unknown TCOS3.0 card

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

unknown TCOS3.0 card

Christian Horn-2
Hi all,

there is a NetKey TCOS3.0 card to be used in the company i
work for.  Marketing-name is MyCard.
2048bit rsa keys are used here, the old card used 1024bit.

Some command outputs:

# opensc-tool -a
3b:bf:b6:00:81:31:fe:5d:00:64:04:28:03:02:31:c0:73:f7:01:d0:00:90:00:67
# opensc-tool --serial
Using reader with a card: O2 Micro Oz776 00 00
sc_card_ctl(*, SC_CARDCTL_GET_SERIALNR, *) failed
# opensc-tool --serial -c tcos
Using reader with a card: O2 Micro Oz776 00 00
89 49 01 73 60 00 01 57 09 80 .I.s`..W..

As of now the card is not usable with the pkcs15-tool:
# pkcs15-tool -c
Using reader with a card: O2 Micro Oz776 00 00
PKCS#15 initialization failed: Unsupported card

The outputs of
# opensc-tool -f -c tcos
are here:
http://fluxcoil.net/files/tmp/opensc_tool_f_tcos.txt

The opensc-pkcs11.so can also not access the card, yet i got
a library that can for the card.  Still verifying if i am
allowed to hand it out.
I can use that library together with StrongSwan to authenti-
cate at ipsec-tunnelentpoints.

I would like to see some more tools working for debugging,
maybe opensc-pkcs11.so directly support the card.
Any ideas how to go further from here?


Christian
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: unknown TCOS3.0 card

Andreas Jellinghaus-2
Am Dienstag 20 Juli 2010, um 15:48:36 schrieb Christian Horn:
> I would like to see some more tools working for debugging,
> maybe opensc-pkcs11.so directly support the card.
> Any ideas how to go further from here?

try to get the tcos 3.0 manual. wikipedia has a link from
tcos to their home page, maybe they will give you a copy
if you ask.

tcos3 support is implemented in general, but the format
of your card is unknown. you could try to log all APDU commands
(not sure if pcscd can do that for you), and thus find out what
files / keys / ... are implemented, and then write a new
emulation layer for the format of your card. see the
current emulation for details.

or maybe "pkcs11-tool" with that vendor library will show
already a lot of details (e.g. list of certificates, keys,
flags etc.), and thus provide you with some information.

maybe a LD_PRELOAD library could overwrite the PC/SC
functions, and thus log all functions going forward
and back, similar to what pkcs11-spy does? then you
could combine the pkcs11-spy and that ld-preload
to see high level pkcs#11 api calls and what low level
pcsc-calls are the result of that?

for opensc code:
see pkcs15-tcos.c, it is pretty straight forward:
detect the format, and add all objects so opensc
knows what is there and the parameters. opensc can
then use the generic code to access those files in
detail.

Good luck!

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user