I've been working on getting applications to use the 'NSS Shared DB': https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX
I have the basics working, with certificates in /etc/pki/nssdb being used in addition to the user-specific certificates (and keys) in ~/.pki/nssdb. This is working with firefox, evolution, etc. I received a bug report from a user using smart cards, and wanted to test it -- so I bought a 'Crypto Stick v1.2' from German Privacy Foundation, after seeing that the CCID driver supported it. Unfortunately, I didn't realise that this only seems to mean that the _reader_ is supported; the OpenPGP v2 card that's soldered into it is not. The patch below makes it look like it's kind of working, but not for anything useful. It may be obvious that I have no clue what I'm doing; any pointers would be gratefully appreciated. Including "don't bother with that; just buy one of <these>.". I'm in the UK. $ pkcs15-init -C Using reader with a card: German Privacy Foundation Crypto Stick v1.2 00 00 resp len 17: 62 15 84 10 d2 76 00 01 24 01 02 00 00 05 00 00 05 4b 00 00 8a 01 05 [pkcs15-init] pkcs15-lib.c:322:sc_pkcs15init_bind: Unsupported card driver openpgp Couldn't bind to the card: Not supported $ pkcs15-tool -D Using reader with a card: German Privacy Foundation Crypto Stick v1.2 00 00 resp len 17: 62 15 84 10 d2 76 00 01 24 01 02 00 00 05 00 00 05 4b 00 00 8a 01 05 PKCS#15 Card [OpenPGP Card]: Version : 512 Serial number : d27600012401020000050000054b0000 Manufacturer ID: OpenPGP project Language : de Flags : Login required, PRN generation, EID compliant PIN [Signature PIN] Com. Flags: 0x3 ID : 01 Flags : [0x13], case-sensitive, local, initialized Length : min_len:0, max_len:32, stored_len:32 Pad char : 0x00 Reference : 1 Type : ascii-numeric Path : 3f00 Tries left: 3 PIN [Encryption PIN] Com. Flags: 0x3 ID : 02 Flags : [0x13], case-sensitive, local, initialized Length : min_len:0, max_len:32, stored_len:32 Pad char : 0x00 Reference : 2 Type : ascii-numeric Path : 3f00 Tries left: 0 PIN [Admin PIN] Com. Flags: 0x3 ID : 03 Flags : [0x9B], case-sensitive, local, unblock-disabled, initialized, soPin Length : min_len:0, max_len:32, stored_len:32 Pad char : 0x00 Reference : 3 Type : ascii-numeric Path : 3f00 Tries left: 3 Private RSA Key [Signature key] Com. Flags : 3 Usage : [0x20C], sign, signRecover, nonRepudiation Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 1024 Key ref : 0 Native : yes Path : Auth ID : 01 ID : 01 Private RSA Key [Encryption key] Com. Flags : 3 Usage : [0x22], decrypt, unwrap Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 1024 Key ref : 1 Native : yes Path : Auth ID : 02 ID : 02 Private RSA Key [Authentication key] Com. Flags : 3 Usage : [0x200], nonRepudiation Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 1024 Key ref : 2 Native : yes Path : Auth ID : 02 ID : 03 Public RSA Key [Signature key] Com. Flags : 2 Usage : [0xC0], verify, verifyRecover Access Flags: [0x2], extract ModLength : 1024 Key ref : 0 Native : no Path : b601 Auth ID : 03 ID : 01 Public RSA Key [Encryption key] Com. Flags : 2 Usage : [0x11], encrypt, wrap Access Flags: [0x2], extract ModLength : 1024 Key ref : 0 Native : no Path : b801 Auth ID : 03 ID : 02 Public RSA Key [Authentication key] Com. Flags : 2 Usage : [0x40], verify Access Flags: [0x2], extract ModLength : 1024 Key ref : 0 Native : no Path : a401 Auth ID : 03 ID : 03 --- opensc-0.11.13/src/libopensc/card-openpgp.c~ 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.11.13/src/libopensc/card-openpgp.c 2010-07-07 16:12:57.381970916 +0100 @@ -27,6 +27,7 @@ static struct sc_atr_table pgp_atrs[] = { { "3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1", NULL, NULL, SC_CARD_TYPE_OPENPGP_GENERIC, 0, NULL }, + { "3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c", NULL, NULL, SC_CARD_TYPE_OPENPGP_GENERIC, 0, NULL }, { NULL, NULL, NULL, 0, 0, NULL } }; --- opensc-0.11.13/src/libopensc/iso7816.c~ 2010-02-16 09:03:28.000000000 +0000 +++ opensc-0.11.13/src/libopensc/iso7816.c 2010-07-07 16:43:29.184100656 +0100 @@ -456,6 +456,10 @@ static int iso7816_select_file(sc_card_t SC_FUNC_RETURN(card->ctx, 2, 0); SC_FUNC_RETURN(card->ctx, 2, sc_check_sw(card, apdu.sw1, apdu.sw2)); } + printf("resp len %x:", apdu.resplen); + for (r = 0; r < apdu.resplen; r++) + printf(" %02x", apdu.resp[r]); + printf("\n"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r) @@ -464,6 +468,7 @@ static int iso7816_select_file(sc_card_t if (apdu.resplen < 2) SC_FUNC_RETURN(card->ctx, 2, SC_ERROR_UNKNOWN_DATA_RECEIVED); switch (apdu.resp[0]) { + case 0x62: case 0x6F: file = sc_file_new(); if (file == NULL) -- dwmw2 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel