Re: [opensc-devel] Problem with CardMan4040 and OpenSC
26.11.2011 10:43, Martin Paljak kirjoitti: Hello, It can be compiled with OpenCT support, exclusively. But that's a corner case, I believe 95%+ of people have pcsc-lite/CCID compatible hardware. Key is to build pcsc-lite with support for openct. I guess you mean the opposite: build openct with pcsc-lite support. I fully agree. I'm using CardMan 4040 with pcsclite. Personally, I got pissed off with fighting with openct. pcsclite works much better. I also have a couple of usb readers, but the CardMan is very handy with my laptop (I got it free from my friend, thanks Max!) I'm using svn versions of the softwares (opensc, pcsclite, pampkcs11). However, after pcsclite svn rev 6019 I got some problems, so I'm still using 6018. About to update to 1.8.1 some day, I assume the latest version should work if run as a service started at bootup. Since Ubuntu does not yet have official support for systemd, I'll be using it this way anyway. The most problems with all this smart card systems with linux are usually 1) distribution included versions are old 2) when self compiled, double check all the config file directories... for example, config is not necessary on /etc, it might also be on /usr/etc! When installing CardMan to be used with pcsclilte, I followed mainly instructiuons from here: http://blog.deepreflect.net/2011/01/23/omikey-cardman-4040-linux-fc14/ . The main point is not to use the manufacturers install procedure, but manually copy the driver (which is for kernel ver 2.x, however, works with 3) from the gz and write the cardman4040.conf - file. Hannu smime.p7s Description: S/MIME-salakirjoitettu allekirjoitus ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Hi Hannu, I just read the instructions at http://blog.deepreflect.net/2011/01/23/omikey-cardman-4040-linux-fc14/ and tried downloading the latest driver from http://www.hidglobal.com. Unfortunately, it seems that the tar file, that HID uploaded is not correct: $ tar xvf ifdok_cm4040_lnx_x64-2.0.0.tar.gz tar: This does not look like a tar archive tar: Skipping to next header tar: Exiting with failure status due to previous errors The 32bit version does not work, either. Regards, Niclas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
On Nov 26, 2011, at 3:01 , Niclas Hoyer wrote: Unfortunately, it seems that the tar file, that HID uploaded is not correct: $ tar xvf ifdok_cm4040_lnx_x64-2.0.0.tar.gz .gz requires z: tar xzvf ifdok_cm4040_lnx_x64-2.0.0.tar.gz -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
On 26.11.2011 15:17, Hannu Kotipalo wrote: 26.11.2011 15:01, Niclas Hoyer kirjoitti: Hi Hannu, I just read the instructions at http://blog.deepreflect.net/2011/01/23/omikey-cardman-4040-linux-fc14/ and tried downloading the latest driver from http://www.hidglobal.com. Unfortunately, it seems that the tar file, that HID uploaded is not correct: $ tar xvf ifdok_cm4040_lnx_x64-2.0.0.tar.gz try tar -xzf tar: This does not look like a tar archive tar: Skipping to next header tar: Exiting with failure status due to previous errors The 32bit version does not work, either. Regards, Niclas Hannu Silly me :-) Thanks for your suggestions, but the error still remains: $ tar -xzf ifdok_cm4040_lnx_x64-2.0.0.tar.gz tar: This does not look like a tar archive tar: Skipping to next header tar: Exiting with failure status due to previous errors Regards, Niclas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
26.11.2011 16:34, Niclas Hoyer kirjoitti: Silly me :-) Thanks for your suggestions, but the error still remains: $ tar -xzf ifdok_cm4040_lnx_x64-2.0.0.tar.gz tar: This does not look like a tar archive tar: Skipping to next header tar: Exiting with failure status due to previous errors Regards, Niclas hmm.. I'm using 32bit version with my laptop, it works ok. Tried to unzip the 64 bit version, got the same error :-( oh, works, if you -- gunzip ifdok_cm4040_lnx_x64-2.0.0.tar.gz tar -xf ifdok_cm4040_lnx_x64-2.0.0.tar --- Hannu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
