Dear all, Because users have smartcards in the wallet and need to connect from any computer, including Mac OS X, Windows and GNU/Linux, and they don't know in advance which framework is installed, it seems important that card initialization is consistent between proprietary drivers and OpenSC.
I tried different scenarios with the Feitian PKI. It seems that initializing a Feitian PKI on Windows 7 64bits (CSP), you are able to use the card on GNU/Linux (OpenSC). But the converse is not always true. Windows may not accept the PIN code or declare certificates invalid. So I did a simple test: * Under Windows 7 64 bit: use only Feitian tools. * Under GNU/Linux: use only OpenSC 0.10.0 + Firefox. I initialized a card with PIN code 0000 and transferred a certificate using Firefox. This is what users are going to do if they enroll on online servers, which I expect. Please find hereafter a compared dump of the cards. My questions are: 1) Should the PIN and RSA/certificate flags consistent for all drivers. Is that important for Windows 7 or OpenSC? Please notice the difference in the PIN flags. 2) If the flags are important, could we consider some kind of initialization option like --windows, which would add the same flags as if initialized by proprietary drivers. 3) Can the flags be modified after a card is initialized by OpenSC. I would like to study the importance of flags. 4) The PIN flags are from OpenSC. 5) Most flags are from RSA/X.509 certs. Do OpenSC or Firefox add flags during transfer of certs. Basically, I would like to be able to initialize cards and users are never aware this was OpenSC and not the proprietary drivers. Is that possible? Sorry for all these questions, I hope this can be useful for basic users. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ***************** Proprietary card dump: PKCS#15 Card [Gooze ]: Version : 0 Serial number : 0834493916261110 Manufacturer ID: www.ftsafe.com Flags : Login required PIN [User Pin] Object Flags : [0x3], private, modifiable ID : ff Flags : [0x933], case-sensitive, local, initialized, needs-padding, disable_allowed, exchangeRefData Length : min_len:4, max_len:8, stored_len:8 Pad char : 0x00 Reference : 0 Type : ascii-numeric Path : 3f005015 Private RSA Key [nolabel] Object Flags : [0x3], private, modifiable Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags : [0xD], sensitive, alwaysSensitive, neverExtract ModLength : 2048 Key ref : 1 Native : yes Path : 3f005015 Auth ID : ff00 ID : 37453638353137422d384131332d344637392d383133382d4136374545423134464546423100 Public RSA Key [nolabel] Object Flags : [0x2], modifiable Usage : [0xD1], encrypt, wrap, verify, verifyRecover Access Flags : [0x0] ModLength : 2048 Key ref : 1 Native : yes Path : 3f0050154300 ID : 37453638353137422d384131332d344637392d383133382d4136374545423134464546423100 X.509 Certificate [Jean-Michel Pouré's CAcert Class 3 Root ID] Object Flags : [0x2], modifiable Authority : no Path : 3f0050154300 ID : 37453638353137422d384131332d344637392d383133382d4136374545423134464546423100 Encoded serial : 02 03 00BB5E **************************************** Initialized with OpenSC dump: PKCS#15 Card [Gooze]: Version : 0 Serial number : 0834493916261110 Manufacturer ID: EnterSafe Last update : 20110107185446Z Flags : EID compliant PIN [User PIN] Object Flags : [0x3], private, modifiable ID : 01 Flags : [0x32], local, initialized, needs-padding Length : min_len:4, max_len:16, stored_len:16 Pad char : 0x00 Reference : 1 Type : ascii-numeric Path : 3f005015 Private RSA Key [ID CAcert Inc. de Jean-Michel Pouré] Object Flags : [0x3], private, modifiable Usage : [0x4], sign Access Flags : [0x0] ModLength : 2048 Key ref : 1 Native : yes Path : 3f005015 Auth ID : 01 ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc Public RSA Key [Public Key] Object Flags : [0x2], modifiable Usage : [0x4], sign Access Flags : [0x0] ModLength : 2048 Key ref : 0 Native : no Path : 3f0050153000 Auth ID : 01 ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc X.509 Certificate [ID CAcert Inc. de Jean-Michel Pouré] Object Flags : [0x2], modifiable Authority : no Path : 3f0050153100 ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc Encoded serial : 02 03 00BB5E ************ _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel