Re: [opensc-devel] Java and pkcs11
The latest OCF package at [1] has support for smartcardio - so if you need more than just the APDU interface. Andreas [1] http://www.openscdp.org/ocf/download.html Am 12.08.2011 12:11, schrieb resoli - libero: Il giorno mer, 10/08/2011 alle 08.36 +0200, NdK ha scritto: On 09/08/2011 20:48, Vlastimil Pavicek wrote: I haven't read the whole thread, but you might find this library useful (it is easier to use than JNI/JNA): http://jce.iaik.tugraz.at/sic/Products/Core-Crypto-Toolkits/PKCS-11-Wrapper Tks. Found last night. It's used by j4sign[1] that targets multiple platforms. By its own it seems it's not enough, but it have to be used in parallel with the OCF wrapper (for card detection). I'm the main developer of j4sign; as someone already suggested, smartcardio is better suited at the moment for interfacing pcsc directly. j4sign will switch soon to smartcardio . bye, Roberto Resoli I'll have to dig better... [1] http://j4sign.sourceforge.net/index.html BYtE, Diego. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Cryptotech Setcos card signing problem
Hi all, I'm trying to sign a file using compiled from sources opensc 12.2. Card is manufactured by Cryptotech and it has setcos 4.1.1 on board. The card was initialized by www.sigillum.plhttp://www.sigillum.pl company. Even though PIN is fine and there are no failures in the card reading process I keep on receiving: Security status not satisfied, after sending portion of data for signing. Can anyone point me to some solution? Here is the part of the logs which I guess is relevant: 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:2630:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1. 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:511:pcsc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:3611:reselect_app_df: reselect application df 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00de00 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [7 bytes] = 00 A4 08 00 02 DE 00 ... == 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 2D a- == 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] iso7816.c:481:iso7816_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] framework-pkcs15.c:2710:pkcs15_prkey_sign: Selected flags 12. Now computing signature for 3 bytes. 512 bytes reserved. 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:190:sc_pkcs15_compute_signature: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:191:sc_pkcs15_compute_signature: security operation flags 0x12 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: supported algorithm flags 0x8033, private key usage 0x26 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:273:sc_get_encoding_flags: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:277:sc_get_encoding_flags: iFlags 0x12, card capabilities 0x8033 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:306:sc_get_encoding_flags: pad flags 0x10, secure algorithm flags 0x2 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:307:sc_get_encoding_flags: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:324:sc_pkcs15_compute_signature: DEE flags:0x0012 alg_info-flags:0x8033 pad:0x0010 sec:0x0002 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:232:sc_pkcs1_encode: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:236:sc_pkcs1_encode: hash algorithm 0x10, pad algorithm 0x0 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:255:sc_pkcs1_encode: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:42:select_key_file: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00df01efd5 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [9 bytes] = 00 A4 08 00 04 DF 01 EF D5 . == 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 25 a% == 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] iso7816.c:481:iso7816_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] pkcs15-sec.c:68:select_key_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] sec.c:66:sc_set_security_env: called 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called
Re: [opensc-devel] Cryptotech Setcos card signing problem
It looks like you did not logon to the card. Did the program ever ask for the pin? What program are you using? On 8/12/2011 7:05 AM, TMS Brokers / Łukasz Kościesza wrote: Hi all, I’m trying to sign a file using compiled from sources opensc 12.2. Card is manufactured by Cryptotech and it has setcos 4.1.1 on board. The card was initialized by www.sigillum.pl http://www.sigillum.pl company. Even though PIN is fine and there are no failures in the card reading process I keep on receiving: Security status not satisfied, after sending portion of data for signing. Can anyone point me to some solution? Here is the part of the logs which I guess is relevant: 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:2630:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1. 