Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390
On 09/18/2008 09:10 PM, Andreas Jellinghaus:
Hi everyone,
I sat down and implemented cardos-tool with "--info"
replacing the old "cardos-info" tool (no changes here),
but with also "--format" which first deletes everything,
and then creates a new main folder.
this implementation includes secure messaging for cardos,
but only for those two APDU commands. implemented using
openssl. that way we only use published information,
and no encrypted APDU commands, so this should be legal.
so far it works only for "4.2C" cards. I have aladdin
etokens here with cardos: 4.0, 4.01, 4.2, 4.2C
maybe you want to help?
* gcc throws some warnings, didn't have a look so far
* not sure it still compiles / cross-compiles well
* if you have some cards you no longer need, and want
to test: edit cardos-tool.c and change the check for
version 4.2C to the version of your card. I guess it
will work for 4.2B and 4.3B and later as well, but
I can't verify.
WARNING: if it doesn't work, this could kill
your card/token, so please only try if you
have a card/token to spare.
NO WARRANTY OF ANY KIND!
* donations for cards or tokens with other versions are
also very welcome.
* maybe we should implement handling MANUFACTURING and
ERASING FILE states as well properly.
* maybe we should allow people to enter the startkey?
(there is an option, but so far it does nothing)
* if ERASE on the MF is PIN protected, we fail.
maybe someone wants to add code asking for the pin?
or at least detect that the MF ERASE is PIN protected?
* does anyone know the size for the MF when other
people create it? right now it is a hard coded value,
not sure what is recommended.
* we could implement a transport key if people want
(erase the card, change the ff startkey to some other
startkey, and then create MF). not sure this is worth
the work.
* does anyone know the AC system in detail? right now
I create the MF with all AC byes 00 (everyone can do).
does opensc change this later? is it a problem or ok?
things we can't fix:
* brand new tokens still have startkey "version 00".
I know the command to change that to startkey ff
(with 16 bytes ff as key), but I'm not allowed to
publish it (still waiting for an ok).
if you have such a card/token, you need siemens software
to fix it first.
* if your token/card contains packages, those would be
lost if we erase your card. and opensc can't reinstall
them. thus we check for packages and if there is any,
we refuse to format the tokens.
I think cardos 4.0 and 4.2 needs packages, not 100% sure.
if you are still brave enough to test, feedback is very welcome!
Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
