Hello Benjamin, Le 04/10/2011 17:12, Benjamin ALLEMAND a écrit : > I bought IAS/ECC card from Gemalto, here are some commands to identify the > card : > *opensc-tool --reader 2 --atr* > ATR : 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 > *opensc-tool --reader 2 --name* > IAS/ECC Gemalto > *pkcs15-tool --dump* > Using reader with a card: OMNIKEY CardMan 5x21 0 > PKCS#15 Card [ECC eID]: > Version : 2 > Serial number : 984000001079955F > Manufacturer ID: Gemalto > Flags : Read-only, Login required > > Global PIN [Card PIN] > Com. Flags: 0x2 > ID : C1 > Flags : [0x810], initialized, exchangeRefData > Length : min_len:4, max_len:4, stored_len:4 > Pad char : 0x00 > Reference : 0x1 > Type : ascii-numeric > Tries left: 3 > ACLs : change:<always>; verify:<always>; unlock:CHV#2; > put_data:<ne > ver>; get_data:<always>; > > Global PIN [Card PUK] > Com. Flags: 0x2 > ID : 02 > Flags : [0x858], unblock-disabled, initialized, unblockingPin, > exchangeRefData > Length : min_len:4, max_len:4, stored_len:4 > Pad char : 0x00 > Reference : 0x2 > Type : ascii-numeric > Tries left: 3 > ACLs : change:<always>; verify:<always>; unlock:<never>; > put_data:<never>; get_data:<always>; > > Local PIN [Signature PIN] > Com. Flags: 0x2 > ID : 82 > Flags : [0x812], local, initialized, exchangeRefData > Length : min_len:6, max_len:6, stored_len:6 > Pad char : 0x00 > Reference : 0x82 > Type : ascii-numeric > Path : e828bd080fd2504543432d654944 > Tries left: 3 > ACLs : change:<always>; verify:<always>; unlock:SCB#D8; > put_data:<never>; get_data:<always>; > > Local PIN [Signature PUK] > Com. Flags: 0x2 > ID : 83 > Flags : [0x85A], local, unblock-disabled, initialized, > unblockingPin > , exchangeRefData > Length : min_len:6, max_len:6, stored_len:6 > Pad char : 0x00 > Reference : 0x83 > Type : ascii-numeric > Path : e828bd080fd2504543432d654944 > ACLs : change:SM#83; verify:SM#83; unlock:<never>; > put_data:<never>; get_data:<always>; > > Reading data object <0> > applicationName: IasEccRoot > Label: EF.SN <http://EF.SN> > applicationOID: NONE > Path: F0496173456363526F6F74::d003 > Auth ID: > Data Object (12 bytes): < 5A 0A 92 50 98 40 00 00 10 79 95 5F > > *pkcs15-tool.exe --list-applications* > Using reader with a card: SpringCard CSB6 Family Contact 0 > ECC eID > AID: E828BD080FD2504543432D654944 > DDO: > > ECC Generic PKI > AID: E828BD080FD25047656E65726963 > DDO: > > The purpose is to store a certificate inside ECC Generic PKI through OpenSC, > in order to do Smartcard Logon to a Windows XP. > > _My question :_ is option "--bind-to-aid E828BD080FD25047656E65726963" the > correct option to select my 2nd application ? If so, why is this command > failing ?
According to the dump that you presented, the '--auth-id' argument of your key generation command has to be 'C1'. I propose you to activate the logs (in 'app default' section of etc/opensc.conf set 'debug = 8' and some valid path for 'debug_file') and send here the logs. You can also send here the output of the 'list_sdos' command from opensc-explorer. This command will show some details on the pre-allocated SDOs of private RSA keys: # opensc-explorer OpenSC [3F00]> cd aid:E828BD080FD25047656E65726963 OpenSC [E828BD080FD25047656E65726963]> list_sdos 0x20 <here follows the needed output> For the future, if you need to use minidriver of OpenSC, be ready to use another MSI. The MSI that you are currently using is built on the experimental branch where support of secure-messaging, multi-application features has been tested. It do not include the minidriver of OpenSC. This branch is not more supported. I propose to use instead the last nightly MSI built on 'secure-messaging' github branch of OpenSC. This branch is destinated to be merged into the OpenSC master branch in the nearest (I hope) future. http://www.opensc-project.org/downloads/nightly/viktor/win32/ The nightly built MSI includes the minidriver. > pkcs15-init --generate-key rsa/1024 --auth-id 01 > --bind-to-aid E828BD080FD25047656E65726963 --pin 1234 -v > Using reader with a card: SpringCard CSB6 Family Contact 0 > Connecting to card in reader SpringCard CSB6 Family Contact 0... > Using card driver IAS-ECC. > Found ECC eID > About to generate key. > TODO: Check if native IAS middleware accepts the meaningfull path value. > Failed to generate key: Card command failed > Thanks for your advice !!! > Benjamin ALLEMAND Kind regards, Viktor. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
