cornelius Kölbel
In reply to this post by Mag-2

You could go to
http://www.aladdin.com/support/default.asp?selectproduct=et
and download the "pki client (RTE)" as evaluation.
This is, what you need.

Regards
Cornelius

Andreas Jellinghaus writes:

>On Wednesday 28 September 2005 10:58, Mag wrote:
>> How could I reset the token to a known state?
>
>only with aladdins windows tool.
>
>> kusturica:~# cardos-info
>> Info : CardOS/M4.0 (C) Siemens AG 1994-1999 (Feb 15 2000)
>> Chip type: 20
>> Serial number: 10 ac e7 1f 1b 07
>> Full prom dump:
>> 33 FF EB 31 FF FF FF FF 14 65 10 AC E7 1F 1B 07 3..1.....e......
>> 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
>> OS Version: 200.2 (that's CardOS M4.0)
>> Current life cycle: 32 (administration)
>> Security Status of current DF:
>> Free memory : 1024
>> ATR Status: 0x0 ROM-ATR
>> Packages installed:
>> 01 04 01 01 C8 02 01 04 08 01 C8 02 01 04 03 01 ................
>> C8 02 01 04 0B 01 C8 02 01 04 07 03 C8 02       ..............
>> Ram size: 1024, Eeprom size: 16384, cpu type: 66, chip config: 61
>> Free eeprom memory: 1290
>> System keys: PackageLoadKey (version 1, retries 10)
>> System keys: StartKey (version 1, retries 10)
>> Path to current DF:
>
>there is a format command, but it would completely delete
>the token, and thus the functionality in the packages listed above
>would be lost, too. you need the packages, without them the token
>lacks essential commands. so your only way is the windows tool.
>
>last time I tried (years ago) it had an option to not create
>the aladdin structure (6666/).
>
>Regards, Andreas
>_______________________________________________
>opensc-user mailing list
>[hidden email]
>http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user