On Mon, 10 Dec 2012, Yonathan Randolph wrote: > Hi David. Sorry for the late reply; I was just searching my email for > SafeSign and found yours. Coincidentally, I was testing a Crescendo C700 > (3B:DF:18:FF:81:31:FE:45:80:59:01:80:48:49:44:43:37:30:30:73:00:01:1B:33) > that was also initialized with SafeSign Identity Client. I couldn't > figure out how to get it to work with pkcs15-tool, but I implemented my > own reader in Java. Here's what I found when poking around and comparing > it to the MyEID card: > > - It doesn't support select by relative or absolute path, only select by > name (PKCS15 AID) and then select by file id. > > - The PIN is 4 to 15-byte 00-padded. > > - There's no private key file, so you don't need to select it or give the > file id to to MSE Set command. > > - MSE Set data was picky (84 01 00 80 01 02); reversing the fields 84 and 80 > caused it to fail. > > I'm not sure how to modify pkcs15-tool to make it work, but I know it should > be possible.
Hi Yonathon, Thanks for letting me know. I was vaguely hoping to use my card on my Linux machine, and the SafeSign webpage reckons there is a Linux client but I don't think I'll have any luck getting it out of our government office. Interestingly the datasheet for SafeSign Identity Client lists PKCS#15 compatibility - I'm not really across the standard but is select by path a required feature? I wouldn't be much help in modifications to pkcs15-tool either but could test any changes - may be able to provide a test environment if required. Thanks, David Adam zanc...@ucc.gu.uwa.edu.au Ask Me About Our SLA! _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
