|
List Info
Thread: Linux + opensc-pkcs11.so + Firefox
|
|
| Linux + opensc-pkcs11.so + Firefox |
|
2006-09-11 14:20:59 |
Hi all,
I have a problem that is quite the same as Christian
Bongiorno. I'm
trying to use opensc-pkcs11 under Linux to load a
certificate from a
smart card in to a web browser (and do SSL client
authentication) but
with no luck.
Here is my test bed.
Linux version:
--------------
Fedora Core 2 using last version of OpenSC compiled from
opensc project
source
Fedora Core 5 using prebuild OpenSC packages from Fedora
repos
Smart Card reader:
------------------
ACR38U: using 100706_P Linux driver, built from source
Browser tested:
--------------
Mozilla Fiefox 1.5.XX
Mozilla SeaMonkey 1.0.X
Result:
-------
I was able to load the opensc-pkcs11.so module but for all
the reader
listed in the browser i got the "Status: not
present" message
Card details:
-------------
I'm using the italian CRS-SISS card (is the digital version
of the
health insurance card currently aviable in the Lombardia
region). There
are two kind of this card, and i was able to test both. One
is from
Siemens and the second one is manufactered by Incard.
Siemens card:
Card OS: Siemens CardOS v4.2
Chip: Infineon SLE 66 CX 322P
Incard card:
Card OS: Incard Incrypto 34 v2.00
Chip: STM ST 19xL34P
OpenSC out from command line:
-----------------------------
Here you can find the (i hope useful) output (using the
Siemens card) of
some command line test:
[alfionet atm036 engine_pkcs11-0.1.3]$ openct-tool list
0 PertoSmart EMV (AC1038, USB)
[alfionetatm036 engine_pkcs11-0.1.3]$ opensc-tool --reader 0
--atr
3b:ff:18:00:ff:c1:0a:31:fe:55:00:6b:05:08:c8:05:01:01:01:43
:4e:53:10:31:80:1c
[alfionetatm036 engine_pkcs11-0.1.3]$ opensc-tool --reader 0
--name
Unidentified card
Every suggestions will be very appreciated.
Ciao!!
Matteo
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Linux + opensc-pkcs11.so + Firefox |
|
2006-09-11 15:02:07 |
On 11.09.2006, at 17:20, Matteo Leccardi wrote:
> Unidentified card
This means your card is not supported by OpenSC.
m.
--
Martin Paljak / martinpaljak.pri.ee
martin.paljak.pri.ee / ideelabor.ee
+372 515 64 95
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Linux + opensc-pkcs11.so + Firefox |
|
2006-09-11 16:24:07 |
Hi,
On Mon, Sep 11 at 04:20, Matteo Leccardi wrote:
> Here you can find the (i hope useful) output (using the
Siemens card) of
> some command line test:
>
> [alfionetatm036 engine_pkcs11-0.1.3]$ openct-tool
list
> 0 PertoSmart EMV (AC1038, USB)
>
> [alfionetatm036 engine_pkcs11-0.1.3]$ opensc-tool
--reader 0 --atr
>
>
3b:ff:18:00:ff:c1:0a:31:fe:55:00:6b:05:08:c8:05:01:01:01:43:
4e:53:10:31:80:1c
>
> [alfionetatm036 engine_pkcs11-0.1.3]$ opensc-tool
--reader 0 --name
> Unidentified card
As someone has already said this generally means that the
card is not
supported. However in this case all is probably not lost.
There is support for Siemens CardOS cards in OpenSC it is
just that your
card has not been recognised from it's ATR. Try adding the
following
entry to your /etc/opensc.conf to map your ATR to the
existing Siemens
driver.
card_atr
3b:ff:18:00:ff:c1:0a:31:fe:55:00:6b:05:08:c8:05:01:01:01:43:
4e:53:10:31:80:1c {
driver = "cardos";
type = 1003;
}
If that doesn't work try type = 1001; which is the
generic cardos entry.
Good luck.
--
Bob Dunlop
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Linux + opensc-pkcs11.so + Firefox |
|
2006-09-12 15:14:48 |
Bob Dunlop wrote:
>
> entry to your /etc/opensc.conf to map your ATR to the
existing Siemens
> driver.
>
> card_atr
3b:ff:18:00:ff:c1:0a:31:fe:55:00:6b:05:08:c8:05:01:01:01:43:
4e:53:10:31:80:1c {
> driver = "cardos";
> type = 1003;
> }
>
> If that doesn't work try type = 1001; which is the
generic cardos entry.
>
> Good luck.
>
Hi Bob,
thank you very much for you hint. With the modified
opensc.conf now i
was able to get the card's OS from command line.
[alfionetatm036 ~]$ opensc-tool --reader 0 --name
CardOS M4
Still, i'm not able to load the cartificate into Firefox
(or SeaMonkey).
Any ideas? Is there a log file where the pkcs#11 log?
As suggested in another email - thanks Witvliet!! ;) - this
is the
output of cardos-info
[alfionetatm036 ~]$ cardos-info
Info : CardOS V4.2 (C) Siemens AG 1994-2003
Chip type: 123
Serial number: 55 36 f9 14 15 2f
Full prom dump:
33 66 00 1F E3 E3 E3 E3 7B FF 55 36 F9 14 15 2F
3f......{.U6.../
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
................
OS Version: 200.6 (that's CardOS M4.2)
Current life cycle: 32 (administration)
Security Status of current DF:
Free memory : 227
ATR Status: 0x128 unknown
Packages installed:
E1 09 10 04 02 01 C8 06 8F 01 01 E1 09 10 04 01
................
02 C8 06 8F 01 01 E1 09 01 04 13 02 C8 06 8F 01
................
01 .
Ram size: 4, Eeprom size: 32, cpu type: 66, chip config: 63
Free eeprom memory: 20116
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:
Last but not least:
As poitend out in this thread
http://www.opensc-project.org/pipe
rmail/opensc-user/2006-September/001192.html
there are good chances the italian CNS is not fully pkcs#15.
Is there a
way to determine if the card is 100% pkcs#15 complaint or
not?
Ciao!!
Matteo
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Linux + opensc-pkcs11.so + Firefox |
|
2006-09-12 15:14:48 |
Bob Dunlop wrote:
>
> entry to your /etc/opensc.conf to map your ATR to the
existing Siemens
> driver.
>
> card_atr
3b:ff:18:00:ff:c1:0a:31:fe:55:00:6b:05:08:c8:05:01:01:01:43:
4e:53:10:31:80:1c {
> driver = "cardos";
> type = 1003;
> }
>
> If that doesn't work try type = 1001; which is the
generic cardos entry.
>
> Good luck.
>
Hi Bob,
thank you very much for you hint. With the modified
opensc.conf now i
was able to get the card's OS from command line.
[alfionetatm036 ~]$ opensc-tool --reader 0 --name
CardOS M4
Still, i'm not able to load the cartificate into Firefox
(or SeaMonkey).
Any ideas? Is there a log file where the pkcs#11 log?
As suggested in another email - thanks Witvliet!! ;) - this
is the
output of cardos-info
[alfionetatm036 ~]$ cardos-info
Info : CardOS V4.2 (C) Siemens AG 1994-2003
Chip type: 123
Serial number: 55 36 f9 14 15 2f
Full prom dump:
33 66 00 1F E3 E3 E3 E3 7B FF 55 36 F9 14 15 2F
3f......{.U6.../
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
................
OS Version: 200.6 (that's CardOS M4.2)
Current life cycle: 32 (administration)
Security Status of current DF:
Free memory : 227
ATR Status: 0x128 unknown
Packages installed:
E1 09 10 04 02 01 C8 06 8F 01 01 E1 09 10 04 01
................
02 C8 06 8F 01 01 E1 09 01 04 13 02 C8 06 8F 01
................
01 .
Ram size: 4, Eeprom size: 32, cpu type: 66, chip config: 63
Free eeprom memory: 20116
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:
Last but not least:
As poitend out in this thread
http://www.opensc-project.org/pipe
rmail/opensc-user/2006-September/001192.html
there are good chances the italian CNS is not fully pkcs#15.
Is there a
way to determine if the card is 100% pkcs#15 complaint or
not?
Ciao!!
Matteo
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
[1-5]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|