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:511:pcsc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:3611:reselect_app_df: reselect application df 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00de00 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [7 bytes] = 00 A4 08 00 02 DE 00 ... == 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 2D a- == 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] iso7816.c:481:iso7816_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] framework-pkcs15.c:2710:pkcs15_prkey_sign: Selected flags 12. Now computing signature for 3 bytes. 512 bytes reserved. 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:190:sc_pkcs15_compute_signature: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:191:sc_pkcs15_compute_signature: security operation flags 0x12 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: supported algorithm flags 0x8033, private key usage 0x26 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:273:sc_get_encoding_flags: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:277:sc_get_encoding_flags: iFlags 0x12, card capabilities 0x8033 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:306:sc_get_encoding_flags: pad flags 0x10, secure algorithm flags 0x2 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:307:sc_get_encoding_flags: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:324:sc_pkcs15_compute_signature: DEE flags:0x0012 alg_info-flags:0x8033 pad:0x0010 sec:0x0002 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:232:sc_pkcs1_encode: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:236:sc_pkcs1_encode: hash algorithm 0x10, pad algorithm 0x0 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:255:sc_pkcs1_encode: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:42:select_key_file: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00df01efd5 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [9 bytes] = 00 A4 08 00 04 DF 01 EF D5 . == 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 25 a% == 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11] iso7816.c:481:iso7816_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.419 [opensc-pkcs11]
Re: [opensc-devel] Cryptotech Setcos card signing problem
I use pkcs11-tool pkcs11-tool --module /usr/lib/opensc-pkcs11.so --sign --slot 1 -m RSA-PKCS --input-file file.txt --output-file signature.txt --pin my_pin It's sending the PIN to the card (I can see it in APDU log a little bit earlier in logs). If I enter wrong PIN it's failing, so it also checks the PIN. -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Douglas E. Engert Sent: Friday, August 12, 2011 3:39 PM To: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] Cryptotech Setcos card signing problem It looks like you did not logon to the card. Did the program ever ask for the pin? What program are you using? On 8/12/2011 7:05 AM, TMS Brokers / Łukasz Kościesza wrote: Hi all, I’m trying to sign a file using compiled from sources opensc 12.2. Card is manufactured by Cryptotech and it has setcos 4.1.1 on board. The card was initialized by www.sigillum.pl http://www.sigillum.pl company. Even though PIN is fine and there are no failures in the card reading process I keep on receiving: Security status not satisfied, after sending portion of data for signing. Can anyone point me to some solution? Here is the part of the logs which I guess is relevant: 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:2630:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1. 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:511:pcsc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:3611:reselect_app_df: reselect application df 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00de00 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [7 bytes] = 00 A4 08 00 02 DE 00 ... == 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 2D a- == 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] iso7816.c:481:iso7816_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] framework-pkcs15.c:2710:pkcs15_prkey_sign: Selected flags 12. Now computing signature for 3 bytes. 512 bytes reserved. 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:190:sc_pkcs15_compute_signature: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:191:sc_pkcs15_compute_signature: security operation flags 0x12 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: supported algorithm flags 0x8033, private key usage 0x26 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:273:sc_get_encoding_flags: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:277:sc_get_encoding_flags: iFlags 0x12, card capabilities 0x8033 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:306:sc_get_encoding_flags: pad flags 0x10, secure algorithm flags 0x2 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:307:sc_get_encoding_flags: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:324:sc_pkcs15_compute_signature: DEE flags:0x0012 alg_info-flags:0x8033 pad:0x0010 sec:0x0002 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:232:sc_pkcs1_encode: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:236:sc_pkcs1_encode: hash algorithm 0x10, pad algorithm 0x0 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:255:sc_pkcs1_encode: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:42:select_key_file: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00df01efd5 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [9 bytes] = 00 A4 08 00 04 DF 01
Re: [opensc-devel] Cryptotech Setcos card signing problem
Developers, Could this be a card that is enforcing user_consent. i.e. CKA_ALWAYS_AUTHENTICATIE and the pkcs11-tool is not doing this? The one card I know that does enforce it (newewr PIV cards), requires the sign operation to be preceeded immediatley by the presentation of the pin. Łukasz, Can you look at your trace and see if any other operations are sent to the card between these too? On 8/12/2011 8:51 AM, TMS Brokers / Łukasz Kościesza wrote: I use pkcs11-tool pkcs11-tool --module /usr/lib/opensc-pkcs11.so --sign --slot 1 -m RSA-PKCS --input-file file.txt --output-file signature.txt --pin my_pin It's sending the PIN to the card (I can see it in APDU log a little bit earlier in logs). If I enter wrong PIN it's failing, so it also checks the PIN. -Original Message- From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Douglas E. Engert Sent: Friday, August 12, 2011 3:39 PM To: opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] Cryptotech Setcos card signing problem It looks like you did not logon to the card. Did the program ever ask for the pin? What program are you using? On 8/12/2011 7:05 AM, TMS Brokers / Łukasz Kościesza wrote: Hi all, I’m trying to sign a file using compiled from sources opensc 12.2. Card is manufactured by Cryptotech and it has setcos 4.1.1 on board. The card was initialized by www.sigillum.plhttp://www.sigillum.pl company. Even though PIN is fine and there are no failures in the card reading process I keep on receiving: Security status not satisfied, after sending portion of data for signing. Can anyone point me to some solution? Here is the part of the logs which I guess is relevant: 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:2630:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1. 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:511:pcsc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] framework-pkcs15.c:3611:reselect_app_df: reselect application df 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00de00 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [7 bytes] = 00 A4 08 00 02 DE 00 ... == 0xb7b1d6c0 13:35:27.314 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 2D a- == 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] iso7816.c:481:iso7816_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] framework-pkcs15.c:2710:pkcs15_prkey_sign: Selected flags 12. Now computing signature for 3 bytes. 512 bytes reserved. 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:190:sc_pkcs15_compute_signature: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:191:sc_pkcs15_compute_signature: security operation flags 0x12 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: supported algorithm flags 0x8033, private key usage 0x26 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:273:sc_get_encoding_flags: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:277:sc_get_encoding_flags: iFlags 0x12, card capabilities 0x8033 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:306:sc_get_encoding_flags: pad flags 0x10, secure algorithm flags 0x2 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:307:sc_get_encoding_flags: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:324:sc_pkcs15_compute_signature: DEE flags:0x0012 alg_info-flags:0x8033 pad:0x0010 sec:0x0002 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:232:sc_pkcs1_encode: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:236:sc_pkcs1_encode: hash algorithm 0x10, pad algorithm 0x0 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] padding.c:255:sc_pkcs1_encode: returning with: 0 (Success) 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11] pkcs15-sec.c:42:select_key_file: called 0xb7b1d6c0 13:35:27.363 [opensc-pkcs11]
[opensc-devel] libp11 engine_pkcs11 support for ECDSA keys
Hello. I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough ENGINE_load_key_type_key methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys. Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg07785.html. Was that ever incorporated? I couldn't find in the latest snapshots. Thank you very much. -- Felipe Menegola Blauth ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] PIN caching problems with pkcs11-helper 1.08
Jonatan, Can you please try the attached patch and see if it helps? Thanks! On Thu, Aug 11, 2011 at 11:20 AM, Alon Bar-Lev alon.bar...@gmail.com wrote: Martin, The openssl engine is called with 0x24 buffer size and expect it to be encrypted by private key with same length. Prototype: --- static int __pkcs11h_openssl_enc ( IN int flen, IN const unsigned char *from, OUT unsigned char *to, IN OUT RSA *rsa, IN int padding ) { --- I may got this wrong. Will investigate. On Thu, Aug 11, 2011 at 10:38 AM, Martin Paljak mar...@martinpaljak.net wrote: Hello, 2011/8/11 Jonatan Åkerlind jonatan.akerl...@sgsstudentbostader.se: We have a setup using the Aladdin eToken PRO USB device for certificate storage using opensc/openct to interface it with openvpn. Works fine but with pkcs11-helper 1.08 we need to enter the PIN code twice at openvpn startup and then once at each renegotiation. Confirmed with various versions of openvpn (2.1.4/2.2.1), opensc (0.11.13, 0.12.1) and openct (0.6.20), common thing is that it works with pkcs11-helper 1.07 (the PIN caching seems ok and only asks for the pin code once at startup and no more) but with pkcs11-helper 1.08 the PIN caching does not work. Attached is a log from openvpn with verbosity 99 (gives a lot of info) using pkcs11-helper 1.08. It contains the startup and a couple of renegotiations filtered to only include lines with pkcs in them. This might be relevant: PKCS#11: __pkcs11h_certificate_doPrivateOperation entry certificate=0x72ebb0, op=0, mech_type=1, source=0x7fff40fa3be0, source_size=0024, target=0x757936, *p_target_size=0024 the target size is the same as input size, which makes one of the operations fail with CKR_BUFFER_TOO_SMALL and will trigger another try, which will mean another PIN entry. Probably something else is fishy as well. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel Index: lib/pkcs11h-openssl.c === --- lib/pkcs11h-openssl.c (revision 205) +++ lib/pkcs11h-openssl.c (revision 207) @@ -291,7 +291,7 @@ pkcs11h_certificate_t certificate = __pkcs11h_openssl_get_pkcs11h_certificate (rsa); PKCS11H_BOOL session_locked = FALSE; CK_RV rv = CKR_FUNCTION_FAILED; - size_t tlen = (size_t)flen; + size_t tlen; _PKCS11H_ASSERT (from!=NULL); _PKCS11H_ASSERT (to!=NULL); @@ -312,6 +312,8 @@ goto cleanup; } + tlen = (size_t)RSA_size(rsa); + if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) { goto cleanup; } Index: lib/pkcs11h-certificate.c === --- lib/pkcs11h-certificate.c (revision 205) +++ lib/pkcs11h-certificate.c (revision 207) @@ -961,16 +961,17 @@ rv ); + if (rv == CKR_BUFFER_TOO_SMALL op != __pkcs11h_private_op_unwrap) { + certificate-operation_active = TRUE; + } + if (target != NULL) { if (rv != CKR_OK) { goto retry; } } else { - if ( -rv == CKR_OK || -rv == CKR_BUFFER_TOO_SMALL - ) { + if (rv == CKR_OK) { if (op != __pkcs11h_private_op_unwrap) { certificate-operation_active = TRUE; } @@ -994,6 +995,10 @@ } if (!op_succeed) { + if (rv == CKR_BUFFER_TOO_SMALL) { +goto cleanup; + } + /* * OpenSC workaround * It still allows C_FindObjectsInit when ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] libp11 engine_pkcs11 support for ECDSA keys
No it has not been incorporated because it requires an OpenSSL internal header file ecs_locl.h, thus making it impractical to compile in to any package. This is a known bug: http://rt.openssl.org/Ticket/Display.html?id=2459user=guestpass=guest It also appeared on the OpenSSL mailing list. The patch should still work. Please try it, and you can also add comments to the OpenSSL bug report. On 8/12/2011 2:12 PM, Felipe Blauth wrote: Hello. I've started using engine_pkcs11 to access PKCS #11 tokens from OpenSSL EVP_PKEY's trough ENGINE_load_key_type_key methods. It works very well with RSA keys, but it doesn't recognize ECDSA keys. Searching trough the web, I've found that Douglas had a patch for it at http://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg07785.html. Was that ever incorporated? I couldn't find in the latest snapshots. Thank you very much. -- Felipe Menegola Blauth ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Cryptotech Setcos card signing problem
OK, I'm attaching the log file: And I was able to sniff USB communication with card reader with native windows middleware for comparition: 01 A0 00 07 - 00 A4 08 00 02 DF 01 01 00 00 02 - 61 22 01 A0 00 05 - 00 C0 00 00 22 01 00 00 24 - (40 bytes - some id?) 01 A0 00 05 - 00 20 00 81 00 01 00 00 02 - 63 C3 01 A0 00 07 - 00 0A 08 00 02 DF 01 01 00 00 02 - 61 22 01 A0 00 05 - 00 C0 00 00 22 01 00 00 24 - (40 bytes - some id?) 01 A0 00 0D - 00 20 (PIN!) 01 00 00 02 - 90 00 01 A0 00 05 - 00 20 00 81 00 01 00 00 02 - 90 00 01 A0 00 07 - A4 08 00 02 DF 01 01 00 00 02 - 61 22 01 A0 00 05 - 00 20 00 81 00 01 00 00 02 - 90 00 01 A0 00 07 - A4 08 00 02 DF 01 01 00 00 02 - 61 22 01 A0 00 0C - 00 22 41 B6 07 80 01 02 81 02 EF D5 01 00 00 02 - 90 00 01 A0 00 28 - (44 bytes) (data to be signed?) 01 00 00 02 - 61 80 01 A0 00 05 - 00 C0 00 00 80 01 00 00 82 - (64 bytes) (signature?) (64 bytes) 01 A0 00 07 - 00 A4 08 00 02 DF 01 01 00 00 02 - 61 22 01 A0 00 05 - 00 20 00 81 00 01 00 00 02 - 63 C3 0xb7ad06c0 17:20:11.660 [opensc-pkcs11] ctx.c:659:sc_context_create: === 0xb7ad06c0 17:20:11.660 [opensc-pkcs11] ctx.c:660:sc_context_create: opensc version: 0.12.2 0xb7ad06c0 17:20:11.679 [opensc-pkcs11] reader-pcsc.c:657:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=1 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 0xb7ad06c0 17:20:11.726 [opensc-pkcs11] reader-pcsc.c:870:pcsc_detect_readers: called 0xb7ad06c0 17:20:11.726 [opensc-pkcs11] reader-pcsc.c:878:pcsc_detect_readers: Probing pcsc readers 0xb7ad06c0 17:20:11.726 [opensc-pkcs11] reader-pcsc.c:900:pcsc_detect_readers: Establish pcsc context 0xb7ad06c0 17:20:11.727 [opensc-pkcs11] reader-pcsc.c:948:pcsc_detect_readers: Found new pcsc reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:11.727 [opensc-pkcs11] reader-pcsc.c:277:refresh_attributes: ACS ACR38U 00 00 check 0xb7ad06c0 17:20:11.727 [opensc-pkcs11] reader-pcsc.c:301:refresh_attributes: current state: 0x0022 0xb7ad06c0 17:20:11.727 [opensc-pkcs11] reader-pcsc.c:302:refresh_attributes: previous state: 0x 0xb7ad06c0 17:20:11.727 [opensc-pkcs11] reader-pcsc.c:356:refresh_attributes: card present, changed 0xb7ad06c0 17:20:11.727 [opensc-pkcs11] reader-pcsc.c:979:pcsc_detect_readers: Requesting reader features ... 0xb7ad06c0 17:20:11.764 [opensc-pkcs11] reader-pcsc.c:993:pcsc_detect_readers: ACS ACR38U 00 00:SCardConnect(SHARED): 0x 0xb7ad06c0 17:20:11.764 [opensc-pkcs11] reader-pcsc.c:760:detect_reader_features: called 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] reader-pcsc.c:767:detect_reader_features: ACS ACR38U 00 00:SCardControl failed: 0x8014 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] reader-pcsc.c:1023:pcsc_detect_readers: returning with: 0 (Success) 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] misc.c:323:load_pkcs11_parameters: PKCS#11 options: plug_and_play=1 max_virtual_slots=16 slots_per_card=4 hide_empty_tokens=1 lock_login=0 pin_unblock_style=0 zero_ckaid_for_ca_certs=0 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] slot.c:90:create_slot: Creating slot with id 0x0 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] slot.c:90:create_slot: Creating slot with id 0x1 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] slot.c:90:create_slot: Creating slot with id 0x2 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] slot.c:90:create_slot: Creating slot with id 0x3 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] slot.c:90:create_slot: Creating slot with id 0x4 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] sc.c:195:sc_detect_card_presence: called 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] reader-pcsc.c:364:pcsc_detect_card_presence: called 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] reader-pcsc.c:277:refresh_attributes: ACS ACR38U 00 00 check 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] reader-pcsc.c:293:refresh_attributes: returning with: 0 (Success) 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] reader-pcsc.c:369:pcsc_detect_card_presence: returning with: 1 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] sc.c:200:sc_detect_card_presence: returning with: 1 0xb7ad06c0 17:20:11.765 [opensc-pkcs11] slot.c:188:card_detect: ACS ACR38U 00 00: Detecting smart card 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] sc.c:195:sc_detect_card_presence: called 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] reader-pcsc.c:364:pcsc_detect_card_presence: called 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] reader-pcsc.c:277:refresh_attributes: ACS ACR38U 00 00 check 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] reader-pcsc.c:293:refresh_attributes: returning with: 0 (Success) 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] reader-pcsc.c:369:pcsc_detect_card_presence: returning with: 1 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] sc.c:200:sc_detect_card_presence: returning with: 1 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] slot.c:224:card_detect: ACS ACR38U 00 00: First seen the card 0xb7ad06c0 17:20:11.766 [opensc-pkcs11] slot.c:232:card_detect: ACS ACR38U 00 00: Connecting ... 0xb7ad06c0 17:20:11.766 [opensc-pkcs11]
Re: [opensc-devel] Cryptotech Setcos card signing problem
0xb7ad06c0 17:20:12.324 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] iso7816.c:320:iso7816_process_fci: processing FCI bytes 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] iso7816.c:325:iso7816_process_fci: file identifier: 0x5306 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] iso7816.c:339:iso7816_process_fci: bytes in file: 52 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] iso7816.c:351:iso7816_process_fci: shareable: no 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] iso7816.c:371:iso7816_process_fci: type: working EF 0xb7ad06c0 17:20:12.324 [opensc-pkcs11] iso7816.c:373:iso7816_process_fci: EF structure: 1 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] card.c:597:sc_select_file: returning with: 0 (Success) 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] card.c:422:sc_read_binary: called; 52 bytes at index 0 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 B0 00 00 34 4 == 0xb7ad06c0 17:20:12.325 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:12.352 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 54 bytes] = 30 32 30 0C 0C 0A 53 65 74 45 49 44 20 50 49 4E 020...SetEID PIN 30 03 04 01 04 A1 1D 30 1B 03 02 02 0C 0A 01 01 0..0 02 01 04 02 01 08 80 01 81 04 01 00 30 06 04 04 0... 