subject:"Re\: \[Muscle\] SmartCard sign number"

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Raul Rosetto Munoz

I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

Every thing start because I need to sign my device serial number with my
smart card, in the documentation that I need to follow just say that I need
sign a number like  290953052 and after sign I need to get an data string
in base64, followed the PKCS #1 version 1.5.

And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.frwrote:

  Hello

 there is no generic way to talk to a smart card.

 You need to either

 -get technical documentation for your card
 -reverse the card protocol by looking at the exchanges between the card
 and the application. That may not be sufficient if the card uses a dynamic
 authentication mechanism.

 before allowing the use of a private key to sign data, most card requires
 a pin presentation or mutual authentication.

 Best regards
 Sebastien Lorquet

 Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

 Hello Douglas,

  I try many foruns, and all the time I get Unsupported card:

  opensc-tool --reader 0 --name
 Unsupported card

  Do you know how to find the real type of my card?

  I try pcsc_scan

  But I didnt find some name that I can compare with this list:

 https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

  pcsc_scan
 PC/SC device scanner
 V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr
 Compiled with PC/SC lite version: 1.7.4
 Using reader plug'n play mechanism
 Scanning present readers...
 0: ACS ACR 38U-CCID 00 00

  Mon Dec 16 19:05:21 2013
 Reader 0: ACS ACR 38U-CCID 00 00
Card state: Card inserted,
   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
 + TS = 3B -- Direct Convention
 + T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
   TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
   TB(1) = 00 -- VPP is not electrically connected
   TC(1) = 00 -- Extra guard time: 0
 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
   Category indicator byte: 80 (compact TLV data object)
 Tag: 5, len: 9 (card issuer's data)
   Card issuer data: 49 44 65 61 59 49 44 65 61
 Tag: 6, len: C (pre-issuing data)
   Data: 5F 31 2E

  Possibly identified card (using /home/raul/.smartcard_list.txt):
 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  e-CNPJ issued by Fenacon (eID)
  http://www.fenacon.org.br

  Thanks For All Help.





 On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.govwrote:



 On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

 Hello,

 That's my first time that I really need to understand how the smart card
 works.

 First of all I have with me a Brazilian Digital Document called e-CPF,
 this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

 Every thing start because I need to sign my device serial number with my
 smart card, in the documentation that I need to follow just say that I need
 sign a number like  290953052 and after sign I
 need to get an data string in base64, followed the PKCS #1 version 1.5.

 My First question, there is an chance to outsource the private key
 inside the smart card?


  No. That is the point of a smart card, the private key can not be read.
 It can only be used for decryption or signing. (The public key in a
 certificate
 is used for encryption or verifying signatures.)
 (The issuer of the card may be able to read it, but not ordinary users.)



 I asked that because if I get the private key I can do that using
 openssl.


  You might be able  to use OpenSSL, if the card  has an openssl engine or
 the card has a PKCS#11 library. (OpenSC has an openssl_engine for use
 with PKCS#11.)
 OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
 supported or not.
 People have asked in the past.

 https://github.com/OpenSC/OpenSC/wiki


 https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

 Google for: opensc smart card e-cnpj



 But if this happen I cant see an reason for smart cards work well.

 Im sorry to ask this basics questions but I realy got difficult to find
 informations.

 Thanks For All Help!

 --
 *Raul Rosetto Muñoz*


  ___
 Muscle mailing list
 Muscle@lists.musclecard.com
 http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


 --

  Douglas E. Engert  deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

 ___
 Muscle mailing list
 Muscle@lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-17 Thread freescale

suck it baby! :D

Sent from my BlackBerry® wireless device

-Original Message-
From: Raul Rosetto Munoz munoz0r...@gmail.com
Sender: Muscle muscle-boun...@lists.musclecard.comDate: Tue, 17 Dec 2013 
09:44:52 
To: MUSCLEmuscle@lists.musclecard.com
Reply-To: MUSCLE  muscle@lists.musclecard.com
Subject: Re: [Muscle] SmartCard sign number

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Waldemar Dick


Hello Raul,

coincidentally I worked with a e-CNPJ card yesterday. The cards comes 
with a PKCS#11 library (SafeSign from A.E.T).


So, all you need is a software with PKCS#11 support.
But I don't know of any software which operates at such a low level and 
gives the user a PKCS#1 result. Usually PKCS#7 is used, which contains 
for example your certificate and the signature time.
PKCS#1 is only a cryptographic primitive and not very usefully without 
any additional information.


Generally you could use the PKCS#11 library with Thunderbird for example 
to sign your E-Mails.

In your place I would look at the requirements again.

Greetings,
Waldemar


On 17.12.2013 12:44, Raul Rosetto Munoz wrote:

I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

Every thing start because I need to sign my device serial number with 
my smart card, in the documentation that I need to follow just say 
that I need sign a number like  290953052 and after sign I need to 
get an data string in base64, followed the PKCS #1 version 1.5.


And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet 
sebast...@lorquet.fr mailto:sebast...@lorquet.fr wrote:


Hello

there is no generic way to talk to a smart card.

You need to either

-get technical documentation for your card
-reverse the card protocol by looking at the exchanges between the
card and the application. That may not be sufficient if the card
uses a dynamic authentication mechanism.

before allowing the use of a private key to sign data, most card
requires a pin presentation or mutual authentication.

Best regards
Sebastien Lorquet

Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:

https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau
ludovic.rouss...@free.fr mailto:ludovic.rouss...@free.fr
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B -- Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
  TB(1) = 00 -- VPP is not electrically connected
  TC(1) = 00 -- Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert
deeng...@anl.gov mailto:deeng...@anl.gov wrote:



On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how
the smart card works.

First of all I have with me a Brazilian Digital Document
called e-CPF, this card is an Version V2 with 2048 bits
and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial
number with my smart card, in the documentation that I
need to follow just say that I need sign a number like
 290953052 and after sign I
need to get an data string in base64, followed the PKCS
#1 version 1.5.

My First question, there is an chance to outsource the
private key inside the smart card?


No. That is the point of a smart card, the private key can
not be read.
It can only be used for decryption or signing. (The public
key in a certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not
ordinary users.)



I asked that because if I

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Luciano Coelho e-Sec

Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign.

Raul Rosetto Munoz munoz0r...@gmail.com escreveu:
I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

Every thing start because I need to sign my device serial number with
my
smart card, in the documentation that I need to follow just say that I
need
sign a number like  290953052 and after sign I need to get an data
string
in base64, followed the PKCS #1 version 1.5.

And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet
sebast...@lorquet.frwrote:

  Hello

 there is no generic way to talk to a smart card.

 You need to either

 -get technical documentation for your card
 -reverse the card protocol by looking at the exchanges between the
card
 and the application. That may not be sufficient if the card uses a
dynamic
 authentication mechanism.

 before allowing the use of a private key to sign data, most card
requires
 a pin presentation or mutual authentication.

 Best regards
 Sebastien Lorquet

 Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

 Hello Douglas,

  I try many foruns, and all the time I get Unsupported card:

  opensc-tool --reader 0 --name
 Unsupported card

  Do you know how to find the real type of my card?

  I try pcsc_scan

  But I didnt find some name that I can compare with this list:


https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

  pcsc_scan
 PC/SC device scanner
 V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr
 Compiled with PC/SC lite version: 1.7.4
 Using reader plug'n play mechanism
 Scanning present readers...
 0: ACS ACR 38U-CCID 00 00

  Mon Dec 16 19:05:21 2013
 Reader 0: ACS ACR 38U-CCID 00 00
Card state: Card inserted,
   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
 + TS = 3B -- Direct Convention
 + T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
   TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
   TB(1) = 00 -- VPP is not electrically connected
   TC(1) = 00 -- Extra guard time: 0
 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
   Category indicator byte: 80 (compact TLV data object)
 Tag: 5, len: 9 (card issuer's data)
   Card issuer data: 49 44 65 61 59 49 44 65 61
 Tag: 6, len: C (pre-issuing data)
   Data: 5F 31 2E

  Possibly identified card (using /home/raul/.smartcard_list.txt):
 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  e-CNPJ issued by Fenacon (eID)
  http://www.fenacon.org.br

  Thanks For All Help.





 On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert
deeng...@anl.govwrote:



 On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

 Hello,

 That's my first time that I really need to understand how the smart
card
 works.

 First of all I have with me a Brazilian Digital Document called
e-CPF,
 this card is an Version V2 with 2048 bits and is part of
IPC-BRAZIL.

 Every thing start because I need to sign my device serial number
with my
 smart card, in the documentation that I need to follow just say
that I need
 sign a number like  290953052 and after sign I
 need to get an data string in base64, followed the PKCS #1 version
1.5.

 My First question, there is an chance to outsource the private key
 inside the smart card?


  No. That is the point of a smart card, the private key can not be
read.
 It can only be used for decryption or signing. (The public key in a
 certificate
 is used for encryption or verifying signatures.)
 (The issuer of the card may be able to read it, but not ordinary
users.)



 I asked that because if I get the private key I can do that using
 openssl.


  You might be able  to use OpenSSL, if the card  has an openssl
engine or
 the card has a PKCS#11 library. (OpenSC has an openssl_engine for
use
 with PKCS#11.)
 OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
 supported or not.
 People have asked in the past.

 https://github.com/OpenSC/OpenSC/wiki



https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

 Google for: opensc smart card e-cnpj



 But if this happen I cant see an reason for smart cards work well.

 Im sorry to ask this basics questions but I realy got difficult to
find
 informations.

 Thanks For All Help!

 --
 *Raul Rosetto Muñoz*


  ___
 Muscle mailing list
 Muscle@lists.musclecard.com

http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


 --

  Douglas E. Engert  deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Raul Rosetto Munoz

I'm sure that my card is Safesign, I installed the SafeSign from A.E.T too.

But know I have no idea what I can do to sign this number!

Some one have more information to help me!

Thanks all


On Tue, Dec 17, 2013 at 10:42 AM, Luciano Coelho e-Sec
coe...@esec.com.brwrote:

 Use CAPI or PKCS#11 check the middleware of your smartcard. May be
 Safesign.

 Raul Rosetto Munoz munoz0r...@gmail.com escreveu:

 I think that the Card work fine with windows,

 but my problem is that I didnt find a Software that sign a file.

 I just need to find a software that sign a number! (Can Be on Windows!)

 Every thing start because I need to sign my device serial number with my
 smart card, in the documentation that I need to follow just say that I need
 sign a number like  290953052 and after sign I need to get an data string
 in base64, followed the PKCS #1 version 1.5.

 And I just need to do that one time! could be any software!

 If some one have any opinion for sure will help me a lot!

 Thanks For all help!

 On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet 
 sebast...@lorquet.frwrote:

  Hello

 there is no generic way to talk to a smart card.

 You need to either

 -get technical documentation for your card
 -reverse the card protocol by looking at the exchanges between the card
 and the application. That may not be sufficient if the card uses a dynamic
 authentication mechanism.

 before allowing the use of a private key to sign data, most card
 requires a pin presentation or mutual authentication.

 Best regards
 Sebastien Lorquet

 Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

 Hello Douglas,

  I try many foruns, and all the time I get Unsupported card:

  opensc-tool --reader 0 --name
 Unsupported card

  Do you know how to find the real type of my card?

  I try pcsc_scan

  But I didnt find some name that I can compare with this list:

 https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

  pcsc_scan
 PC/SC device scanner
 V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr
 Compiled with PC/SC lite version: 1.7.4
 Using reader plug'n play mechanism
 Scanning present readers...
 0: ACS ACR 38U-CCID 00 00

  Mon Dec 16 19:05:21 2013
 Reader 0: ACS ACR 38U-CCID 00 00
Card state: Card inserted,
   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
 + TS = 3B -- Direct Convention
 + T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
   TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
   TB(1) = 00 -- VPP is not electrically connected
   TC(1) = 00 -- Extra guard time: 0
 + Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
   Category indicator byte: 80 (compact TLV data object)
 Tag: 5, len: 9 (card issuer's data)
   Card issuer data: 49 44 65 61 59 49 44 65 61
 Tag: 6, len: C (pre-issuing data)
   Data: 5F 31 2E

  Possibly identified card (using /home/raul/.smartcard_list.txt):
 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  e-CNPJ issued by Fenacon (eID)
  http://www.fenacon.org.br

  Thanks For All Help.





