Re: [Muscle] SmartCard sign number
I think that the Card work fine with windows, but my problem is that I didnt find a Software that sign a file. I just need to find a software that sign a number! (Can Be on Windows!) Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. And I just need to do that one time! could be any software! If some one have any opinion for sure will help me a lot! Thanks For all help! On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.frwrote: Hello there is no generic way to talk to a smart card. You need to either -get technical documentation for your card -reverse the card protocol by looking at the exchanges between the card and the application. That may not be sufficient if the card uses a dynamic authentication mechanism. before allowing the use of a private key to sign data, most card requires a pin presentation or mutual authentication. Best regards Sebastien Lorquet Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit : Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.govwrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com
Re: [Muscle] SmartCard sign number
suck it baby! :D Sent from my BlackBerry® wireless device -Original Message- From: Raul Rosetto Munoz munoz0r...@gmail.com Sender: Muscle muscle-boun...@lists.musclecard.comDate: Tue, 17 Dec 2013 09:44:52 To: MUSCLEmuscle@lists.musclecard.com Reply-To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] SmartCard sign number ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] SmartCard sign number
Hello Raul, coincidentally I worked with a e-CNPJ card yesterday. The cards comes with a PKCS#11 library (SafeSign from A.E.T). So, all you need is a software with PKCS#11 support. But I don't know of any software which operates at such a low level and gives the user a PKCS#1 result. Usually PKCS#7 is used, which contains for example your certificate and the signature time. PKCS#1 is only a cryptographic primitive and not very usefully without any additional information. Generally you could use the PKCS#11 library with Thunderbird for example to sign your E-Mails. In your place I would look at the requirements again. Greetings, Waldemar On 17.12.2013 12:44, Raul Rosetto Munoz wrote: I think that the Card work fine with windows, but my problem is that I didnt find a Software that sign a file. I just need to find a software that sign a number! (Can Be on Windows!) Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. And I just need to do that one time! could be any software! If some one have any opinion for sure will help me a lot! Thanks For all help! On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.fr mailto:sebast...@lorquet.fr wrote: Hello there is no generic way to talk to a smart card. You need to either -get technical documentation for your card -reverse the card protocol by looking at the exchanges between the card and the application. That may not be sufficient if the card uses a dynamic authentication mechanism. before allowing the use of a private key to sign data, most card requires a pin presentation or mutual authentication. Best regards Sebastien Lorquet Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit : Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr mailto:ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov wrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I
Re: [Muscle] SmartCard sign number
Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign. Raul Rosetto Munoz munoz0r...@gmail.com escreveu: I think that the Card work fine with windows, but my problem is that I didnt find a Software that sign a file. I just need to find a software that sign a number! (Can Be on Windows!) Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. And I just need to do that one time! could be any software! If some one have any opinion for sure will help me a lot! Thanks For all help! On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.frwrote: Hello there is no generic way to talk to a smart card. You need to either -get technical documentation for your card -reverse the card protocol by looking at the exchanges between the card and the application. That may not be sufficient if the card uses a dynamic authentication mechanism. before allowing the use of a private key to sign data, most card requires a pin presentation or mutual authentication. Best regards Sebastien Lorquet Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit : Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.govwrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444
Re: [Muscle] SmartCard sign number
I'm sure that my card is Safesign, I installed the SafeSign from A.E.T too. But know I have no idea what I can do to sign this number! Some one have more information to help me! Thanks all On Tue, Dec 17, 2013 at 10:42 AM, Luciano Coelho e-Sec coe...@esec.com.brwrote: Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign. Raul Rosetto Munoz munoz0r...@gmail.com escreveu: I think that the Card work fine with windows, but my problem is that I didnt find a Software that sign a file. I just need to find a software that sign a number! (Can Be on Windows!) Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. And I just need to do that one time! could be any software! If some one have any opinion for sure will help me a lot! Thanks For all help! On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.frwrote: Hello there is no generic way to talk to a smart card. You need to either -get technical documentation for your card -reverse the card protocol by looking at the exchanges between the card and the application. That may not be sufficient if the card uses a dynamic authentication mechanism. before allowing the use of a private key to sign data, most card requires a pin presentation or mutual authentication. Best regards Sebastien Lorquet Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit : Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.govwrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz*
Re: [Muscle] SmartCard sign number
On 12/17/2013 7:28 AM, Raul Rosetto Munoz wrote: I'm sure that my card is Safesign, I installed the SafeSign from A.E.T too. But know I have no idea what I can do to sign this number! The problem is not with the smart card, but with understanding what you mean by: I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. What is: the documentation? Most signing operations with RSA sign a hash of the data to be signed. The hash would then be padded before applying the RSA algorithm. But your description sounds like you are not using a hash of the data. Some one have more information to help me! Thanks all On Tue, Dec 17, 2013 at 10:42 AM, Luciano Coelho e-Sec coe...@esec.com.br mailto:coe...@esec.com.br wrote: Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign. Raul Rosetto Munoz munoz0r...@gmail.com mailto:munoz0r...@gmail.com escreveu: I think that the Card work fine with windows, but my problem is that I didnt find a Software that sign a file. I just need to find a software that sign a number! (Can Be on Windows!) Every thing start because And I just need to do that one time! could be any software! If some one have any opinion for sure will help me a lot! Thanks For all help! On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.fr mailto:sebast...@lorquet.fr wrote: Hello there is no generic way to talk to a smart card. You need to either -get technical documentation for your card -reverse the card protocol by looking at the exchanges between the card and the application. That may not be sufficient if the card uses a dynamic authentication mechanism. before allowing the use of a private key to sign data, most card requires a pin presentation or mutual authentication. Best regards Sebastien Lorquet Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit : Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr mailto:ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov wrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get