26.11.2011 12:04, Hannu Kotipalo kirjoitti: I fully agree. I'm using CardMan 4040 with pcsclite. Personally, I got pissed off with fighting with openct. pcsclite works much better. I also have a couple of usb readers, but the CardMan is very handy with my laptop (I got it free from my friend, thanks Max!) One note thought; this does NOT work, if you are using both CardMan 4040 AND a ccid reader. I'm using svn versions of the softwares (opensc, pcsclite, pampkcs11). However, after pcsclite svn rev 6019 I got some problems, so I'm still using 6018. About to update to 1.8.1 some day, I assume the latest version should work if run as a service started at bootup. Since Ubuntu does not yet have official support for systemd, I'll be using it this way anyway. I just installed version 1.8.1, it works, but you have to make pcscd run as a service, ie. edit /etc/init.d/pcscd and comment out the exit 0 line. See comments on the file. Hannu smime.p7s Description: S/MIME-salakirjoitettu allekirjoitus ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Martin Paljak wrote: Key is to build pcsc-lite with support for openct. I guess you mean the opposite: build openct with pcsc-lite support. Yes, that's right. Sorry for the confusion. It would be nice if some OpenCT user would: - remove CCID support from OpenCT default build - make the pcsc-lite configuration semiautomatic pcsc-lite or rather the ccid package does not have all features of OpenCT. In particular the support for cm4040 only exists in OpenCT. I think it makes no sense at all to remove CCID support from OpenCT. The code is there and works and people can use it if they like to. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Niclas Hoyer wrote: thanks for your help. I just copied your entries in /etc/reader.conf and it worked! Unfortunately, it just worked once really well. OpenCT crashed somehow and now just responses with ct_card_lock: err=-7 I haven't seen this on my system, but OK, let's solve that problem. As I wrote, it works perfectly for me. Anyway, I just ordered a SCM SCR3310 to get things working. Um, ok, please let me know if I should spend time helping you to get the cm4040 working? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Niclas Hoyer wrote: Unfortunately, it seems that the tar file, that HID uploaded is not correct: $ tar xvf ifdok_cm4040_lnx_x64-2.0.0.tar.gz tar: This does not look like a tar archive Their web server is configured to automatically gzip compress file names which end with .gz, so you get a tar file that has been gzipped twice, and you have to manually gunzip it once in order for tar to be able to (automatically, without z in modern versions of tar) uncompress the second time. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
26.11.2011 19:01, Peter Stuge kirjoitti: Hannu Kotipalo wrote: Personally, I got pissed off with fighting with openct. pcsclite works much better. This is simply not true. As I already explained, OpenCT works perfectly, and it offers the rather significant advantage that hmm.. when I tried openct some time ago, I couldnot get it to work.I was using ccid redaer with MyEID card on a 64 bit system. MaybeI should give it another try? I do not have to rely on a closed source software for doing my smart card crypto. I'm surprised that you don't care about that. Well, I would preferopen source.. but wouldthere be closed source on 4040 case anyway? When installing CardMan to be used with pcsclilte, You mean when installing the vendor supplied PCMCIA driver and the closed source ifdhandler. Remember that I also use the reader with pcsc-lite, even though it's through OpenCT. Hmm.. maybe I try openct again some day with my CardMan4040. Hannu smime.p7s Description: S/MIME-salakirjoitettu allekirjoitus ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
On 26.11.2011 18:06, Peter Stuge wrote: Um, ok, please let me know if I should spend time helping you to get the cm4040 working? Thanks for your help. I think I got it working now. I reinstalled openct and double checked /etc/reader.conf.d/reader.conf $ cat /etc/reader.conf.d/reader.conf FRIENDLYNAME OMNIKEY CardMan 4040 Socket 0 DEVICENAME /dev/null LIBPATH /usr/lib/openct-ifd.so CHANNELID 0 now I get: $ opensc-tool -a Using reader with a card: OMNIKEY CardMan 4040 Socket 0 00 00 3b:ef:00:ff:81:31:fe:45:65:63:11 ... So I think everything is working :) One last thing: is it normal, that I have to jiggle the card a bit to get it working? It seems that the connection between the cardman and the card is not that reliable. Regards, Niclas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Niclas Hoyer wrote: Um, ok, please let me know if I should spend time helping you to get the cm4040 working? Thanks for your help. I think I got it working now. I reinstalled openct and double checked /etc/reader.conf.d/reader.conf $ cat /etc/reader.conf.d/reader.conf FRIENDLYNAME OMNIKEY CardMan 4040 Socket 0 DEVICENAME /dev/null LIBPATH /usr/lib/openct-ifd.so CHANNELID 0 now I get: $ opensc-tool -a Using reader with a card: OMNIKEY CardMan 4040 Socket 0 00 00 3b:ef:00:ff:81:31:fe:45:65:63:11 ... So I think everything is working :) Ok, nice! One last thing: is it normal, that I have to jiggle the card a bit to get it working? It seems that the connection between the cardman and the card is not that reliable. Hm, I may have seen this once or twice, but it doesn't generally happen with my (refurbished) cm4040. Maybe the reader contacts have oxidized, or the plastic on the edges of the reader has been worn or damaged so that the card is not guided to the exact right location under the contacts, or maybe even the card contacts are worn? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Niclas Hoyer wrote:
I have set up OpenCT and cm4040 on a up to date full x64 ArchLinux
system. The only thing I had to do, after I installed
openct from AUR and pcsclite from the repositories was to first
comment out
#reader cm4040 {
#driver = ccid;
#device = pcmcia_block:/dev/cmx0;
#};
from /etc/openct.conf
By comment out I guess you mean uncomment? :)
//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
26.11.2011 19:50, Peter Stuge kirjoitti: hmm.. when I tried openct some time ago, I couldnot get it to work. I was using ccid redaer with MyEID card on a 64 bit system. MaybeI should give it another try? Well, if you have a working setup which you are happy with then there's also no need to change that, right? :) Yes, don't fix if it's not broken (like my space bar,whichdoesnot allways work very good) .. I have a mixed 32/64 system, but the smart card related packages I run are so far 32. I need to switch to a full 64 system soon, if you like I can keep you updated on how OpenCT and cm4040 works for me there. I have 64 bit desktop (all sw is 64 bit) and an old Lenovo X60 laptop (32bit). On the desktop, I have ccid compatible reader, on the laptop I'm using CardMan4040. On both systems I'm also using ACR38 micro card reader (USB token) which has MyEID card and cacert certificates. When I tried openct, I was using the 64 bit desktop with 64 bit sw. I do not have to rely on a closed source software for doing my smart card crypto. I'm surprised that you don't care about that. Well, I would preferopen source.. but wouldthere be closed source on 4040 case anyway? The HID Global ifdhandler .so file is closed source. Only their kernel module is published with source code. Ok. When installing CardMan to be used with pcsclilte, You mean when installing the vendor supplied PCMCIA driver and the closed source ifdhandler. Remember that I also use the reader with pcsc-lite, even though it's through OpenCT. Hmm.. maybe I try openct again some day with my CardMan4040. Let me know if you would like more information from me about my setup. I'm happy to document it in order to help others. The way I do some things will probably be different from what others would like, but that should be easy enough to adjust. I e.g. have udev run openct-control init as my user, and I manually run pcscd -f when I want to use the reader. One or both those things can be done differently if prefered. I'm using pam_pkcs11 to log in with my Finnish ID card, so the reader has to work before I log in. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel smime.p7s Description: S/MIME-salakirjoitettu allekirjoitus ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Problem with CardMan4040 and OpenSC
