--On Saturday, April 15, 2006 01:10:45 AM -0800 Justin Karneges <[EMAIL PROTECTED]> wrote:
ITSEC-P and FIPS use the same card operating system (STARCOS). They're not identical though. The ITSEC-P is STARCOS SPK 2.3, and FIPS is 2.4. The other models do not use STARCOS (ITSEC-I is cardOS and 5 & 2048 are based on ARX PrivateCard)Interestingly, both ITSEC-P and FIPS use the same software driver (is this also true for the other models?).
The ATRs bear this out. (if you haven't yet, you should look at the ATR_analysis tool in the pcsc-tools package)They also told me that ITSEC-P only supports T=1, while FIPS supports both T=0 and T=1.
None of the 4 devices I have gave me the extra 0, and none of them reacted poorly to the PTS or baud rate change. I have used the iTSEC-P with both UHCI and OHCI-style usb controllers (since I was hoping the EOVERFLOW problem could be fixed that way), and there was no noticeable change in behavior.Do your cards give you the extra zero byte upon insert? I'm pretty certain ITSEC-P doesn't do this, otherwise it would surely break Eutron's Linux driver (the extra zero from the FIPS causes the driver to immediately throw an error and give up).
When I get the FIPS device, I am going to look into when the 0 shows up in the usb stream, and probably add ATR synchronization (I have encountered the situation where leftover data from a previous command that was handled incorrectly ended up being read as part of the ATR)
Are they initialized yet? I was unable to properly initialize my ITSEC-P, and if the card has no PKCS15 structure, the pkcs11 module will reject it.I tried running: pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so --show-info But this fails for both of my cards, so it seems nothing works yet (not that you intended for anything to work yet, but I wasn't sure).
I should caution you about mixing safesign and opensc. The safesign license has some (absurd sounding, but who knows what courts will hold up) language which explicitly states that you are not allowed to use 3rd party code to read their PKCS15 structure (http://www.contrib.andrew.cmu.edu/~cg2v/unreleased/safesign-evil.txt)
The ITSEC-I model works fine. pkcs15-init -C, pkcs11-tool -t, and random tests with pkcs15-crypt are all successful.I wonder, does the ITSEC-I model work for you? Eutron's web page claims that OpenSC supports this model, which I would hope means more than just fetching the ATR and serial number. :)
p7sllS3XTbmvm.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
