Hello, It has been a while. You know project delays. But I am now back on track. The script worked great. I am looking into decoding that output of the image so that I may view it and possibly get the header information from it. I am just seeing if anyone could point me in a starting direction.
Thank you, Harry Anuszewski <Script> #!/bin/bash # Dump the objects on a PIV card in the reader. # to the current directory. # Although pkcs15-tool -C can do this, it dumps # to the printer. # export LD_LIBRARY_PATH=/opt/smartcard/lib export PATH=/opt/smartcard/bin:$PATH PDA="pkcs11-tool -r -y data --application-id" PDC="pkcs15-tool -r" $PDA 2.16.840.1.101.3.7.1.219.0 > ccc $PDA 2.16.840.1.101.3.7.2.48.0 > chuid $PDA 2.16.840.1.101.3.7.2.48.2 > uchuid # X.509 Certificate for PIV Authentication $PDA 2.16.840.1.101.3.7.2.1.1 > cert.1.object #X.509 Certificate for Digital Signature $PDA 2.16.840.1.101.3.7.2.1.0 > cert.2.object #X.509 Certificate for Key Management $PDA 2.16.840.1.101.3.7.2.1.2 > cert.3.object #X.509 Certificate for Card Authentication $PDA 2.16.840.1.101.3.7.2.5.0 > cert.4.object $PDA 2.16.840.1.101.3.7.2.144.0 > security.object $PDC 01 > cert.1.txt $PDC 02 > cert.2.txt $PDC 03 > cert.3.txt $PDC 04 > cert.4.txt # next 3 need PIN echo Will read PIN 3 times: fingerprints printedinfo and facialimage $PDA 2.16.840.1.101.3.7.2.96.16 --login > fingerprints $PDA 2.16.840.1.101.3.7.2.48.1 --login > printedinfo $PDA 2.16.840.1.101.3.7.2.96.48 --login > facialimage </Script> -----Original Message----- From: Douglas E. Engert [mailto:deeng...@anl.gov] Sent: Wednesday, April 07, 2010 11:12 AM To: Harry Anuszewski Cc: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] Getting Facial image and Biometrics off Piv Card Harry Anuszewski wrote: > Hello, > Thanks for the information. I am glad that this has been done before. > I am working with Java in windows xp and newer. > > The java program is just a standalone app. Users with a piv card will > be able to launch the app select a reader and type in the pin. From > there a window opens and it has the picture from the card and printed > info then tabs that contain the certs, and biometric information. For > now I am able to get the Certs with no problem since it is standard in OpenSC-java. I am not much of a java programmer, and have not used the opensc-java, but the pkcs11-tool uses the standard PKCS#11 commands to read objects. But looking at the opensc-java/trunk/pkcs11/java/src/org/opensc/pkcs11/wrap/PKCS11Object.java defines CKO_CERTIFICATE, CKO_PUBLIC_KEY, CKO_PRIVATE_KEY and CKO_SECRET_KEY, but does not define CKO_DATA. There are calls to enumRawObjects() for CKO_CERTIFICATE, CKO_PUBLIC_KEY, CKO_PRIVATE_KEY but not for CKO_DATA. It might not be hard to add support for data objects. An alternative to the OpenSC-java might be: http://java.sun.com/javase/7/docs/technotes/guides/security/p11guide.html Does talk about how to use PKCS#11 shared library or dll, which could be the opensc-pkcs11.dll. > I am working > on getting the fingerprints and facial image and printed info. I know > I can do this using the pkcs11-tool and a command line but is there a > way to do it inside of a java program using standard native functions? > > Harry > > -----Original Message----- > From: Douglas E. Engert [mailto:deeng...@anl.gov] > Sent: Monday, April 05, 2010 6:01 PM > To: Harry Anuszewski > Cc: opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] Getting Facial image and Biometrics off > Piv Card > > > > Harry Anuszewski wrote: >> Hello, >> >> >> >> I am using openSC-java and want to pull data off a Fips 201 piv card. >> The things I'm interested in getting are the facial image and >> biometric information. Basically sending some adpu commands and >> getting byte arrays back. I know openSC is a very extensive library >> and have used the basic functions of openSC-java for a few programs. >> I was wondering if there was a way to use OpenSC to return the facial >> image and biometrics of a person? > > Yes, you can use pkcs11-tool and pkcs15-tool to do this. Note to read > the fingerprints, printed info or facial image requires the user PIN. > > Attached is a simple script to copy all the objects off the card into > to the current directory. The certificates are dumped in two forms, as > the object (so may also be gzipped), and in PEM format as OpenSC can > extracting the certificate from the object. > > The objects are in binary as defined in NIST 800-73-2 part 1. > which for the Facial Image just says there is a tag 0xBC length and > data of the "Image for Visual Verification" which is defined in other documents. > Decoding not cert objects is really out of scope of the OpenSC project. > > I did write a test program to display the picture, and get some of the > other info from it. Send me some more e-mail on this. > >> This information is saved to the card. If this is not yet possible I >> wouldn't mind designing support for new features with a little help >> of course. Basically what files would I need to modify? > > No modifications are needed... > >> >> >> Thanks for any help >> >> >> >> Harry >> >> >> --------------------------------------------------------------------- >> --- >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.800 / Virus Database: 271.1.1/2792 - Release Date: 04/07/10 02:32:00 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
