Re: [Muscle] SmartCard sign number

[Raul Rosetto Munoz]

Hello,
The Documentation is in portuguese, they say that we must to sign the
equipment serial number with the manufacturer "Digital Certificate
IPC-BRASIL".

Portuguese:
2.4.1. Assinatura Digital do Número de Segurança
a. O número de segurança do equipamento SAT, de conhecimento exclusivo do
Fabricante e do Fisco, deve ser assinado digitalmente pelo fabricante com o
uso de seu Certificado Digital ICP-BRASIL;
b. A assinatura deve ser executada de forma que o resultado da operação
seja uma string de dados codificada em base64, seguindo o padrão PKCS #1
versão 1.5;
c. Esta assinatura deve ser armazenada na memória de pequeno armazenamento
e usada pelo equipamento SAT-CF-e nos respectivos processos de comunicação
com o Fisco.

English:
2.4.1 . Digital Signature of Security Number
a. The number of security SAT equipment, known only to the manufacturer and
the FISCO , must be digitally signed by the manufacturer using their
Digital Certificate ICP-BRAZIL ;
b . The signature must be executed so that the result of the operation is a
string of data encoded in base64 , following the PKCS #1 version 1.5
standard;
c . This signature must be stored in memory storage and small equipment
used by SAT - CF- and in their communications with the FISCO.

FISCO = responsible unit of government.

http://www.fazenda.sp.gov.br/sat/downloads/Especificacao_SAT_v_ER_2_8_5.pdf

I hope that now some one understand what I need!

Thanks for all help until now!


On Tue, Dec 17, 2013 at 1:26 PM, Waldemar Dick  wrote:

> Hello Raul,
>
>
> On 17.12.2013 14:28, Raul Rosetto Munoz wrote:
>
>> "Every thing start because I need to sign my device serial number with my
>> smart card, in the documentation that I need to follow just say that I need
>> sign a number like  "290953052" and after sign I need to get an data string
>> in base64, followed the PKCS #1 version 1.5."
>>
>
> can you point us to the documentation you mention. Maybe then we can help.
>
> Greetings,
>
> Waldemar
>
>
> ___
> Muscle mailing list
> Muscle@lists.musclecard.com
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>



-- 
*Raul Rosetto Muñoz*
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

[Waldemar Dick]

Hello Raul,

On 17.12.2013 14:28, Raul Rosetto Munoz wrote:
"Every thing start because I need to sign my device serial number with 
my smart card, in the documentation that I need to follow just say 
that I need sign a number like  "290953052" and after sign I need to 
get an data string in base64, followed the PKCS #1 version 1.5."


can you point us to the documentation you mention. Maybe then we can help.

Greetings,

Waldemar

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

[Douglas E. Engert]

On 12/17/2013 7:28 AM, Raul Rosetto Munoz wrote:

I'm sure that my card is Safesign, I installed the SafeSign from A.E.T too.

But know I have no idea what I can do to sign this number!



The problem is not with the smart card, but with understanding what you mean by:

"I need to sign my device serial number with my smart card, in the documentation that I 
need to follow just say that I need sign a number like  "290953052" and after
sign I need to get an data string in base64, followed the PKCS #1 version 1.5."

What is: "the documentation"?

Most signing operations with RSA sign a hash of the data to be signed.
The hash would then be padded before applying the RSA algorithm.

But your description sounds like you are not using a hash of the data.




Some one have more information to help me!

Thanks all


On Tue, Dec 17, 2013 at 10:42 AM, Luciano Coelho e-Sec mailto:coe...@esec.com.br>> wrote:

Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign.

Raul Rosetto Munoz mailto:munoz0r...@gmail.com>> 
escreveu:

I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

"Every thing start because

And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet mailto:sebast...@lorquet.fr>> wrote:

Hello

there is no "generic" way to talk to a smart card.

You need to either

-get technical documentation for your card
-reverse the card protocol by looking at the exchanges between the 
card and the application. That may not be sufficient if the card uses a dynamic 
authentication mechanism.

before allowing the use of a private key to sign data, most card 
requires a pin presentation or mutual authentication.

