Dear all,
Because users have smartcards in the wallet and need to connect from any
computer, including Mac OS X, Windows and GNU/Linux, and they don't know
in advance which framework is installed, it seems important that card
initialization is consistent between proprietary drivers and OpenSC.
I tried different scenarios with the Feitian PKI.
It seems that initializing a Feitian PKI on Windows 7 64bits (CSP), you
are able to use the card on GNU/Linux (OpenSC). But the converse is not
always true. Windows may not accept the PIN code or declare certificates
invalid.
So I did a simple test:
* Under Windows 7 64 bit: use only Feitian tools.
* Under GNU/Linux: use only OpenSC 0.10.0 + Firefox.
I initialized a card with PIN code 0000 and transferred a certificate
using Firefox. This is what users are going to do if they enroll on
online servers, which I expect.
Please find hereafter a compared dump of the cards.
My questions are:
1) Should the PIN and RSA/certificate flags consistent for all drivers.
Is that important for Windows 7 or OpenSC? Please notice the difference
in the PIN flags.
2) If the flags are important, could we consider some kind of
initialization option like --windows, which would add the same flags as
if initialized by proprietary drivers.
3) Can the flags be modified after a card is initialized by OpenSC. I
would like to study the importance of flags.
4) The PIN flags are from OpenSC.
5) Most flags are from RSA/X.509 certs. Do OpenSC or Firefox add flags
during transfer of certs.
Basically, I would like to be able to initialize cards and users are
never aware this was OpenSC and not the proprietary drivers. Is that
possible?
Sorry for all these questions, I hope this can be useful for basic
users.
Kind regards,
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu
*****************
Proprietary card dump:
PKCS#15 Card [Gooze ]:
Version : 0
Serial number : 0834493916261110
Manufacturer ID: www.ftsafe.com
Flags : Login required
PIN [User Pin]
Object Flags : [0x3], private, modifiable
ID : ff
Flags : [0x933], case-sensitive, local, initialized,
needs-padding, disable_allowed, exchangeRefData
Length : min_len:4, max_len:8, stored_len:8
Pad char : 0x00
Reference : 0
Type : ascii-numeric
Path : 3f005015
Private RSA Key [nolabel]
Object Flags : [0x3], private, modifiable
Usage : [0x2E], decrypt, sign, signRecover, unwrap
Access Flags : [0xD], sensitive, alwaysSensitive, neverExtract
ModLength : 2048
Key ref : 1
Native : yes
Path : 3f005015
Auth ID : ff00
ID :
37453638353137422d384131332d344637392d383133382d4136374545423134464546423100
Public RSA Key [nolabel]
Object Flags : [0x2], modifiable
Usage : [0xD1], encrypt, wrap, verify, verifyRecover
Access Flags : [0x0]
ModLength : 2048
Key ref : 1
Native : yes
Path : 3f0050154300
ID :
37453638353137422d384131332d344637392d383133382d4136374545423134464546423100
X.509 Certificate [Jean-Michel Pouré's CAcert Class 3 Root ID]
Object Flags : [0x2], modifiable
Authority : no
Path : 3f0050154300
ID :
37453638353137422d384131332d344637392d383133382d4136374545423134464546423100
Encoded serial : 02 03 00BB5E
****************************************
Initialized with OpenSC dump:
PKCS#15 Card [Gooze]:
Version : 0
Serial number : 0834493916261110
Manufacturer ID: EnterSafe
Last update : 20110107185446Z
Flags : EID compliant
PIN [User PIN]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x32], local, initialized, needs-padding
Length : min_len:4, max_len:16, stored_len:16
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f005015
Private RSA Key [ID CAcert Inc. de Jean-Michel Pouré]
Object Flags : [0x3], private, modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 2048
Key ref : 1
Native : yes
Path : 3f005015
Auth ID : 01
ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc
Public RSA Key [Public Key]
Object Flags : [0x2], modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 2048
Key ref : 0
Native : no
Path : 3f0050153000
Auth ID : 01
ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc
X.509 Certificate [ID CAcert Inc. de Jean-Michel Pouré]
Object Flags : [0x2], modifiable
Authority : no
Path : 3f0050153100
ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc
Encoded serial : 02 03 00BB5E
************
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