3F 00 DF 01 90 00 ?. == 0xb7ad06c0 17:20:12.352 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:12.352 [opensc-pkcs11] iso7816.c:151:iso7816_read_binary: returning with: 52 0xb7ad06c0 17:20:12.352 [opensc-pkcs11] card.c:455:sc_read_binary: returning with: 52 0xb7ad06c0 17:20:12.352 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:12.352 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: called 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] pkcs15.c:1944:sc_pkcs15_read_file: returning with: 0 (Success) 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] pkcs15.c:1640:sc_pkcs15_parse_df: bufsize 52; first tag 0x30 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] pkcs15.c:1649:sc_pkcs15_parse_df: rv 0 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] pkcs15.c:1676:sc_pkcs15_parse_df: returning with: 0 (Success) 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] framework-pkcs15.c:885:pkcs15_create_tokens: Found 1 authentication objects 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] pkcs15.c:1603:sc_pkcs15_parse_df: called; path=3f00de005301, type=0, enum=0 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] pkcs15.c:1865:sc_pkcs15_read_file: called; path=3f00de005301, index=0, count=-1 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] reader-pcsc.c:511:pcsc_lock: called 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] card.c:571:sc_select_file: called; type=2, path=3f00de005301 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [9 bytes] = 00 A4 08 00 04 DE 00 53 01 ...S. == 0xb7ad06c0 17:20:12.358 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:12.414 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [2 bytes] = 61 14 a. == 0xb7ad06c0 17:20:12.414 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:12.414 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:12.414 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:12.414 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 C0 00 00 14 . == 0xb7ad06c0 17:20:12.414 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:12.423 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 22 bytes] = 6F 12 81 02 00 4D 82 01 01 83 02 53 01 86 02 01 oM.S 41 8A 01 07 90 00 A. == 0xb7ad06c0
Re: [opensc-devel] Cryptotech Setcos card signing problem
0xb7ad06c0 17:20:13.248 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 B0 01 00 00 . == 0xb7ad06c0 17:20:13.248 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 258 bytes] = SWIPPED OFF CERTIFICATE DATA 90 00 .. == 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] iso7816.c:151:iso7816_read_binary: returning with: 256 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] card.c:455:sc_read_binary: returning with: 256 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] card.c:422:sc_read_binary: called; 256 bytes at index 512 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 B0 02 00 00 . == 0xb7ad06c0 17:20:13.323 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 258 bytes] = SWIPPED OFF CERTIFICATE DATA 90 00 .. == 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] iso7816.c:151:iso7816_read_binary: returning with: 256 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] card.c:455:sc_read_binary: returning with: 256 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] card.c:422:sc_read_binary: called; 256 bytes at index 768 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 B0 03 00 00 . == 0xb7ad06c0 17:20:13.398 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 258 bytes] = SWIPPED OFF CERTIFICATE DATA 90 00 .. == 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] iso7816.c:151:iso7816_read_binary: returning with: 256 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] card.c:455:sc_read_binary: returning with: 256 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] card.c:422:sc_read_binary: called; 256 bytes at index 1024 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 B0 04 00 00 . == 0xb7ad06c0 17:20:13.473 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 258 bytes] = SWIPPED OFF CERTIFICATE DATA 90 00 .. == 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] iso7816.c:151:iso7816_read_binary: returning with: 256 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] card.c:455:sc_read_binary: returning with: 256 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] card.c:422:sc_read_binary: called; 176 bytes at index 1280 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] card.c:292:sc_lock: called 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] reader-pcsc.c:243:pcsc_transmit: reader 'ACS ACR38U 00 00' 0xb7ad06c0 17:20:13.550 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [5 bytes] = 00 B0 05 00 B0 .