Re: [Muscle] SmartCard sign number
Hello Raul, On 17.12.2013 14:28, Raul Rosetto Munoz wrote: Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. can you point us to the documentation you mention. Maybe then we can help. Greetings, Waldemar ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] SmartCard sign number
Hello, The Documentation is in portuguese, they say that we must to sign the equipment serial number with the manufacturer Digital Certificate IPC-BRASIL. Portuguese: 2.4.1. Assinatura Digital do Número de Segurança a. O número de segurança do equipamento SAT, de conhecimento exclusivo do Fabricante e do Fisco, deve ser assinado digitalmente pelo fabricante com o uso de seu Certificado Digital ICP-BRASIL; b. A assinatura deve ser executada de forma que o resultado da operação seja uma string de dados codificada em base64, seguindo o padrão PKCS #1 versão 1.5; c. Esta assinatura deve ser armazenada na memória de pequeno armazenamento e usada pelo equipamento SAT-CF-e nos respectivos processos de comunicação com o Fisco. English: 2.4.1 . Digital Signature of Security Number a. The number of security SAT equipment, known only to the manufacturer and the FISCO , must be digitally signed by the manufacturer using their Digital Certificate ICP-BRAZIL ; b . The signature must be executed so that the result of the operation is a string of data encoded in base64 , following the PKCS #1 version 1.5 standard; c . This signature must be stored in memory storage and small equipment used by SAT - CF- and in their communications with the FISCO. FISCO = responsible unit of government. http://www.fazenda.sp.gov.br/sat/downloads/Especificacao_SAT_v_ER_2_8_5.pdf I hope that now some one understand what I need! Thanks for all help until now! On Tue, Dec 17, 2013 at 1:26 PM, Waldemar Dick wd...@urgewalten.de wrote: Hello Raul, On 17.12.2013 14:28, Raul Rosetto Munoz wrote: Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. can you point us to the documentation you mention. Maybe then we can help. Greetings, Waldemar ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
[Muscle] SmartCard sign number
Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? I asked that because if I get the private key I can do that using openssl. But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] SmartCard sign number
On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] SmartCard sign number
Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov wrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Supported- hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] SmartCard sign number
On 12/16/2013 3:11 PM, Raul Rosetto Munoz wrote: Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? pcsc_scan is the best start. I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Then OpenSC does not support the card. Anyone can submit an OpenSC module for a card, but you would need the vendor's documentation on how the card works to write the module. Does Windows recognize the card? Does http://www.fenacon.org.br have a windows driver for the card? Does it work with FireFox or Thunderbird on Windows? pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr mailto:ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov wrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/__OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/__OpenSC/wiki/Supported-__hardware-%28smart-cards-and-__USB-tokens%29 https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* _ Muscle mailing list Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com http://lists.musclecard.com/__mailman/listinfo/muscle_lists.__musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _ Muscle mailing list Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com http://lists.musclecard.com/__mailman/listinfo/muscle_lists.__musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com
Re: [Muscle] SmartCard sign number
Hello there is no generic way to talk to a smart card. You need to either -get technical documentation for your card -reverse the card protocol by looking at the exchanges between the card and the application. That may not be sufficient if the card uses a dynamic authentication mechanism. before allowing the use of a private key to sign data, most card requires a pin presentation or mutual authentication. Best regards Sebastien Lorquet Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit : Hello Douglas, I try many foruns, and all the time I get Unsupported card: opensc-tool --reader 0 --name Unsupported card Do you know how to find the real type of my card? I try pcsc_scan But I didnt find some name that I can compare with this list: https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 pcsc_scan PC/SC device scanner V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr mailto:ludovic.rouss...@free.fr Compiled with PC/SC lite version: 1.7.4 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR 38U-CCID 00 00 Mon Dec 16 19:05:21 2013 Reader 0: ACS ACR 38U-CCID 00 00 Card state: Card inserted, ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E + TS = 3B -- Direct Convention + T0 = 7F, Y(1): 0111, K: 15 (historical bytes) TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s TB(1) = 00 -- VPP is not electrically connected TC(1) = 00 -- Extra guard time: 0 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E Category indicator byte: 80 (compact TLV data object) Tag: 5, len: 9 (card issuer's data) Card issuer data: 49 44 65 61 59 49 44 65 61 Tag: 6, len: C (pre-issuing data) Data: 5F 31 2E Possibly identified card (using /home/raul/.smartcard_list.txt): 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E e-CNPJ issued by Fenacon (eID) http://www.fenacon.org.br Thanks For All Help. On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov wrote: On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote: Hello, That's my first time that I really need to understand how the smart card works. First of all I have with me a Brazilian Digital Document called e-CPF, this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL. Every thing start because I need to sign my device serial number with my smart card, in the documentation that I need to follow just say that I need sign a number like 290953052 and after sign I need to get an data string in base64, followed the PKCS #1 version 1.5. My First question, there is an chance to outsource the private key inside the smart card? No. That is the point of a smart card, the private key can not be read. It can only be used for decryption or signing. (The public key in a certificate is used for encryption or verifying signatures.) (The issuer of the card may be able to read it, but not ordinary users.) I asked that because if I get the private key I can do that using openssl. You might be able to use OpenSSL, if the card has an openssl engine or the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with PKCS#11.) OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or not. People have asked in the past. https://github.com/OpenSC/OpenSC/wiki https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29 Google for: opensc smart card e-cnpj But if this happen I cant see an reason for smart cards work well. Im sorry to ask this basics questions but I realy got difficult to find informations. Thanks For All Help! -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov mailto:deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- *Raul Rosetto Muñoz* ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list