This document found by Google, and located at NIST, has some interesting information: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp943.pdf
It looks like it defines many of the additional provisioning commands (But does not list the actual APDUs for these) that would allow the iKey400 to act like a PIV card after it had been provisioned. On 2/27/2012 3:55 PM, Douglas E. Engert wrote: > > > On 2/27/2012 1:54 PM, Andreas Kroehnert wrote: >> Hi Anthony, >> >> I think its more beneficial to respond to this list, rather than just your >> comment you left on the blog. >> >> The little OpenCT patch I've done was originally done for the "standard" >> ikey 4000 (04b9:1206). But should also work for the "non-standard" one >> (04b9:1400). I am not sure what to order at SafeNet to get the 1400 one, >> could be the old CIP initialised, kinda old-school version, but I am not >> sure. However all 4k tokens I've collected over the years, even the latest, >> come with a PID of 1206. (Which actually should be an ikey 2k series PID. To >> mess it up even more SafeNet now renamed/rebranded the ikey 4000 to eToken >> 5000) >> >> Back to topic: In general its claimed that regardless of the PID, the >> ikey4000 / SC400 is a CCID compliant device, but I never got it to work >> using libccid. >> >> While developing the first attempt of the patch I was confused why the ATR >> from the card contains a trailing byte before it continues with 0x3B... >> Might be that this is messing up the CCID compatibility. For the moment I've >> just chopped that first byte off and the card mostly responds as expected. >> >> It's also said that once the ATR has been sent the card shall behave >> according to PIV for most commands. I wasn't able to confirm that either as >> of now. > > PIV? Really? If so it should respond to the NIST 800-73 part 2 > SELECT Card Command with the AID of the PIV application. > You can try this opensc-tool command to see if it responds > with a PIV application on the device: > > > opensc-tool -s 00:A4:04:00:09:A0:00:00:03:08:00:00:10:00:00 > > What does it return? > > If their goal is to have this device as a PIV and usable on Windows, > I would expect to be CCID as well. > >> >> So far I got some new commercial assignments, so I didn't have a chance to >> continue with the development. The next stage (as said in the blog) is to >> get OpenSC patched to support the card. >> >> I am happy to provide the code I've done so far, unfortunately I've done it >> on a VM that is now on a crashed RAID, which I switched off to wait for >> replacement disks before I make any recovery attempts. Which should >> hopefully in the next few days. >> >> Kind Regards >> Andreas >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel >> >> > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