 On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.govwrote:



 On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

 Hello,

 That's my first time that I really need to understand how the smart
 card works.

 First of all I have with me a Brazilian Digital Document called e-CPF,
 this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

 Every thing start because I need to sign my device serial number with
 my smart card, in the documentation that I need to follow just say that I
 need sign a number like  290953052 and after sign I
 need to get an data string in base64, followed the PKCS #1 version 1.5.

 My First question, there is an chance to outsource the private key
 inside the smart card?


  No. That is the point of a smart card, the private key can not be read.
 It can only be used for decryption or signing. (The public key in a
 certificate
 is used for encryption or verifying signatures.)
 (The issuer of the card may be able to read it, but not ordinary
 users.)



 I asked that because if I get the private key I can do that using
 openssl.


  You might be able  to use OpenSSL, if the card  has an openssl engine
 or
 the card has a PKCS#11 library. (OpenSC has an openssl_engine for use
 with PKCS#11.)
 OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
 supported or not.
 People have asked in the past.

 https://github.com/OpenSC/OpenSC/wiki


 https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

 Google for: opensc smart card e-cnpj



 But if this happen I cant see an reason for smart cards work well.

 Im sorry to ask this basics questions but I realy got difficult to
 find informations.

 Thanks For All Help!

 --
 *Raul Rosetto Muñoz*

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Douglas E. Engert




On 12/17/2013 7:28 AM, Raul Rosetto Munoz wrote:

I'm sure that my card is Safesign, I installed the SafeSign from A.E.T too.

But know I have no idea what I can do to sign this number!



The problem is not with the smart card, but with understanding what you mean by:

I need to sign my device serial number with my smart card, in the documentation that I 
need to follow just say that I need sign a number like  290953052 and after
sign I need to get an data string in base64, followed the PKCS #1 version 1.5.

What is: the documentation?

Most signing operations with RSA sign a hash of the data to be signed.
The hash would then be padded before applying the RSA algorithm.

But your description sounds like you are not using a hash of the data.




Some one have more information to help me!

Thanks all


On Tue, Dec 17, 2013 at 10:42 AM, Luciano Coelho e-Sec coe...@esec.com.br 
mailto:coe...@esec.com.br wrote:

Use CAPI or PKCS#11 check the middleware of your smartcard. May be Safesign.

Raul Rosetto Munoz munoz0r...@gmail.com mailto:munoz0r...@gmail.com 
escreveu:

I think that the Card work fine with windows,

but my problem is that I didnt find a Software that sign a file.

I just need to find a software that sign a number! (Can Be on Windows!)

Every thing start because

And I just need to do that one time! could be any software!

If some one have any opinion for sure will help me a lot!

Thanks For all help!

On Mon, Dec 16, 2013 at 7:18 PM, Sébastien Lorquet sebast...@lorquet.fr 
mailto:sebast...@lorquet.fr wrote:

Hello

there is no generic way to talk to a smart card.

You need to either

-get technical documentation for your card
-reverse the card protocol by looking at the exchanges between the 
card and the application. That may not be sufficient if the card uses a dynamic 
authentication mechanism.

before allowing the use of a private key to sign data, most card 
requires a pin presentation or mutual authentication.

Best regards
Sebastien Lorquet

Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:

https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr 
mailto:ludovic.rouss...@free.fr
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B -- Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
  TB(1) = 00 -- VPP is not electrically connected
  TC(1) = 00 -- Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov 
mailto:deeng...@anl.gov wrote:



On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how 
the smart card works.

First of all I have with me a Brazilian Digital Document 
called e-CPF, this card is an Version V2 with 2048 bits and is part of 
IPC-BRAZIL.

Every thing start because I need to sign my device serial 
number with my smart card, in the documentation that I need to follow just say 
that I need sign a number like
 290953052 and after sign I
need to get

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Waldemar Dick


Hello Raul,

On 17.12.2013 14:28, Raul Rosetto Munoz wrote:
Every thing start because I need to sign my device serial number with 
my smart card, in the documentation that I need to follow just say 
that I need sign a number like  290953052 and after sign I need to 
get an data string in base64, followed the PKCS #1 version 1.5.


can you point us to the documentation you mention. Maybe then we can help.

Greetings,

Waldemar

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-17 Thread Raul Rosetto Munoz

Hello,
The Documentation is in portuguese, they say that we must to sign the
equipment serial number with the manufacturer Digital Certificate
IPC-BRASIL.

Portuguese:
2.4.1. Assinatura Digital do Número de Segurança
a. O número de segurança do equipamento SAT, de conhecimento exclusivo do
Fabricante e do Fisco, deve ser assinado digitalmente pelo fabricante com o
uso de seu Certificado Digital ICP-BRASIL;
b. A assinatura deve ser executada de forma que o resultado da operação
seja uma string de dados codificada em base64, seguindo o padrão PKCS #1
versão 1.5;
c. Esta assinatura deve ser armazenada na memória de pequeno armazenamento
e usada pelo equipamento SAT-CF-e nos respectivos processos de comunicação
com o Fisco.

English:
2.4.1 . Digital Signature of Security Number
a. The number of security SAT equipment, known only to the manufacturer and
the FISCO , must be digitally signed by the manufacturer using their
Digital Certificate ICP-BRAZIL ;
b . The signature must be executed so that the result of the operation is a
string of data encoded in base64 , following the PKCS #1 version 1.5
standard;
c . This signature must be stored in memory storage and small equipment
used by SAT - CF- and in their communications with the FISCO.

FISCO = responsible unit of government.

http://www.fazenda.sp.gov.br/sat/downloads/Especificacao_SAT_v_ER_2_8_5.pdf

I hope that now some one understand what I need!

Thanks for all help until now!


On Tue, Dec 17, 2013 at 1:26 PM, Waldemar Dick wd...@urgewalten.de wrote:

 Hello Raul,


 On 17.12.2013 14:28, Raul Rosetto Munoz wrote:

 Every thing start because I need to sign my device serial number with my
 smart card, in the documentation that I need to follow just say that I need
 sign a number like  290953052 and after sign I need to get an data string
 in base64, followed the PKCS #1 version 1.5.


 can you point us to the documentation you mention. Maybe then we can help.

 Greetings,

 Waldemar


 ___
 Muscle mailing list
 Muscle@lists.musclecard.com
 http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com




-- 
*Raul Rosetto Muñoz*
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-16 Thread Douglas E. Engert




On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how the smart card works.

First of all I have with me a Brazilian Digital Document called e-CPF, this 
card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial number with my smart card, in 
the documentation that I need to follow just say that I need sign a number like  
290953052 and after sign I
need to get an data string in base64, followed the PKCS #1 version 1.5.

My First question, there is an chance to outsource the private key inside the 
smart card?


No. That is the point of a smart card, the private key can not be read.
It can only be used for decryption or signing. (The public key in a certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not ordinary users.)



I asked that because if I get the private key I can do that using openssl.


You might be able  to use OpenSSL, if the card  has an openssl engine or
the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with 
PKCS#11.)
OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is supported or 
not.
People have asked in the past.

https://github.com/OpenSC/OpenSC/wiki

https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

Google for: opensc smart card e-cnpj




But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got difficult to find 
informations.

Thanks For All Help!

--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com



--

 Douglas E. Engert  deeng...@anl.gov
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-16 Thread Raul Rosetto Munoz

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B -- Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
  TB(1) = 00 -- VPP is not electrically connected
  TC(1) = 00 -- Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov wrote:



 On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

 Hello,

 That's my first time that I really need to understand how the smart card
 works.

 First of all I have with me a Brazilian Digital Document called e-CPF,
 this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

 Every thing start because I need to sign my device serial number with my
 smart card, in the documentation that I need to follow just say that I need
 sign a number like  290953052 and after sign I
 need to get an data string in base64, followed the PKCS #1 version 1.5.

 My First question, there is an chance to outsource the private key inside
 the smart card?


 No. That is the point of a smart card, the private key can not be read.
 It can only be used for decryption or signing. (The public key in a
 certificate
 is used for encryption or verifying signatures.)
 (The issuer of the card may be able to read it, but not ordinary users.)



 I asked that because if I get the private key I can do that using openssl.


 You might be able  to use OpenSSL, if the card  has an openssl engine or
 the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with
 PKCS#11.)
 OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
 supported or not.
 People have asked in the past.

 https://github.com/OpenSC/OpenSC/wiki

 https://github.com/OpenSC/OpenSC/wiki/Supported-
 hardware-%28smart-cards-and-USB-tokens%29

 Google for: opensc smart card e-cnpj



 But if this happen I cant see an reason for smart cards work well.

 Im sorry to ask this basics questions but I realy got difficult to find
 informations.

 Thanks For All Help!

 --
 *Raul Rosetto Muñoz*


 ___
 Muscle mailing list
 Muscle@lists.musclecard.com
 http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


 --

  Douglas E. Engert  deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

 ___
 Muscle mailing list
 Muscle@lists.musclecard.com
 http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com




-- 
*Raul Rosetto Muñoz*
___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-16 Thread Douglas E. Engert




On 12/16/2013 3:11 PM, Raul Rosetto Munoz wrote:

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?


pcsc_scan is the best start.



I try pcsc_scan

But I didnt find some name that I can compare with this list:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29


Then OpenSC does not support the card. Anyone can submit an OpenSC module for
a card, but you would need the vendor's documentation on how the card works
to write the module.

Does Windows recognize the card?

Does http://www.fenacon.org.br have a windows driver for the card?

Does it work with FireFox or Thunderbird on Windows?




pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr 
mailto:ludovic.rouss...@free.fr
Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
   Card state: Card inserted,
   ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B -- Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
   TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
   TB(1) = 00 -- VPP is not electrically connected
   TC(1) = 00 -- Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
   Category indicator byte: 80 (compact TLV data object)
 Tag: 5, len: 9 (card issuer's data)
   Card issuer data: 49 44 65 61 59 49 44 65 61
 Tag: 6, len: C (pre-issuing data)
   Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov 
mailto:deeng...@anl.gov wrote:



On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how the smart 
card works.

First of all I have with me a Brazilian Digital Document called e-CPF, 
this card is an Version V2 with 2048 bits and is part of IPC-BRAZIL.

Every thing start because I need to sign my device serial number with my smart 
card, in the documentation that I need to follow just say that I need sign a number like  
290953052 and after
sign I
need to get an data string in base64, followed the PKCS #1 version 1.5.

My First question, there is an chance to outsource the private key 
inside the smart card?


No. That is the point of a smart card, the private key can not be read.
It can only be used for decryption or signing. (The public key in a 
certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not ordinary users.)



I asked that because if I get the private key I can do that using 
openssl.


You might be able  to use OpenSSL, if the card  has an openssl engine or
the card has a PKCS#11 library. (OpenSC has an openssl_engine for use with 
PKCS#11.)
OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is 
supported or not.
People have asked in the past.

https://github.com/OpenSC/__OpenSC/wiki 
https://github.com/OpenSC/OpenSC/wiki


https://github.com/OpenSC/__OpenSC/wiki/Supported-__hardware-%28smart-cards-and-__USB-tokens%29
 
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

Google for: opensc smart card e-cnpj



But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got difficult to find 
informations.

Thanks For All Help!

