Re: [opensc-devel] ACS pinpad support
Dear Martin, I gave up bothering with APG8201 [1]. What kind of SCM pinpad readers do you have, if not SPR532? We bought some SPR532. About ACS, did you try libacsccid? It is supposed to fill the gab. My opinion is that CCID is a loose standard. pcscd is modulal enough for vendors to provide their own CCID library. Event SCM does that, even it is not yet in Debian. But the standard log of a failed transaction with for example PKCS#11 would be needed [2] OK, thanks. [1] http://www.opensc-project.org/opensc/wiki/CardReaders#CCID [2] http://www.opensc-project.org/opensc/wiki/ReportingBugs I will provide logs tonight. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACS pinpad support
Hello, On 11/1/11 12:07 , Jean-Michel Pouré - GOOZE wrote: We bought some SPR532. They are old but good (in fact, the reference reader when I was working on pinpad support in pcsc-lite/ccid). Make sure that the firmware is the right version, they changed things back and forth several times. About ACS, did you try libacsccid? It is supposed to fill the gab. My opinion is that CCID is a loose standard. pcscd is modulal enough for vendors to provide their own CCID library. Event SCM does that, even it is not yet in Debian. Vendors are free to distribtue what they want. There are 193 readers in *the* CCID driver list of supported readers [1], including some from ACS. This shows, that hardware can be made in a compliant way and that ACS can do that as well. But a few readers from ACS don't. I try to stick to readers that are compliant and there are plenty to choose from. Compare: Claiming support for HTTP after requiring a proprietary handshake is as good as claiming just the proprietary support. It means that you can only use software already implementing the proprietary handshake. Or hint, that it should be relatively simple to tweak existing software that already talks HTTP to also do the proprietary handshake. But it is definitely not HTTP as the rest of the world knows it. Nevertheless, I might try out the driver as I really like the form factor of ACS ACR83. I had the reader before the hacked driver was available, so it has been sitting uselessly in a box ever since. [1] http://pcsclite.alioth.debian.org/ccid/section.html -- @MartinPaljak +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACS pinpad support
Le samedi 29 octobre 2011 à 17:51 +0200, Ludovic Rousseau a écrit : Reader supports: FEATURE_VERIFY_PIN_DIRECT Reader supports: FEATURE_MODIFY_PIN_DIRECT Reader supports: FEATURE_IFD_PIN_PROPERTIES Verify and Modify PIN should work in OpenSC. At least the PC/SC service is present. It does not work in OpenSC. What kind of log should I sent OpenSC mailing list? Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACS pinpad support
Hello, On Mon, Oct 31, 2011 at 10:37, Jean-Michel Pouré - GOOZE jmpo...@gooze.eu wrote: It does not work in OpenSC. What kind of log should I sent OpenSC mailing list? I gave up bothering with APG8201 [1]. What kind of SCM pinpad readers do you have, if not SPR532? But the standard log of a failed transaction with for example PKCS#11 would be needed [2] [1] http://www.opensc-project.org/opensc/wiki/CardReaders#CCID [2] http://www.opensc-project.org/opensc/wiki/ReportingBugs ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] ACS pinpad support
Dear all, Just a quick note that we ordered a bunch of SCM and ACS pinpads and will distribute them for free to interested developers to study / fix OpenSC / libccid PINPAD issues. We don't have the readers yet, but will receive them within a week or so. This being said, I have a question about ACS PINPAD keyboard. It seems that PINPAD keyboard cannot be used, although it is detected. PCSCD is latest version 1.7.4. libacsccid is installed from Debian SID. libacsccid is a fork of libccid 1.3.11 with some fixes. The test is done with a Feitian PKI initialized with: * pkcs15-init -E * pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin --puk 11 --label François Pérou So far, so good. Then I run: sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground --debug --apdu The log is: http://dl.free.fr/oKSsKDR5g I can use the smartcard reader without problem. Here is an output of pkcs15-tool --dump. The PINPAD keyboard and display seem to be detected by OpenSC. The problem is that the display and the keyboard are not being used afterwards. An example log is: http://dl.free.fr/o1seat3dl When trying to change PIN code, ACS APG8201 00 00 Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN again [User PIN]: The pins are asked by command prompt. I tried to type on PINPAD keyboard, without result. An example log is: http://dl.free.fr/fLMHb3sbP The same problem appear under Windows7 with OpenSC. Although ACS ccid drivers are installed, the PINPAD keybord and display cannot be used. Any idea? If you need more logs, please tell us. The logs can be donwloaded during 30 days from this post. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACS pinpad support
Le 29 octobre 2011 10:34, Jean-Michel Pouré - GOOZE jmpo...@gooze.eu a écrit : Dear all, Hello, This being said, I have a question about ACS PINPAD keyboard. It seems that PINPAD keyboard cannot be used, although it is detected. Run the examples/scardcontrol provided with the source code of my CCID driver. And post the output. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACS pinpad support
Le samedi 29 octobre 2011 à 13:08 +0200, Ludovic Rousseau a écrit : Run the examples/scardcontrol provided with the source code of my CCID driver. And post the output. Dear Ludovic, Using pure libccid, the card does not response. I guess this is a power-up problem and I don't know whether this is a bug or a feature (power safe). When using libacsccid, and running your tool, the output is: SCardControl sample code V 1.4 © 2004-2010, Ludovic Rousseau ludovic.rouss...@free.fr THIS PROGRAM IS NOT DESIGNED AS A TESTING TOOL! Do NOT use it unless you really know what you do. SCardListReaders: OK Available readers (use command line argument to select) 0: ACS APG8201 00 00 Using reader: ACS APG8201 00 00 Protocol: 2 SCardConnect: OK SCardControl: OK TLV (18): 06 04 42 33 00 06 07 04 42 33 00 07 0A 04 42 33 00 0A SCardControl(CM_IOCTL_GET_FEATURE_REQUEST): OK Reader supports: FEATURE_VERIFY_PIN_DIRECT Reader supports: FEATURE_MODIFY_PIN_DIRECT Reader supports: FEATURE_IFD_PIN_PROPERTIES SCardControl(pin_properties_ioctl): OK PIN PROPERTIES (4): 10 02 07 00 wLcdLayout: 0x0210 bEntryValidationCondition: 7 bTimeOut2: 0 Reader: ACS APG8201 00 00 (length 18 bytes) State: 0x0034 Prot: 2 ATR (length 23 bytes): 3B 9F 95 81 31 FE 9F 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 0E D8 SCardStatus: OK Protocol: 2 SCardReconnect: OK Select applet: 00 A4 04 00 06 A0 00 00 00 18 FF card response: 6A 82 SCardTransmit: OK Error: test applet not found! Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACS pinpad support
Le 29 octobre 2011 17:27, Jean-Michel Pouré - GOOZE jmpo...@gooze.eu a écrit : Le samedi 29 octobre 2011 à 13:08 +0200, Ludovic Rousseau a écrit : Run the examples/scardcontrol provided with the source code of my CCID driver. And post the output. TLV (18): 06 04 42 33 00 06 07 04 42 33 00 07 0A 04 42 33 00 0A SCardControl(CM_IOCTL_GET_FEATURE_REQUEST): OK Reader supports: FEATURE_VERIFY_PIN_DIRECT Reader supports: FEATURE_MODIFY_PIN_DIRECT Reader supports: FEATURE_IFD_PIN_PROPERTIES Verify and Modify PIN should work in OpenSC. At least the PC/SC service is present. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