Best regards
Sebastien Lorquet

Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:

https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau mailto:ludovic.rouss...@free.fr>>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert mailto:deeng...@anl.gov>> wrote:



On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how 
the smart card works.

First of all I have with me a Brazilian Digital Document 
called e-CPF, this card is an Version V2 with 2048 bits and is part of 
IPC-BRAZIL.

Every thing start because I need to sign my device serial 
number with my smart card, in the documentation that I need to follow just say 
that I need sign a number like
 "290953052" and after sign I
need to get an data string in base64, followed the PKCS #1 
version 1.5.

Re: [Muscle] SmartCard sign number

[Raul Rosetto Munoz]

I'm sure that my card is Safesign, I installed the SafeSign from A.E.T too.

But know I have no idea what I can do to sign this number!

Some one have more information to help me!

Thanks all


On Tue, Dec 17, 2013 at 10:42 AM, Luciano Coelho e-Sec
wrote:

> Use CAPI or PKCS#11 check the middleware of your smartcard. May be
> Safesign.
>
> Raul Rosetto Munoz  escreveu:
>
>> I think that the Card work fine with windows,
>>
>> but my problem is that I didnt find a Software that sign a file.
>>
>> I just need to find a software that sign a number! (Can Be on Windows!)
>>
>> "Every thing start because I need to sign my device serial number with my
>> smart card, in the documentation that I need to follow just say that I need
>> sign a number like  "290953052" and after sign I need to get an data string
>> in base64, followed the PKCS #1 version 1.5."
>>
>> And I just need to do that one time! could be any software!
>>
>> If some one have any opinion for sure will help me a lot!
>>
>> Thanks For all help!
>>
>> On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet 
>> wrote:
>>
>>>  Hello
>>>
>>> there is no "generic" way to talk to a smart card.
>>>
>>> You need to either
>>>
>>> -get technical documentation for your card
>>> -reverse the card protocol by looking at the exchanges between the card
>>> and the application. That may not be sufficient if the card uses a dynamic
>>> authentication mechanism.
>>>
>>> before allowing the use of a private key to sign data, most card
>>> requires a pin presentation or mutual authentication.
>>>
>>> Best regards
>>> Sebastien Lorquet
>>>
>>> Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :
>>>
>>> Hello Douglas,
>>>
>>>  I try many foruns, and all the time I get Unsupported card:
>>>
>>>  opensc-tool --reader 0 --name
>>> Unsupported card
>>>
>>>  Do you know how to find the real type of my card?
>>>
>>>  I try pcsc_scan
>>>
>>>  But I didnt find some name that I can compare with this list:
>>>
>>> https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29
>>>
>>>  pcsc_scan
>>> PC/SC device scanner
>>> V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
>>> Compiled with PC/SC lite version: 1.7.4
>>> Using reader plug'n play mechanism
>>> Scanning present readers...
>>> 0: ACS ACR 38U-CCID 00 00
>>>
>>>  Mon Dec 16 19:05:21 2013
>>> Reader 0: ACS ACR 38U-CCID 00 00
>>>Card state: Card inserted,
>>>   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>>
>>>  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>> + TS = 3B --> Direct Convention
>>> + T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
>>>   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
>>> 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
>>>   TB(1) = 00 --> VPP is not electrically connected
>>>   TC(1) = 00 --> Extra guard time: 0
>>> + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>>   Category indicator byte: 80 (compact TLV data object)
>>> Tag: 5, len: 9 (card issuer's data)
>>>   Card issuer data: 49 44 65 61 59 49 44 65 61
>>> Tag: 6, len: C (pre-issuing data)
>>>   Data: 5F 31 2E
>>>
>>>  Possibly identified card (using /home/raul/.smartcard_list.txt):
>>> 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>>  e-CNPJ issued by Fenacon (eID)
>>>  http://www.fenacon.org.br
>>>
>>>  Thanks For All Help.
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert wrote:
>>>


