Douglas,
here is the changes list that i have made for the opensc-minidrver.inf
and .minidriver-westcos.reg
.inf
[Minidriver.NTamd64]
+ %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_7320006C009000
- %CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000
[Minidriver.NTx86]
+ %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_7320006C009000
- %CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000
[Minidriver.NTamd64.6.1]
+ %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_7320006C009000
- %CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000
[AddRegWOW64]
+ HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3b,67,00,00,73,20,00,6c,00,90,00
- HKLM,
%SmartCardNameWOW64%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00
- HKLM,
%SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
[Strings]
+SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\MyKAD"
- SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos"
+SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\MyKAD"
-
SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Cev
Westcos"
.reg
Windows Registry Editor Version 5.00
+ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\MyKAD]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CEV
WESTCOS]
+ "ATR"=hex:3b,67,00,00,73,20,00,6c,00,90,00
- "ATR"=hex:3f,69,00,00,00,64,01,00,00,00,80,90,00
- "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
Part of the cardmod.log section
********** DllMain hModule=0x6C8B0000 reason=1 Reserved=00000000 P:13632 T:14000
** DllMain Attach ModuleFileName=C:\Windows\system32\certutil.exe
==================================================================
P:13632 T:14000 pCardData:0048E4D8 CardAcquireContext, dwVersion=7,
name=MyKAD,hScard=0xEA020000, hSCardCtx=0xCD010002
request version pCardData->dwVersion = 7
pCardData->dwVersion = 7
create ctx
sc_context_create passed r = 0
associate_card
cardmod_use_handles 0
sc_ctx_get_reader_count(ctx): 1
Broadcom Corp Contacted SmartCard 0
sc_connect_card result = 0, Success
PKCS#15 initialization result: 0, Success
serial number r=0 len1=7 len2=32 --- 0049707C:16
0000 00000000 0256F107 08090A0B 0C0D0E0F
Found 2 certificat(s) in the card.
Found 2 private key(s) in the card.
Found 1 pin(s) in the card.
prkey_info->subject 0 (subject_len=0)modulus_length=1024 subject --- 00000000:0
prkey_info->subject 1 (subject_len=0)modulus_length=1024 subject --- 00000000:0
cert->subject 0 --- 01D8A360:107
0000 310B3009 06035504 0613024D 59312330 21060355 0403131A 47414C4F 48205241
0020 53484944 41482042 494E5449 20484152 4F4E3115 30130603 55040513 0C373630
0040 35323031 30353937 36312030 1E06092A 864886F7 0D010901 16116772 6861726F
0060 6E40676D 61696C2E 636F6D
cert->subject 1 --- 01D8A360:107
0000 310B3009 06035504 0613024D 59312330 21060355 0403131A 47414C4F 48205241
0020 53484944 41482042 494E5449 20484152 4F4E3115 30130603 55040513 0C373630
0040 35323031 30353937 36312030 1E06092A 864886F7 0D010901 16116772 6861726F
0060 6E40676D 61696C2E 636F6D
PIN [PIN]
Com. Flags: 0x3
ID : 01
Flags : [0x31], case-sensitive, initialized, needs-padding
Length : min_len:6, max_len:8, stored_len:8
Pad char : 0xFF
Reference : 1
Type : ascii-numeric
Path :
OpenSC init done.
P:13632 T:14000 pCardData:0048E4D8 CardGetProperty
CardGetProperty wszProperty=Card Identifier, cbData=16, dwFlags=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
CardGUID --- 00493C70:16
0000 00000000 0256F107 08090A0B 0C0D0E0F
P:13632 T:14000 pCardData:0048E4D8 CardReadFile
pszDirectoryName = <NULL>, pszFileName = cardcf, dwFlags = 0,
pcbData=0, *ppbData=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
return cardcf --- 00480888:6
0000 00002900 2348
P:13632 T:14000 pCardData:0048E4D8 CardGetProperty
CardGetProperty wszProperty=Read Only Mode, cbData=4, dwFlags=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
pcardReadOnly--- 00480898:4
0000 01000000
P:13632 T:14000 pCardData:0048E4D8 CardGetProperty
CardGetProperty wszProperty=Cache Mode, cbData=4, dwFlags=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
pCardCacheMode --- 00480898:4
0000 03000000
P:13632 T:14000 pCardData:0048E4D8 CardGetProperty
CardGetProperty wszProperty=Supports Windows x.509 Enrollment,
cbData=4, dwFlags=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
pSupportsX509Enrolment --- 00480898:4
0000 00000000
P:13632 T:14000 pCardData:0048E4D8 CardReadFile
pszDirectoryName = mscp, pszFileName = cmapfile, dwFlags = 0,
pcbData=0, *ppbData=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
sc_pkcs15_read_certificate return 0
P:13632 T:14000 pCardData:0048E4D8 CardGetProperty
CardGetProperty wszProperty=PIN Information, cbData=36, dwFlags=1
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
returning info on PIN ROLE_USER ( Auth ) [1]
--- 004741B0:36
0000 06000000 00000000 01000000 00000000 00000000 06000000 00000000 00000000
0020 00000000
P:13632 T:14000 pCardData:0048E4D8 CardReadFile
pszDirectoryName = mscp, pszFileName = cmapfile, dwFlags = 0,
pcbData=0, *ppbData=0
check_reader_status
pCardData->hSCardCtx:0xCD010002 hScard:0xEA020000
check_reader_status r=5 flags 0x00000005
sc_pkcs15_read_certificate return 0
P:13632 T:14000 pCardData:0048E4D8 CardDeleteContext
disassociate_card
sc_pkcs15_unbind
sc_disconnect_card
release context
**********************************************************************
Thank you.
On Tue, Jul 10, 2012 at 9:20 PM, Douglas E. Engert <deeng...@anl.gov> wrote:
>
>
> On 7/10/2012 3:35 AM, Galoh Haron wrote:
>> hello all,
>>
>> I found errors in running certutil -scinfo
>> 1) Can't open the AT_SIGNATURE key for reader
>> 2) Can't open the At_KEYEXCHANGE key for reader
>> 3) Cannot open the key for reader
>>
>> A pops dialog show .." A smart card was detected but is not the one
>> required for the current operation. The smart card you are using may
>> be missing required driver software or a required certificate".
>
> Sounds like the MS code is having problems using the minidriver.
> This could be because your registry is not configured correctly
> or you code is doing something that does not work under the minidriver.
> The minidriver may be called during login by more then one process,
> and by more then one thread. Depending on how your code is written this may
> cause problems. The minidriver may stay loaded by more then one process
> for long times. During login, there is no HKLU registry as there is no
> current user. This also implies that access to files is limited.
>
>>
>> i can view the certificate in mozilla web browser.
>>
>> to minidrive everything
>> 1) I configure the registry as per minidriver-westcost.reg
> Send your changes to the list.
>
>> 2) I configure the opensc-minidriver.inf and change the device ID
>> according to the historical atr bytes
>> 3) install the inf accordingly
>
> Send the inf changes to the list.
>
>>
>> what else should i do.?
>
> You could compile the mindriver with the CARDMOD_LOW_LEVEL_DEBUG
> See minidriver.c around line 100. Its only for debugging.
> You will need to create the C:\tmp\cardmod.log and make it writable
> by everyone.
>
>
>>
>>
>> On Wed, Jul 4, 2012 at 6:20 PM, Viktor Tarasov <viktor.tara...@gmail.com>
>> wrote:
>>> Hello,
>>>
>>> Le 04/07/2012 03:16, Galoh Haron a écrit :
>>>> I guess i need to clarify the question on pkcs#15 emulator again.
>>>>
>>>> 1) I have created pkcs15-thecard.c and work on sc_pks15emu-thecard_init_ex
>>>> 2) With some code's modification, the command of opensc-tool -i,
>>>> opensc-tool -a opensc -s work.
>>>> 3) Any other steps missing for the emulator to work or perhaps a tiny miny
>>>> write up for developers to work on the emulator ?
>>>
>>>
>>> I would start from implementing the card driver with the basic
>>> 'sc_card_operations' handlers
>>> and testing all the stuff with the opensc-explorer .
>>>
>>> Then make a list of the pre-existing objects (PINs, Pub/Priv keys, certs,
>>> data) that you wish to see exposed with the libopensc/pkcs15 API as the
>>> PKCS#15 objects.
>>>
>>> After that take as example some existing emulator to see how to prepare
>>> data before calling the 'sc_pkcs15emu_add_**' functions
>>> and host to register your 'init_ex' procedure in pkcs15-syn.c .
>>>
>>> Then your can start the testing with the pkcs15-* tools, and finally
>>> minidriver.
>>>
>>>
>>>>
>>>> I am trying to get the minidriver to work with the pkcs#15 emulator.
>>>> Thank you.
>>>
>>> Kind regards,
>>> Viktor.
>>>
>>>
>>>>
>>>> On Mon, Jul 2, 2012 at 10:11 PM, Galoh Haron <grha...@gmail.com
>>>> <mailto:grha...@gmail.com>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> I am trying to emulate a non pkcs#15 smart card with no support for
>>>> MF selection.
>>>> How to test the emulation works?
>>>> Because when i tried to run command pkcs15-tool -r 00, i received
>>>> "Certificate read failed: Invalid ASN.1 object"
>>>>
>>>> Based on the log,
>>>>
>>>> 2012-07-02 22:06:20.293 [pkcs15-tool]
>>>> reader-pcsc.c:176:pcsc_internal_transmit: called
>>>> 2012-07-02 22:06:20.340
>>>> Incoming APDU data [ 17 bytes] =====================================
>>>> 84 E4 6C BA 08 7C 97 35 05 07 F1 DA 37 4E B2 90 ..l..|.5....7N..
>>>> 00 .
>>>> ======================================================================
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock: called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>> card-mykad.c:506:mykad_check_sw: called
>>>> 2012-07-02 22:06:20.340 certificate size is 1035
>>>> 2012-07-02 22:06:20.340 called, left=1031, depth 0
>>>> 2012-07-02 22:06:20.340 Looking for 'tbsCertificate', tag 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'tbsCertificate'
>>>> 2012-07-02 22:06:20.340 called, left=880, depth 1
>>>> 2012-07-02 22:06:20.340 Looking for 'version', tag 0x21000000,
>>>> OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'version'
>>>> 2012-07-02 22:06:20.340 called, left=3, depth 2
>>>> 2012-07-02 22:06:20.340 Looking for 'version', tag 0x2
>>>> 2012-07-02 22:06:20.340 decoding 'version'
>>>> 2012-07-02 22:06:20.340 decoding 'version' returned 2
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 Looking for 'serialNumber', tag 0x2
>>>> 2012-07-02 22:06:20.340 decoding 'serialNumber'
>>>> 2012-07-02 22:06:20.340 Looking for 'signature', tag 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'signature'
>>>> 2012-07-02 22:06:20.340 Looking for 'issuer', tag 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'issuer'
>>>> 2012-07-02 22:06:20.340 Looking for 'validity', tag 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'validity'
>>>> 2012-07-02 22:06:20.340 Looking for 'subject', tag 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'subject'
>>>> 2012-07-02 22:06:20.340 Looking for 'subjectPublicKeyInfo', tag
>>>> 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'subjectPublicKeyInfo'
>>>> 2012-07-02 22:06:20.340 sc_pkcs15_pubkey_from_spki 013C1CEF:157
>>>> 2012-07-02 22:06:20.340 called, left=157, depth 0
>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>> 2012-07-02 22:06:20.340 called, left=13, depth 1
>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x6
>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>> 2012-07-02 22:06:20.340 Looking for 'nullParam', tag 0x5, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'nullParam'
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 Looking for 'subjectPublicKey', tag 0x3
>>>> 2012-07-02 22:06:20.340 decoding 'subjectPublicKey'
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 DEE pk_alg.algorithm=0
>>>> 2012-07-02 22:06:20.340 called, left=138, depth 0
>>>> 2012-07-02 22:06:20.340 Looking for 'publicKeyCoefficients', tag
>>>> 0x1000010, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'publicKeyCoefficients'
>>>> 2012-07-02 22:06:20.340 called, left=135, depth 1
>>>> 2012-07-02 22:06:20.340 Looking for 'modulus', tag 0x2
>>>> 2012-07-02 22:06:20.340 decoding 'modulus'
>>>> 2012-07-02 22:06:20.340 Looking for 'exponent', tag 0x2
>>>> 2012-07-02 22:06:20.340 decoding 'exponent'
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 Looking for 'extensions', tag 0x21000003,
>>>> OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'extensions'
>>>> 2012-07-02 22:06:20.340 called, left=328, depth 2
>>>> 2012-07-02 22:06:20.340 Looking for 'x509v3', tag 0x1000010, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'x509v3'
>>>> 2012-07-02 22:06:20.340 called, left=324, depth 3
>>>> 2012-07-02 22:06:20.340 Looking for 'certificatePolicies', tag
>>>> 0x1000010, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'certificatePolicies'
>>>> 2012-07-02 22:06:20.340 Looking for 'subjectKeyIdentifier', tag
>>>> 0x1000010, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'subjectKeyIdentifier'
>>>> 2012-07-02 22:06:20.340 Looking for 'crlDistributionPoints', tag
>>>> 0x1000010, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'crlDistributionPoints'
>>>> 2012-07-02 22:06:20.340 Looking for 'authorityKeyIdentifier', tag
>>>> 0x1000010, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'authorityKeyIdentifier'
>>>> 2012-07-02 22:06:20.340 Looking for 'keyUsage', tag 0x1000010,
>>>> OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'keyUsage'
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 Looking for 'signatureAlgorithm', tag
>>>> 0x1000010
>>>> 2012-07-02 22:06:20.340 decoding 'signatureAlgorithm'
>>>> 2012-07-02 22:06:20.340 called, left=13, depth 1
>>>> 2012-07-02 22:06:20.340 Looking for 'algorithm', tag 0x6
>>>> 2012-07-02 22:06:20.340 decoding 'algorithm'
>>>> 2012-07-02 22:06:20.340 Looking for 'nullParam', tag 0x5, OPTIONAL
>>>> 2012-07-02 22:06:20.340 decoding 'nullParam'
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 Looking for 'signatureValue', tag 0x3
>>>> 2012-07-02 22:06:20.340 decoding 'signatureValue'
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] asn1.c:1394:asn1_decode:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 encoding 'serialNumber'
>>>> 2012-07-02 22:06:20.340 type=4, tag=0x02, parm=013C0380, len=16
>>>> 2012-07-02 22:06:20.340 length of encoded item=18
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock: called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] pkcs15.c:959:sc_pkcs15_bind:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>> pkcs15-cert.c:156:sc_pkcs15_read_certificate: called
>>>> 2012-07-02 22:06:20.340 X.509 certificate not found
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] pkcs15.c:969:sc_pkcs15_unbind:
>>>> called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>> pkcs15-pin.c:596:sc_pkcs15_pincache_clear: called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:330:sc_unlock: called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] reader-pcsc.c:548:pcsc_unlock:
>>>> called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool] card.c:242:sc_disconnect_card:
>>>> called
>>>> 2012-07-02 22:06:20.340 [pkcs15-tool]
>>>> reader-pcsc.c:498:pcsc_disconnect: called
>>>> 2012-07-02 22:06:20.542 [pkcs15-tool] card.c:258:sc_disconnect_card:
>>>> returning with: 0 (Success)
>>>> 2012-07-02 22:06:20.542 [pkcs15-tool] ctx.c:738:sc_release_context:
>>>> called
>>>> 2012-07-02 22:06:20.542 [pkcs15-tool] reader-pcsc.c:736:pcsc_finish:
>>>> called
>>>>
>>>> Obviously I can't used the sc_pkcs15_read_certificate. My card does
>>>> not support pkcs15.
>>>> Or did i misunderstand the whole pkcs#15 emulator concept?
>>>>
>>>> -galoh
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> opensc-devel mailing list
>>>> opensc-devel@lists.opensc-project.org
>>>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>>
>> _______________________________________________
>> opensc-devel mailing list
>> opensc-devel@lists.opensc-project.org
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>
>>
>
> --
>
> Douglas E. Engert <deeng...@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
>
>
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
