[opensc-devel] swisssign / cardos opensc problems

Thu, 22 Oct 2009 07:37:24 -0700 

Hi,

short summary for those following my discussions with marc
(we had some private mails in german):

* cardos-info has a card serial
* libsiecap has a serial from a file "2f02", as far as I know
  not a pkcs#15 file (can someone confirm this)?
* in pkcs#15 the serial should be in the token info file 5032.
  but that file has an empty serial in there.
* token info is protected by two pins, I guess pin1 and so-pin,
  so it could be fixed. it also contains 16 unused bytes 00,
  so the size is not an issue:
    3f0050155032 type: wEF, ef structure: transpnt, size: 295
    read[NONE] update[CHV116 CHV115] write[CHV116] erase[NEVR] rehab[NEVR] 
inval[NEVR] sec: 00:74:FF:FF:FF:74:73
    prop: 01

* the certificate files on his cards are unprotected for
read,write,update, so opensc should be able to write them.
      3f00501543044301 type: wEF, ef structure: transpnt, size: 1477
      read[NONE] update[NONE] write[NONE] erase[NEVR] rehab[NEVR] inval[NEVR] 
sec: 00:00:FF:FF:FF:00:00 prop: 00

* but the directory is unprotected for creating files:
    3f0050154304 type:  DF, size: 128
    select[N/A] lock[NEVR] delete[NEVR] create[NONE] rehab[NEVR] inval[NEVR] 
list[N/A] sec: 00:FF:FF:FF:FF:FF:73:00:00
    prop: 01:21:88
so opensc should be able to create files, right?

* cert directory file is cDF 4404 and it is pin protected:
    3f0050154404 type: wEF, ef structure: linvar(TLV), size: 1024
    read[NONE] update[CHV115] write[NEVR] erase[NONE] rehab[NEVR] inval[NEVR] 
sec: 00:00:00:FF:FF:FF:73
    prop: 01

so opensc should be able to update this, too.

using "onepin-opensc-pkcs11.so" was wrong in my opinion (5 pin objects, 3 
public keys, 3 private keys, 5 certs on the card), so he should use opensc-
pkcs11.so.

so I have no clue why he cant overwrite or create new certificates, but
it should be possible to do that. a debug file might show us what is wrong.
    3f0050154404 type: wEF, ef structure: linvar(TLV), size: 1024
    read[NONE] update[CHV115] write[NEVR] erase[NONE] rehab[NEVR] inval[NEVR] 
sec: 00:00:00:FF:FF:FF:73
    prop: 01

the serial problem is a siemens bug or a problem related to sigG structures?
fixing the situation should be possible with a small program.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to