Re: [opensc-devel] epass2003 unpowered immediately after plugging in
Le 24 avril 2012 23:38, Martin Kaiser li...@kaiser.cx a écrit : Dear all, Hello, I've spent some time trying to get my epass2003 token to work with opensc and pcsclite. Unfortunately, I'm stuck and I hope you can help me track down my problem. I'm running on Debian squeeze Linux xxx 2.6.39-bpo.2-amd64 #1 SMP Tue Jul 26 10:35:23 UTC 2011 x86_64 GNU/Linux I'm using pcsclite and ccid drivers (compiled from source, not the debian packages) pcsc-lite version 1.8.3. Copyright (C) 1999-2002 by David Corcoran corco...@linuxnet.com. Copyright (C) 2001-2011 by Ludovic Rousseau ludovic.rouss...@free.fr. Copyright (C) 2003-2004 by Damien Sauveron sauve...@labri.fr. Report bugs to mus...@lists.musclecard.com. Enabled features: Linux x86_64-unknown-linux-gnu serial usb libudev usbdropdir=/usr/local/pcsclite/lib/pcsc/drivers ipcdir=/var/run/pcscd configdir=/usr/local/pcsclite/etc/reader.conf.d The token is detected by pcscd, it's powered when I plug it in. However, it's unpowered immediately after reading the ATR. This is the expected behavior since pcsc-lite 1.6.5 See http://ludovicrousseau.blogspot.fr/2010/10/card-auto-power-on-and-off.html Therefore, it's not visible with opensc-tool -l or similar. Why do you think this is related to the power off? What is the output of opensc-tool -l? It's recognized by lsusb -v even after it's unpowered. I'll attach the logfile of pcscd -d -f and the output of lsusb -v Do you have any idea why the token is unpowered? I have the same behaviour with different tokens on different pcs (debian / fedora core 15) The lines 2211 ccid_usb.c:1042:ControlUSB() control failed (2/3): -9 Success 0037 ccid_usb.c:973:get_data_rates() IFD does not support GET_DATA_RATES request: -9 look suspicious but I guess that's not the main problem. You are right. It is not related with your problem. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] epass2003 unpowered immediately after plugging in
Dear Martin, Please follow our guide and it will work: http://www.gooze.eu/howto/smartcard-quickstarter-guide/gnu-linux-installation The ePass2003 needs Viktor GIT branch. Kind regards, Jean-Michel Dear all, I've spent some time trying to get my epass2003 token to work with opensc and pcsclite. Unfortunately, I'm stuck and I hope you can help me track down my problem. I'm running on Debian squeeze Linux xxx 2.6.39-bpo.2-amd64 #1 SMP Tue Jul 26 10:35:23 UTC 2011 x86_64 GNU/Linux I'm using pcsclite and ccid drivers (compiled from source, not the debian packages) pcsc-lite version 1.8.3. Copyright (C) 1999-2002 by David Corcoran corco...@linuxnet.com. Copyright (C) 2001-2011 by Ludovic Rousseau ludovic.rouss...@free.fr. Copyright (C) 2003-2004 by Damien Sauveron sauve...@labri.fr. Report bugs to mus...@lists.musclecard.com. Enabled features: Linux x86_64-unknown-linux-gnu serial usb libudev usbdropdir=/usr/local/pcsclite/lib/pcsc/drivers ipcdir=/var/run/pcscd configdir=/usr/local/pcsclite/etc/reader.conf.d The token is detected by pcscd, it's powered when I plug it in. However, it's unpowered immediately after reading the ATR. Therefore, it's not visible with opensc-tool -l or similar. It's recognized by lsusb -v even after it's unpowered. I'll attach the logfile of pcscd -d -f and the output of lsusb -v Do you have any idea why the token is unpowered? I have the same behaviour with different tokens on different pcs (debian / fedora core 15) The lines 2211 ccid_usb.c:1042:ControlUSB() control failed (2/3): -9 Success 0037 ccid_usb.c:973:get_data_rates() IFD does not support GET_DATA_RATES request: -9 look suspicious but I guess that's not the main problem. Thanks for your help, Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- GOOZE - http://www.gooze.eu High quality cryptographic tools for GNU/Linux, Mac OS X and Windows including the FEITIAN PKI card POURE SASU - 17 rue Saint Jacques - 95160 Montmorency - France Tel : +33 (0)9 72 13 53 90 - Mobile : +33 (0)6 51 99 37 90 Registry: FR 527 672 448 00018 - VAT: FR54527672448 ID PGP/GPG: 084F2584 smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Biometric integraiton?
So I now I have a PIV card that I know has a certificate on it because I can login to my windows terminal with it (XP). The card is using biometrics or a passphrase to unlock. We're using Precise Biometrics card reader. When I put the card into my OmniKey 3021 it didn't recognize it at all, said it was an invalid card type (I'll send over the logs). Here's my question, does OpenSC support any of the biometric readers? Thanks Marc ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Biometric integraiton?
