On Mon, 12 Jun 2006 22:37:05 +0200 Stef Hoeben <[EMAIL PROTECTED]> wrote:
> Hi, > > the MuscleCard applet seems to work nicely. > Here some additional questions: > > If you 'personalize' the applet with > 00A4040006A00000000101 > B02A000038084D7573636C6530300401083030303030303030083030303030303030 > 0502 08303030303030303008303030303030303000001770000201 > - then you have to start with > pkcs15-init -C -p pkcs15+onepin --pin 00000000 --puk 00000000 > (or is there another way?) > - should/can the SO PIN be used (it's not know at the pkcs15 level > when using the 'onepin' > profile option with pkcs15-init)? Right now using the SO PIN is not implemented because for our purposes, the one-pin methodology was doing what we wanted. However, it is set up so that the default profile for muscle-cards in pkcs15-init is the onepin... so -p pkcs15+onepin isn't necessary (although is does work). So.. in short: pkcs15-init -C -p pkcs15+onepin --pin 00000000 --puk 00000000 pkcs15-init -C --so-pin 00000000 --so-puk 00000000 Will essentially do the same thing... It won't actually use the administrator PIN... the SO PIN reference is set to 01, which is in fact the user's PIN reference. Also... at least for me... setting pin and puk via command line do not seem to work well for me. I was attempting it recently and using --so-pin and --so-puk would set the user PIN for that initialization step even though the PIN being set is not a 'SO' pin. It is probably a symptom of the one-pin method being forced upon the default so-pin/user-pin combination. > - there exist no PUKs for the SO en user PINs? PUK's do exist. I believe I had one used at one time or another... > A little remark: if you enter a wrong PIN, go get "Card command > failed" while it would be nicer to get back an > SC_ERROR_PIN_CODE_INCORRECT or SC_ERROR_AUTH_METHOD_BLOCKED. > Attached is a quick patch to fix those error messages. In the error checking I have it look at the return values... apparently there's unexpected values being returned... The patch just makes it so that any unexpected values mean that the pin failed. Also... as soon as I get a Wiki account on the OpenSC website, I'll start describing in more detail what is going on so that other developers can understand the quirks/limitations that exist (and may think of a way to fix them ;) ) Is there a specific person I should email about a wiki account?
Index: opensc-musclecard/src/libopensc/muscle.c =================================================================== --- opensc-musclecard/src/libopensc/muscle.c (revision 683) +++ opensc-musclecard/src/libopensc/muscle.c (working copy) @@ -315,7 +315,7 @@ SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_AUTH_METHOD_BLOCKED); } - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_PIN_CODE_INCORRECT); } /* USE ISO_VERIFY due to tries return */ @@ -353,7 +353,7 @@ SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_AUTH_METHOD_BLOCKED); } - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_PIN_CODE_INCORRECT); } void msc_unblock_pin_apdu(sc_card_t *card, sc_apdu_t *apdu, int pinNumber, const u8 *pukValue, int pukLength) @@ -386,7 +386,7 @@ SC_FUNC_RETURN(card->ctx, 0, SC_ERROR_AUTH_METHOD_BLOCKED); } - SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_CARD_CMD_FAILED); + SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_PIN_CODE_INCORRECT); } /* USE ISO_VERIFY due to tries return */
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