--
*Raul Rosetto Muñoz*


_
Muscle mailing list
Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com
http://lists.musclecard.com/__mailman/listinfo/muscle_lists.__musclecard.com 
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


--

  Douglas E. Engert  deeng...@anl.gov mailto:deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

_
Muscle mailing list
Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com
http://lists.musclecard.com/__mailman/listinfo/muscle_lists.__musclecard.com 
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com




--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com

Re: [Muscle] SmartCard sign number

2013-12-16 Thread Sébastien Lorquet


Hello

there is no generic way to talk to a smart card.

You need to either

-get technical documentation for your card
-reverse the card protocol by looking at the exchanges between the card 
and the application. That may not be sufficient if the card uses a 
dynamic authentication mechanism.


before allowing the use of a private key to sign data, most card 
requires a pin presentation or mutual authentication.


Best regards
Sebastien Lorquet

Le 16/12/2013 22:11, Raul Rosetto Munoz a écrit :

Hello Douglas,

I try many foruns, and all the time I get Unsupported card:

opensc-tool --reader 0 --name
Unsupported card

Do you know how to find the real type of my card?

I try pcsc_scan

But I didnt find some name that I can compare with this list:
https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

pcsc_scan
PC/SC device scanner
V 1.4.18 (c) 2001-2011, Ludovic Rousseau ludovic.rouss...@free.fr 
mailto:ludovic.rouss...@free.fr

Compiled with PC/SC lite version: 1.7.4
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Mon Dec 16 19:05:21 2013
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted,
  ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E

ATR: 3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
+ TS = 3B -- Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
  TB(1) = 00 -- VPP is not electrically connected
  TC(1) = 00 -- Extra guard time: 0
+ Historical bytes: 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
  Category indicator byte: 80 (compact TLV data object)
Tag: 5, len: 9 (card issuer's data)
  Card issuer data: 49 44 65 61 59 49 44 65 61
Tag: 6, len: C (pre-issuing data)
  Data: 5F 31 2E

Possibly identified card (using /home/raul/.smartcard_list.txt):
3B 7F 18 00 00 80 59 49 44 65 61 59 49 44 65 61 6C 5F 31 2E
e-CNPJ issued by Fenacon (eID)
http://www.fenacon.org.br

Thanks For All Help.





On Mon, Dec 16, 2013 at 5:28 PM, Douglas E. Engert deeng...@anl.gov 
mailto:deeng...@anl.gov wrote:




On 12/16/2013 11:46 AM, Raul Rosetto Munoz wrote:

Hello,

That's my first time that I really need to understand how the
smart card works.

First of all I have with me a Brazilian Digital Document
called e-CPF, this card is an Version V2 with 2048 bits and is
part of IPC-BRAZIL.

Every thing start because I need to sign my device serial
number with my smart card, in the documentation that I need to
follow just say that I need sign a number like  290953052
and after sign I
need to get an data string in base64, followed the PKCS #1
version 1.5.

My First question, there is an chance to outsource the private
key inside the smart card?


No. That is the point of a smart card, the private key can not be
read.
It can only be used for decryption or signing. (The public key in
a certificate
is used for encryption or verifying signatures.)
(The issuer of the card may be able to read it, but not ordinary
users.)



I asked that because if I get the private key I can do that
using openssl.


You might be able  to use OpenSSL, if the card  has an openssl
engine or
the card has a PKCS#11 library. (OpenSC has an openssl_engine for
use with PKCS#11.)
OpenSC also has PKCS#11 for some cards. Not clear if the e-cnpj is
supported or not.
People have asked in the past.

https://github.com/OpenSC/OpenSC/wiki


https://github.com/OpenSC/OpenSC/wiki/Supported-hardware-%28smart-cards-and-USB-tokens%29

Google for: opensc smart card e-cnpj



But if this happen I cant see an reason for smart cards work well.

Im sorry to ask this basics questions but I realy got
difficult to find informations.

Thanks For All Help!

--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


-- 


 Douglas E. Engert  deeng...@anl.gov mailto:deeng...@anl.gov
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

___
Muscle mailing list
Muscle@lists.musclecard.com mailto:Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com




--
*Raul Rosetto Muñoz*


___
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com


___
Muscle mailing list

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

Re: [Muscle] SmartCard sign number

12 matches

Site Navigation

Mail list logo

Footer information