 On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

> Hello,
>
> That's my first time that I really need to understand how the smart
> card works.
>
> First of all I have with me a Brazilian Digital Document called e-CPF,
> this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.
>
> Every thing start because I need to sign my device serial number with
> my smart card, in the documentation that I need to follow just say that I
> need sign a number like  "290953052" and after sign I
> need to get an data string in base64, followed the PKCS #1 version 1.5.
>
> My First question, there is an chance to outsource the private key
> inside the smart card?
>

  No. That is the point of a smart card, the private key can not be read.
 It can only be used for decryption or signing. (The public key in a
 certificate
 is used for encryption or verifying signatures.)
 (The issuer of the card may be able to read it, but not ordinary
 users.)



> I asked that because if I get the private key I can do that using
> openssl.
>

  You might be able  to use OpenSSL, if the card  has an openssl engine
 or
 the card has a PKCS#11 library. (OpenSC has an openssl_engine for use
 with PKCS#11.)
 OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
 supported or not.
 People have asked in the past.

 https://github.com/OpenSC/OpenSC/wiki

Re: [Muscle] SmartCard sign number

[Luciano Coelho e-Sec]

Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign.

Raul Rosetto Munoz  escreveu:
>I think that the Card work fine with windows,
>
>but my problem is that I didnt find a Software that sign a file.
>
>I just need to find a software that sign a number! (Can Be on Windows!)
>
>"Every thing start because I need to sign my device serial number with
>my
>smart card, in the documentation that I need to follow just say that I
>need
>sign a number like  "290953052" and after sign I need to get an data
>string
>in base64, followed the PKCS #1 version 1.5."
>
>And I just need to do that one time! could be any software!
>
>If some one have any opinion for sure will help me a lot!
>
>Thanks For all help!
>
>On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet
>wrote:
>
>>  Hello
>>
>> there is no "generic" way to talk to a smart card.
>>
>> You need to either
>>
>> -get technical documentation for your card
>> -reverse the card protocol by looking at the exchanges between the
>card
>> and the application. That may not be sufficient if the card uses a
>dynamic
>> authentication mechanism.
>>
>> before allowing the use of a private key to sign data, most card
>requires
>> a pin presentation or mutual authentication.
>>
>> Best regards
>> Sebastien Lorquet
>>
>> Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :
>>
>> Hello Douglas,
>>
>>  I try many foruns, and all the time I get Unsupported card:
>>
>>  opensc-tool --reader 0 --name
>> Unsupported card
>>
>>  Do you know how to find the real type of my card?
>>
>>  I try pcsc_scan
>>
>>  But I didnt find some name that I can compare with this list:
>>
>>
>https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29
>>
>>  pcsc_scan
>> PC/SC device scanner
>> V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
>> Compiled with PC/SC lite version: 1.7.4
>> Using reader plug'n play mechanism
>> Scanning present readers...
>> 0: ACS ACR 38U-CCID 00 00
>>
>>  Mon Dec 16 19:05:21 2013
>> Reader 0: ACS ACR 38U-CCID 00 00
>>Card state: Card inserted,
>>   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>
>>  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>> + TS = 3B --> Direct Convention
>> + T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
>>   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
>> 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
>>   TB(1) = 00 --> VPP is not electrically connected
>>   TC(1) = 00 --> Extra guard time: 0
>> + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>   Category indicator byte: 80 (compact TLV data object)
>> Tag: 5, len: 9 (card issuer's data)
>>   Card issuer data: 49 44 65 61 59 49 44 65 61
>> Tag: 6, len: C (pre-issuing data)
>>   Data: 5F 31 2E
>>
>>  Possibly identified card (using /home/raul/.smartcard_list.txt):
>> 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>>  e-CNPJ issued by Fenacon (eID)
>>  http://www.fenacon.org.br
>>
>>  Thanks For All Help.
>>
>>
>>
>>
>>
>> On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert
>wrote:
>>
>>>
>>>
>>> On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:
>>>
 Hello,

 That's my first time that I really need to understand how the smart
>card
 works.

 First of all I have with me a Brazilian Digital Document called
>e-CPF,
 this card is an Version V2 with 2048 bits and is part of
>IPC-BRAZIL.

 Every thing start because I need to sign my device serial number
>with my
 smart card, in the documentation that I need to follow just say
>that I need
 sign a number like  "290953052" and after sign I
 need to get an data string in base64, followed the PKCS #1 version
>1.5.

 My First question, there is an chance to outsource the private key
 inside the smart card?

>>>
>>>  No. That is the point of a smart card, the private key can not be
>read.
>>> It can only be used for decryption or signing. (The public key in a
>>> certificate
>>> is used for encryption or verifying signatures.)
>>> (The issuer of the card may be able to read it, but not ordinary
>users.)
>>>
>>>
>>>
 I asked that because if I get the private key I can do that using
 openssl.

>>>
>>>  You might be able  to use OpenSSL, if the card  has an openssl
>engine or
>>> the card has a PKCS#11 library. (OpenSC has an openssl_engine for
>use
>>> with PKCS#11.)
>>> OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
>>> supported or not.
>>> People have asked in the past.
>>>
>>> https://github.com/OpenSC/OpenSC/wiki
>>>
>>>
>>>
>https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29
>>>
>>> Google for: opensc smart card e-cnpj
>>>
>>>
>>>
 But if this happen I cant see an reason for smart cards work well.

 Im sorry to ask this basics questions but I realy got difficult to
>find
 informations.

 Thanks For All Help!

 --
 *Raul Rosetto Muñoz*

>

Re: [Muscle] SmartCard sign number

[Waldemar Dick]

Hello Raul,

coincidentally I worked with a e-CNPJ card yesterday. The cards comes 
with a PKCS#11 library (SafeSign from A.E.T).


So, all you need is a software with PKCS#11 support.
But I don't know of any software which operates at such a low level and 
gives the user a PKCS#1 result. Usually PKCS#7 is used, which contains 
for example your certificate and the signature time.
PKCS#1 is only a cryptographic primitive and not very usefully without 
any additional information.


Generally you could use the PKCS#11 library with Thunderbird for example 
to sign your E-Mails.

In your place I would look at the requirements again.

Greetings,
Waldemar


On 17.12.2013 12:44, Raul Rosetto Munoz wrote:

I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

"Every thing start because I need to sign my device serial number with 
my smart card, in the documentation that I need to follow just say 
that I need sign a number like  "290953052" and after sign I need to 
get an data string in base64, followed the PKCS #1 version 1.5."


And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet 
mailto:sebast...@lorquet.fr>> wrote:


Hello

there is no "generic" way to talk to a smart card.

You need to either

-get technical documentation for your card
-reverse the card protocol by looking at the exchanges between the
card and the application. That may not be sufficient if the card
uses a dynamic authentication mechanism.

before allowing the use of a private key to sign data, most card
requires a pin presentation or mutual authentication.

Best regards
Sebastien Lorquet

Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:

https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau
mailto:ludovic.rouss...@free.fr>>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert
mailto:deeng...@anl.gov>> wrote:



On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how
the smart card works.

First of all I have with me a Brazilian Digital Document
called e-CPF, this card is an Version V2 with 2048 bits
and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial
number with my smart card, in the documentation that I
need to follow just say that I need sign a number like
 "290953052" and after sign I
need to get an data string in base64, followed the PKCS
#1 version 1.5.

My First question, there is an chance to outsource the
private key inside the smart card?


No. That is the point of a smart card, the private key can
not be read.
It can only be used for decryption or signing. (The public
key in a certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not
ordinary users.)



I asked that because if I get the private key I can do
that u

Re: [Muscle] SmartCard sign number

[freescale]

suck it baby! :D

Sent from my BlackBerry® wireless device

-Original Message-
From: Raul Rosetto Munoz 
Sender: "Muscle" Date: Tue, 17 Dec 2013 
09:44:52 
To: MUSCLE
Reply-To: MUSCLE  
Subject: Re: [Muscle] SmartCard sign number

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

[Raul Rosetto Munoz]

I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

"Every thing start because I need to sign my device serial number with my
smart card, in the documentation that I need to follow just say that I need
sign a number like  "290953052" and after sign I need to get an data string
in base64, followed the PKCS #1 version 1.5."

And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet wrote:

>  Hello
>
> there is no "generic" way to talk to a smart card.
>
> You need to either
>
> -get technical documentation for your card
> -reverse the card protocol by looking at the exchanges between the card
> and the application. That may not be sufficient if the card uses a dynamic
> authentication mechanism.
>
> before allowing the use of a private key to sign data, most card requires
> a pin presentation or mutual authentication.
>
> Best regards
> Sebastien Lorquet
>
> Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :
>
> Hello Douglas,
>
>  I try many foruns, and all the time I get Unsupported card:
>
>  opensc-tool --reader 0 --name
> Unsupported card
>
>  Do you know how to find the real type of my card?
>
>  I try pcsc_scan
>
>  But I didnt find some name that I can compare with this list:
>
> https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29
>
>  pcsc_scan
> PC/SC device scanner
> V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
> Compiled with PC/SC lite version: 1.7.4
> Using reader plug'n play mechanism
> Scanning present readers...
> 0: ACS ACR 38U-CCID 00 00
>
>  Mon Dec 16 19:05:21 2013
> Reader 0: ACS ACR 38U-CCID 00 00
>Card state: Card inserted,
>   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>
>  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
> + TS = 3B --> Direct Convention
> + T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
>   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
> 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
>   TB(1) = 00 --> VPP is not electrically connected
>   TC(1) = 00 --> Extra guard time: 0
> + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>   Category indicator byte: 80 (compact TLV data object)
> Tag: 5, len: 9 (card issuer's data)
>   Card issuer data: 49 44 65 61 59 49 44 65 61
> Tag: 6, len: C (pre-issuing data)
>   Data: 5F 31 2E
>
>  Possibly identified card (using /home/raul/.smartcard_list.txt):
> 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
>  e-CNPJ issued by Fenacon (eID)
>  http://www.fenacon.org.br
>
>  Thanks For All Help.
>
>
>
>
>
> On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert wrote:
>
>>
>>
>> On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:
>>
>>> Hello,
>>>
>>> That's my first time that I really need to understand how the smart card
>>> works.
>>>
>>> First of all I have with me a Brazilian Digital Document called e-CPF,
>>> this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.
>>>
>>> Every thing start because I need to sign my device serial number with my
>>> smart card, in the documentation that I need to follow just say that I need
>>> sign a number like  "290953052" and after sign I
>>> need to get an data string in base64, followed the PKCS #1 version 1.5.
>>>
>>> My First question, there is an chance to outsource the private key
>>> inside the smart card?
>>>
>>
>>  No. That is the point of a smart card, the private key can not be read.
>> It can only be used for decryption or signing. (The public key in a
>> certificate
>> is used for encryption or verifying signatures.)
>> (The issuer of the card may be able to read it, but not ordinary users.)
>>
>>
>>
>>> I asked that because if I get the private key I can do that using
>>> openssl.
>>>
>>
>>  You might be able  to use OpenSSL, if the card  has an openssl engine or
>> the card has a PKCS#11 library. (OpenSC has an openssl_engine for use
>> with PKCS#11.)
>> OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
>> supported or not.
>> People have asked in the past.
>>
>> https://github.com/OpenSC/OpenSC/wiki
>>
>>
>> https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29
>>
>> Google for: opensc smart card e-cnpj
>>
>>
>>
>>> But if this happen I cant see an reason for smart cards work well.
>>>
>>> Im sorry to ask this basics questions but I realy got difficult to find
>>> informations.
>>>
>>> Thanks For All Help!
>>>
>>> --
>>> *Raul Rosetto Muñoz*
>>>
>>>
>>>  ___
>>> Muscle mailing list
>>> Muscle@lists.musclecard.com
>>> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>>>
>>>
>> --
>>
>>  Douglas E. Engert  
>>  Argonne National Laboratory
>>  9700 South Cass

Re: [Muscle] SmartCard sign number

[Sébastien Lorquet]

Hello

there is no "generic" way to talk to a smart card.

You need to either

-get technical documentation for your card
-reverse the card protocol by looking at the exchanges between the card 
and the application. That may not be sufficient if the card uses a 
dynamic authentication mechanism.


before allowing the use of a private key to sign data, most card 
requires a pin presentation or mutual authentication.


Best regards
Sebastien Lorquet

Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau >

Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert > wrote:




On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how the
smart card works.

First of all I have with me a Brazilian Digital Document
called e-CPF, this card is an Version V2 with 2048 bits and is
part of IPC-BRAZIL.

Every thing start because I need to sign my device serial
number with my smart card, in the documentation that I need to
follow just say that I need sign a number like  "290953052"
and after sign I
need to get an data string in base64, followed the PKCS #1
version 1.5.

My First question, there is an chance to outsource the private
key inside the smart card?


No. That is the point of a smart card, the private key can not be
read.
It can only be used for decryption or signing. (The public key in
a certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not ordinary
users.)



I asked that because if I get the private key I can do that
using openssl.


You might be able  to use OpenSSL, if the card  has an openssl
engine or
the card has a PKCS#11 library. (OpenSC has an openssl_engine for
use with PKCS#11.)
OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
supported or not.
People have asked in the past.

https://github.com/OpenSC/OpenSC/wiki


https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

Google for: opensc smart card e-cnpj



But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got
difficult to find informations.

Thanks For All Help!

--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com 
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


-- 


 Douglas E. Engert  mailto:deeng...@anl.gov>>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

___
Muscle mailing list
Muscle@lists.musclecard.com 
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com




--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.mu

Re: [Muscle] SmartCard sign number

[Douglas E. Engert]

On 12/16/2013 3:11 PM, Raul Rosetto Munoz wrote:

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?


pcsc_scan is the best start.



I try pcsc_scan

But I didnt find some name that I can compare with this list:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29


Then OpenSC does not support the card. Anyone can submit an OpenSC module for
a card, but you would need the vendor's documentation on how the card works
to write the module.

Does Windows recognize the card?

Does http://www.fenacon.org.br have a windows driver for the card?

Does it work with FireFox or Thunderbird on Windows?




pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau mailto:ludovic.rouss...@free.fr>>
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
   Card state: Card inserted,
   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
   TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
   TB(1) = 00 --> VPP is not electrically connected
   TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
   Category indicator byte: 80 (compact TLV data object)
 Tag: 5, len: 9 (card issuer's data)
   Card issuer data: 49 44 65 61 59 49 44 65 61
 Tag: 6, len: C (pre-issuing data)
   Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert mailto:deeng...@anl.gov>> wrote:



On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how the smart 
card works.

First of all I have with me a Brazilian Digital Document called e-CPF, 
this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial number with my smart 
card, in the documentation that I need to follow just say that I need sign a number like  
"290953052" and after
sign I
need to get an data string in base64, followed the PKCS #1 version 1.5.

My First question, there is an chance to outsource the private key 
inside the smart card?


No. That is the point of a smart card, the private key can not be read.
It can only be used for decryption or signing. (The public key in a 
certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not ordinary users.)



I asked that because if I get the private key I can do that using 
openssl.


You might be able  to use OpenSSL, if the card  has an openssl engine or
the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with 
PKCS#11.)
OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is 
supported or not.
People have asked in the past.

https://github.com/OpenSC/__OpenSC/wiki 



https://github.com/OpenSC/__OpenSC/wiki/Supported-__hardware-%28smart-cards-and-__USB-tokens%29
 


Google for: opensc smart card e-cnpj



But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got difficult to find 
informations.

Thanks For All Help!

--
*Raul Rosetto Muñoz*


_
Muscle mailing list
Muscle@lists.musclecard.com 
http://lists.musclecard.com/__mailman/listinfo/muscle_lists.__musclecard.com 



--

  Douglas E. Engert  mailto:deeng...@anl.gov>>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

_
Muscle mailing list
Muscle@lists.musclecard.com 
http://lists.musclecard.com/__mailman/listinfo/muscle_lists.__musclecard.com 





--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/li

Re: [Muscle] SmartCard sign number

[Raul Rosetto Munoz]

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert  wrote:

>
>
> On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:
>
>> Hello,
>>
>> That's my first time that I really need to understand how the smart card
>> works.
>>
>> First of all I have with me a Brazilian Digital Document called e-CPF,
>> this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.
>>
>> Every thing start because I need to sign my device serial number with my
>> smart card, in the documentation that I need to follow just say that I need
>> sign a number like  "290953052" and after sign I
>> need to get an data string in base64, followed the PKCS #1 version 1.5.
>>
>> My First question, there is an chance to outsource the private key inside
>> the smart card?
>>
>
> No. That is the point of a smart card, the private key can not be read.
> It can only be used for decryption or signing. (The public key in a
> certificate
> is used for encryption or verifying signatures.)
> (The issuer of the card may be able to read it, but not ordinary users.)
>
>
>
>> I asked that because if I get the private key I can do that using openssl.
>>
>
> You might be able  to use OpenSSL, if the card  has an openssl engine or
> the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with
> PKCS#11.)
> OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
> supported or not.
> People have asked in the past.
>
> https://github.com/OpenSC/OpenSC/wiki
>
> https://github.com/OpenSC/OpenSC/wiki/Supported-
> hardware-%28smart-cards-and-USB-tokens%29
>
> Google for: opensc smart card e-cnpj
>
>
>
>> But if this happen I cant see an reason for smart cards work well.
>>
>> Im sorry to ask this basics questions but I realy got difficult to find
>> informations.
>>
>> Thanks For All Help!
>>
>> --
>> *Raul Rosetto Muñoz*
>>
>>
>> ___
>> Muscle mailing list
>> Muscle@lists.musclecard.com
>> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>>
>>
> --
>
>  Douglas E. Engert  
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444
>
> ___
> Muscle mailing list
> Muscle@lists.musclecard.com
> http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
>



-- 
*Raul Rosetto Muñoz*
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

[Douglas E. Engert]

On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how the smart card works.

First of all I have with me a Brazilian Digital Document called e-CPF, this 
card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial number with my smart card, in 
the documentation that I need to follow just say that I need sign a number like  
"290953052" and after sign I
need to get an data string in base64, followed the PKCS #1 version 1.5.

My First question, there is an chance to outsource the private key inside the 
smart card?


No. That is the point of a smart card, the private key can not be read.
It can only be used for decryption or signing. (The public key in a certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not ordinary users.)



I asked that because if I get the private key I can do that using openssl.


You might be able  to use OpenSSL, if the card  has an openssl engine or
the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with 
PKCS#11.)
OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or 
not.
People have asked in the past.

https://github.com/OpenSC/OpenSC/wiki

https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

Google for: opensc smart card e-cnpj




But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got difficult to find 
informations.

Thanks For All Help!

--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com



--

 Douglas E. Engert  
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

[Muscle] SmartCard sign number

[Raul Rosetto Munoz]

Hello,

That's my first time that I really need to understand how the smart card
works.

First of all I have with me a Brazilian Digital Document called e-CPF, this
card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial number with my
smart card, in the documentation that I need to follow just say that I need
sign a number like  "290953052" and after sign I need to get an data string
in base64, followed the PKCS #1 version 1.5.

My First question, there is an chance to outsource the private key inside
the smart card?

I asked that because if I get the private key I can do that using openssl.

But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got difficult to find
informations.

Thanks For All Help!

-- 
*Raul Rosetto Muñoz*
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com