Nils,
The svn 2846 code looks good. I have built and done some testing,
and the diffs look fine to me.
I have a compile error in reader-pcsc.c with the pin-pad, so
I have been commenting out the #define PINPAD_ENABLED. This is
most likely my problem, as I may be running an older version of
pcscd. But then again one may want to use a vendor's version of
PCSC like on a Mac OS X, and OpenSC should be able to handle this.
Garick,
I would be interested in what PIV card you have, and if it has
a PIV Authentication Certificate and key already on the card.
If it does not, then hopfully the vendor gave you enough information
as to how to initialize the card. The piv-tool has a number of options
to help do that.
So please drop me a note if you have any problems.
The pkcs11-tool comand to read the certificate should look like:
pkcs11-tool -l -r -y cert -d 1
I have not tried the checked in code yet, but you will need something
like this in the opensc.conf to get it to look for the PIV applet.
Replace the ATR with your card's atr:
card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
name = "PIV-II";
driver = "piv";
pkcs15emu = "PIV-II";
}
If the card has a certificate, key and pin,
you could see what objects are on the card:
pkcs11-tool -l -O
or read the certificate with:
pkcs15-tool --pin xxxxxxxx -r 1
Note: NIST is about to relax the restriction on having to use
the pin to read the cewrtificate. The current code assumes you
have to enter the pin. pkcs11-tool assumes you don't need to do this.
so it has trouble reading the certificate if the card is enforcing the
restriction.
Anyway
Here's what I see captured by pcscd.
APDU: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
SW: 61 0F
APDU: 00 C0 00 00 0F
SW: 61 0D 4F 0B A0 00 00 03 08 00 00 10 00 01 00 90 00
thats it ... (captured via: $ pcscd -a -d stdout > /tmp/foo )
Does this not work to capture data??
[EMAIL PROTECTED] bin]# ./opensc-tool -f
card-piv.c:1228:piv_find_obj_by_containerid: returning with: Unknown
error
card-piv.c:1266:piv_select_file: returning with: File not found
card.c:531:sc_select_file: returning with: File not found
SELECT FILE failed: File not found
** or more verbosely **
errors surrounded with '#'
[EMAIL PROTECTED] bin]# ./opensc-tool -f -v -v -v
sc.c:168:sc_detect_card_presence: called
sc.c:173:sc_detect_card_presence: returning with: 1
Connecting to card in reader OMNIKEY CardMan 4000 Socket 0 0 0...
card.c:110:sc_connect_card: called
card-piv.c:1309:piv_match_card: called
card-piv.c:1321:piv_init: called
card-piv.c:1335:piv_init: Max send = 65535 recv = 65535
card-piv.c:425:piv_find_aid: called
card.c:295:sc_unlock: Calling card logout function
card-piv.c:175:piv_logout: called
card-piv.c:451:piv_find_aid: found PIX
card-piv.c:462:piv_find_aid: returning with: 0
card-piv.c:1357:piv_init: returning with: 0
card.c:219:sc_connect_card: card info: PIV-II card, 14001, 0x0
card.c:220:sc_connect_card: returning with: 0
Using card driver PIV-II for multiple cards.
card.c:509:sc_select_file: called; type=2, path=3f00
card-piv.c:1249:piv_select_file: called
card-piv.c:1221:piv_find_obj_by_containerid: str=0x3F00
#card-piv.c:1228:piv_find_obj_by_containerid: returning with: Unknown
error#
#card-piv.c:1266:piv_select_file: returning with: File not found#
#card.c:531:sc_select_file: returning with: File not found#
SELECT FILE failed: File not found
card.c:295:sc_unlock: Calling card logout function
card-piv.c:175:piv_logout: called
card.c:234:sc_disconnect_card: called
card-piv.c:1297:piv_finish: called
card.c:249:sc_disconnect_card: returning with: 0
ctx.c:728:sc_release_context: called
Ok ... this is more helpful, but I still can't see the APDUs?
increase the debug level in opensc.cnf
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
