On Jan 7, 2011, at 11:21 PM, Jean-Michel Pouré - GOOZE wrote: > It seems that initializing a Feitian PKI on Windows 7 64bits (CSP), you > are able to use the card on GNU/Linux (OpenSC). But the converse is not > always true. Windows may not accept the PIN code or declare certificates > invalid. What does this mean? Please provide some logs, screenshots or error messages, or exact details of what is happening. Also provide the actual certificates (which are declared as invalid)
> Proprietary card dump: > > PKCS#15 Card [Gooze ]: > Version : 0 > Serial number : 0834493916261110 > Manufacturer ID: www.ftsafe.com > Flags : Login required This flag should not be used: "login (i.e. authentication) is required before accessing any data". This should not be used and is incorrect. In fact, the correctness of the flags should be checked against actual behavior of the card as well as the "wished behavior of the host software". OpenSC can probably read certificates without any authentication, so the flag is false. > > PIN [User Pin] > Object Flags : [0x3], private, modifiable > ID : ff > Flags : [0x933], case-sensitive, local, initialized, > needs-padding, disable_allowed, exchangeRefData case sensitive does not really matter for numerical PIN-s, but this is a known issue, see #157 [1] > Length : min_len:4, max_len:8, stored_len:8 This differs from OpenSC driver, which claims to support up to 16 characters. > Pad char : 0x00 > Reference : 0 > Type : ascii-numeric > Path : 3f005015 > > Private RSA Key [nolabel] > Object Flags : [0x3], private, modifiable > Usage : [0x2E], decrypt, sign, signRecover, unwrap Unwrap is probably wrong (as is in OpenSC) > Access Flags : [0xD], sensitive, alwaysSensitive, neverExtract > ModLength : 2048 > Key ref : 1 > Native : yes > Path : 3f005015 > Auth ID : ff00 This should not match with the ID of the user PIN, as it has an extra 0x00 ? > ID : > 37453638353137422d384131332d344637392d383133382d4136374545423134464546423100 > > Public RSA Key [nolabel] > Object Flags : [0x2], modifiable > Usage : [0xD1], encrypt, wrap, verify, verifyRecover > Access Flags : [0x0] > ModLength : 2048 > Key ref : 1 > Native : yes > Path : 3f0050154300 > ID : > 37453638353137422d384131332d344637392d383133382d4136374545423134464546423100 > > X.509 Certificate [Jean-Michel Pouré's CAcert Class 3 Root ID] > Object Flags : [0x2], modifiable > Authority : no > Path : 3f0050154300 > ID : > 37453638353137422d384131332d344637392d383133382d4136374545423134464546423100 > Encoded serial : 02 03 00BB5E > > **************************************** > > Initialized with OpenSC dump: > > PKCS#15 Card [Gooze]: > Version : 0 > Serial number : 0834493916261110 > Manufacturer ID: EnterSafe > Last update : 20110107185446Z > Flags : EID compliant > > PIN [User PIN] > Object Flags : [0x3], private, modifiable > ID : 01 > Flags : [0x32], local, initialized, needs-padding > Length : min_len:4, max_len:16, stored_len:16 > Pad char : 0x00 > Reference : 1 > Type : ascii-numeric > Path : 3f005015 > > Private RSA Key [ID CAcert Inc. de Jean-Michel Pouré] > Object Flags : [0x3], private, modifiable > Usage : [0x4], sign > Access Flags : [0x0] > ModLength : 2048 > Key ref : 1 > Native : yes > Path : 3f005015 > Auth ID : 01 > ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc > > Public RSA Key [Public Key] > Object Flags : [0x2], modifiable > Usage : [0x4], sign As said before, this is a bug (or regression?) > Access Flags : [0x0] > ModLength : 2048 > Key ref : 0 > Native : no > Path : 3f0050153000 > Auth ID : 01 > ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc > > X.509 Certificate [ID CAcert Inc. de Jean-Michel Pouré] > Object Flags : [0x2], modifiable > Authority : no > Path : 3f0050153100 > ID : 5bcac4c3fb1259ae7ade586200136759cba22bdc > Encoded serial : 02 03 00BB5E > [1] http://www.opensc-project.org/opensc/ticket/157 -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
