Hi, we are using TCOS2 card for more than 7 years and our policy is to only use smartcard readers with secure PIN entry. The CCID standard improved things a lot but unfortunately only a few readers have 100% correct implementations.
The Dell USB Smartcard Keyboard seems to support SPE only if the VERIFY command has a fixed length. TCOS does not need padding so OpenSC sends the following control buffer to your reader: > winscard_msg_srv.c:317:SHMProcessEventsContext() command CONTROL received by client 10 > ifdhandler.c:1323:IFDHControl() ControlCode: 0x42330006, usb:413c/2101:libhal:/org/freedesktop/Hal/devices > /usb_device_413c_2101_noserial_if1 (lun: 0) > Control TxBuffer: 1E 1E 02 00 00 10 06 02 00 00 00 00 00 00 00 05 00 00 00 00 20 00 00 00 > openct/proto-t1.c:571:t1_build() more bit: 0 > -> 000000 69 14 00 00 00 00 3E 00 00 00 00 1E 02 00 00 10 06 02 00 00 00 00 00 40 05 00 20 00 00 00 > <- 000000 80 06 00 00 00 00 3E 00 00 00 00 40 02 67 00 25 > Control RxBuffer: 67 00 The control buffers contains a 5-byte verify command, namely 00 20 00 00 00 and your card reader is supposed to add the PIN and replace the fifth byte with the PIN length. So if you enter 1234567 on your pinpad the verify command should be changed into 00 20 00 00 07 31 32 33 34 35 36 37. This does NOT work with the Dell USB Smartcard Keyboard. It will only add the PIN but does not change the PIN lenght. So the verify command sent to your card will be 00 20 00 00 00 31 32 33 34 35 36 37 which results in error code 67 00. Fortunately this does not reduce your cards retry counter All our TCOS cards have a 6 digit PIN so we use a verify command with fixed PIN length, i.e. 00 20 00 00 06. We hardcoded this into our software and only use this dirty hack if our software has detected a Dell USB Smartcarc Keyboard. Unfortunately OpenSC cannot do this as it does not know in advance what the PIN length will be. CardOS PINs are padded to a fixed length and there is no need to replace a byte within the verify-APDU with the PIN length. Therefore this problem does not happen with CardOS cards. I have no idea why your SCM reader behaves different under Windows and Linux. Does it have old firmware? Could you produce debug-output and compare the Control TxBuffers that are sent to your reader under WIndows and Linux. Peter
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