Hello, On Wed, Apr 25, 2012 at 16:10, Marc Boorshtein mboorsht...@gmail.com wrote: So I now I have a PIV card that I know has a certificate on it because I can login to my windows terminal with it (XP). The card is using biometrics or a passphrase to unlock. We're using Precise Biometrics card reader. When I put the card into my OmniKey 3021 it didn't recognize it at all, said it was an invalid card type (I'll send over the logs). Here's my question, does OpenSC support any of the biometric readers? I don't know about the readers or their internals, but OpenSC for sure does not support any kind of biometric authentication. Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Biometric integraiton?
On 4/25/2012 8:10 AM, Marc Boorshtein wrote: So I now I have a PIV card that I know has a certificate on it because I can login to my windows terminal with it (XP). Is this the same card you were trying a few days ago? Did you get the certificates on it? Are you sure the XP login is using the certificate? Or is this a different card. The card is using biometrics or a passphrase to unlock. The NIST PIV specifications 800-73 call for the storing of a fingerprint object on the card, but does not require the card to do the matching, and does not define commands to supply the card with a fingerprint and to do the match. Some vendors may may provide vendor specific drivers for their cards. Or a second application on the card to do the matching. Your reader vendor says it has a Linux driver. OpenSC can read the PIV fingerprint object so the match could be done in host software, if you also have some fingerprint reader with driver. We're using Precise Biometrics card reader. When I put the card into my OmniKey 3021 it didn't recognize it at all, said it was an invalid card type (I'll send over the logs). opensc-tool -a would help identify the card type then See: http://smartcard-atr.appspot.com/ Here's my question, does OpenSC support any of the biometric readers? Not at this time. Are there any standards for these, any open source available Thanks Marc ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Biometric integraiton?
On Wed, Apr 25, 2012 at 10:36 AM, Douglas E. Engert deeng...@anl.gov wrote: On 4/25/2012 8:10 AM, Marc Boorshtein wrote: So I now I have a PIV card that I know has a certificate on it because I can login to my windows terminal with it (XP). Is this the same card you were trying a few days ago? Did you get the certificates on it? Are you sure the XP login is using the certificate? Or is this a different card. Different card. THey don't have a single card yet for both PACS and LACS The card is using biometrics or a passphrase to unlock. The NIST PIV specifications 800-73 call for the storing of a fingerprint object on the card, but does not require the card to do the matching, and does not define commands to supply the card with a fingerprint and to do the match. Some vendors may may provide vendor specific drivers for their cards. Or a second application on the card to do the matching. Interesting, I never put in a PIN. So does this mean they're not using a standard PIV technology? They're using software from SafeNet (Borderless Security I think). When I plugged it into Windows 7 it sad it could find a driver for the card. Your reader vendor says it has a Linux driver. OpenSC can read the PIV fingerprint object so the match could be done in host software, if you also have some fingerprint reader with driver. I see, so it sounds like its the middleware thats doing the matching as opposed to the pin being used to unlock the card. We're using Precise Biometrics card reader. When I put the card into my OmniKey 3021 it didn't recognize it at all, said it was an invalid card type (I'll send over the logs). opensc-tool -a would help identify the card type then See: http://smartcard-atr.appspot.com/ Here's my question, does OpenSC support any of the biometric readers? Not at this time. Are there any standards for these, any open source available I don't think so, I can't seem to find anything anyways. Thanks Marc ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] epass2003 unpowered immediately after plugging in
Hi Ludovic and all, Thus wrote Ludovic Rousseau (ludovic.rouss...@gmail.com): The token is detected by pcscd, it's powered when I plug it in. However, it's unpowered immediately after reading the ATR. This is the expected behavior since pcsc-lite 1.6.5 See http://ludovicrousseau.blogspot.fr/2010/10/card-auto-power-on-and-off.html thanks, I wasn't aware of this. Therefore, it's not visible with opensc-tool -l or similar. Why do you think this is related to the power off? What is the output of opensc-tool -l? I ran strace on opensc-tool -l and found the issue: opensc-tool could not locate libpcsclite.so.1 and could therefore not connect to pcscd. (I do not use the default paths) To fix this, I set the full path to the lib in opensc.conf reader_driver pcsc { [...] provider_library = /path/to/my/libpcsclite.so.1 } Now the epass is recognized martin@host:~$ opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0Yes Feitian ePass2003 00 00 Thanks again, Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] epass2003 unpowered immediately after plugging in
Hi Jean-Michel, Thus wrote Jean-Michel Pouré - GOOZE (jmpo...@gooze.eu): Please follow our guide and it will work: http://www.gooze.eu/howto/smartcard-quickstarter-guide/gnu-linux-installation The ePass2003 needs Viktor GIT branch. I found your guide and used Viktor's sm branch. My problem was the lib search path, see the other mail. Maybe it would be helpful to explain in the guide how to use non-standard paths for pcsclite and opensc. Best regards, Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel