Re: [opensc-devel] EF(DIR) and sc_pkcs15_bind_internal
Hello, On Fri, Jun 1, 2012 at 9:45 PM, Douglas E. Engert deeng...@anl.gov wrote: An example might be a PIV card application has the ATR may contain the default application on the card. Thus it could be possible that a card has both a default application that is not PKCS#15 and the card could also be a PKCS#15 card. I don't now understand what you want to imply. Should the logic be tuned further? What I'm trying to do is to create a card application that would require minimal or even no changes at all to OpenSC to be recognized as a PKCS#15 card. But adhering to standards, I believe that the first check should be trying to select the PKCS#15 application by AID, if EF(DIR) is not present. As I've not found a reference to 5015 either (except that it has been used by other applications for PKCS#15 DF in the wild), this might also reply to the question of why the file ID-s are as they currently ar. The best description of the issue is of course a patch, which solves the problem as I see it. Will send it on Monday. Best, Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] EF(DIR) and sc_pkcs15_bind_internal
Le 02/06/2012 14:10, Martin Paljak a écrit : Hello, On Fri, Jun 1, 2012 at 9:45 PM, Douglas E. Engert deeng...@anl.gov wrote: An example might be a PIV card application has the ATR may contain the default application on the card. Thus it could be possible that a card has both a default application that is not PKCS#15 and the card could also be a PKCS#15 card. I don't now understand what you want to imply. Should the logic be tuned further? What I'm trying to do is to create a card application that would require minimal or even no changes at all to OpenSC to be recognized as a PKCS#15 card. But adhering to standards, I believe that the first check should be trying to select the PKCS#15 application by AID, if EF(DIR) is not present. There is also EF.ATR, where the (default) application ID could be encoded. I have no ISO-7816-5, but according to 'ISO-7816-4 2005' ch.8.2.2 'Application selection' there are following application selection methods: - implicit application selection. For this method an application ID or initial application selection command has to be present in historical bytes of ATR. If there is no such data in historical bytes, then application identifier has to be looked for in EF.ATR. - selection using the SELECT-DF-NAME command with the AID found in historical bytes or in EF.ATR - selection using composed data from EF.DIR and EF.ATR. Parsing of EF.ATR content is already present in the common part of OpenSC. As I've not found a reference to 5015 either (except that it has been used by other applications for PKCS#15 DF in the wild), this might also reply to the question of why the file ID-s are as they currently ar. Afaiu, the '5015' (P15) is nowhere in the standards. It's used by OpenSC convention and also by other card producers (Oberthur AuthentIC 3.2). The best description of the issue is of course a patch, which solves the problem as I see it. Will send it on Monday. Best, Martin Kind regards, Viktor. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] EF(DIR) and sc_pkcs15_bind_internal
Hello, OpenSC currently tries to read EF(DIR) and if this fails, doesn't find the PKCS#15 application on the card. Yet PKCS#15 tells: a) 5.4.1: EF(DIR) is optional b) 5.7.1/5.7.2: PKCS #15 compliant IC cards should support direct application selection as defined in ISO/IEC 7816-4 Section 9 and ISO/IEC 7816-5, Section 6 (the full AID is to be used as parameter for a ‘SELECT FILE’ command). If direct application selection is not supported, or several PKCS #15 applications reside on the card, an EF(DIR) file with contents as specified in Section 5.4.1 must be used. and The AID is used as the filename for DF(PKCS15) in order to facilitate direct selection of the PKCS #15 application on multi-application cards with only one PKCS #15 application present. Thus I believe that the logic should go: 1. see if EF(DIR) is present and use it if present 2. try selection by PKCS#15 DF name 3. try selection by other hard-coded DF names, as listed in dir.c variable apps. 4. try finding EF(ODF) directly in MF (as the code currently does, but I don't know when/if this should be triggered currently at all) Anyone knows if there are amendments in ISO7816-15 or if this could be interpreted differently from PKCS#15 v1.1 as well? Martin ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
