Hi Dmitry,
> I try to provide user logon on eToken AKS application.
> Token based on Cardos V4.2B.
What kind of logon do you mean (ie. Windows-logon,
SSH-logon, ...)
> Aladdin's utility eToken Property use
EXTERNAL_AUTHENTICATE for this.
> Utility send adpu GET_CHALLENGE "00 84 00 00
08" and
> EXTERNAL_AUTHENTICATE "00 82 00 81 08 2D 42 BC F8
C1 65 A3 D5"
>
> But I don't know how built EXTERNAL_AUTHENTICATE data.
> It's look like hashed pin + challenge response.
> But how correctly combine pin and challenge response,
and which hash alg is
> using?
>
> If I try simple ASCII VERIFY:
> 00 20 00 81 A0 30 31 32 33 34 35 36 37 38 39
> get error 0x6984 (BS Object has invalid format).
Have a look at the following thread on the OpenSC devel
mailing list (from december 2006):
http://www.opensc-project.org/pipe
rmail/opensc-devel/2006-December/009396.html
Same problem ??
Aladdin does not protecet their private keys by a PIN
but uses a symmetric key instead. Therefore you must
use a GET_CHALLENGE/EXTERNAL_AUTHENTICATION-APDU instead of
a VERIFY-APDU.
This only happens if you are using an Aladdin eToken that
was formatted by the Aladdin-tools. If you format your
eToken with OpenSC your keys will be protected the
"normal" way.
Peter
_______________________________________________
opensc-user mailing list
opensc-user lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|