Hi, I'm running a recent ArchLinux on a Thinkpad x60t and installed a CardMan4040 pcmcia card reader. OpenCT works, at least I get an ATR: $ openct-tool list 0 CCID Compatible $ openct-tool atr Detected CCID Compatible Card present, status changed ATR: 3b ff 96 00 ff 81 31 ... But opensc does not list any reader: $ opensc-tool --list-readers No smart card readers found. If I set debug = 5 in /etc/opensc.conf I get: $ opensc-tool --list-readers 0x7fd1227f8700 19:33:54.491 [opensc-tool] ctx.c:659:sc_context_create: === 0x7fd1227f8700 19:33:54.491 [opensc-tool] ctx.c:660:sc_context_create: opensc version: 0.12.2 0x7fd1227f8700 19:33:54.491 [opensc-tool] reader-pcsc.c:657:pcsc_init: PC/SC options: connect_exclusive=0 disconnect_action=1 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 0x7fd1227f8700 19:33:54.492 [opensc-tool] reader-pcsc.c:870:pcsc_detect_readers: called 0x7fd1227f8700 19:33:54.492 [opensc-tool] reader-pcsc.c:878:pcsc_detect_readers: Probing pcsc readers 0x7fd1227f8700 19:33:54.492 [opensc-tool] reader-pcsc.c:900:pcsc_detect_readers: Establish pcsc context 0x7fd1227f8700 19:33:54.493 [opensc-tool] reader-pcsc.c:905:pcsc_detect_readers: SCardEstablishContext failed: 0x8010001d 0x7fd1227f8700 19:33:54.493 [opensc-tool] reader-pcsc.c:1023:pcsc_detect_readers: returning with: -1101 (No readers found) No smart card readers found. 0x7fd1227f8700 19:33:54.493 [opensc-tool] ctx.c:737:sc_release_context: called 0x7fd1227f8700 19:33:54.493 [opensc-tool] reader-pcsc.c:736:pcsc_finish: called So, why is opensc trying to talk to pcsc? Is there anything I have to do, so that opensc recognizes openct devices? Regards, Niclas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Am Freitag 25 November 2011, 19:39:43 schrieb Niclas Hoyer: Hi, I'm running a recent ArchLinux on a Thinkpad x60t and installed a CardMan4040 pcmcia card reader. OpenCT works, at least I get an ATR: Buy a real card reader, CardMan 4040 never worked right in all these years, as far as I know. I reported bugs with the unstable kernel driver, and IIRC the developer had moved on to more interesting topics already, so I guess those remain unfixed. Who wants to use old and undocumented hardware, when there are nice alternatives with companies wanting to be supported and giving you support and documentation etc? Please vote with your money. Sorry, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Andreas Jellinghaus wrote: I'm running a recent ArchLinux on a Thinkpad x60t and installed a CardMan4040 pcmcia card reader. OpenCT works, at least I get an ATR: Buy a real card reader, CardMan 4040 never worked right in all these years, as far as I know. Not so. I'm using one with great success since a couple of months. Everything works perfectly. I reported bugs with the unstable kernel driver, and IIRC the developer had moved on to more interesting topics already, so I guess those remain unfixed. What was unstable, and what was the issue? Is there still a kernel bugzilla entry? Who wants to use old and undocumented hardware, Documentation for the hardware is available, just not publically. The hardware is actually CCID, but wrapped in a thin PCMCIA layer. when there are nice alternatives with companies wanting to be supported and giving you support and documentation etc? Please vote with your money. Omnikey are a pretty nice company. Also, as I'm sure you know, there are not very many PCMCIA readers available. The 4040 seems by far the best for Linux, and as I said, I back that by zero problems. Niclas, I'll reply to your message with some details about my setup. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problem with CardMan4040 and OpenSC
Niclas Hoyer wrote: $ openct-tool list 0 CCID Compatible $ openct-tool atr Detected CCID Compatible Card present, status changed ATR: 3b ff 96 00 ff 81 31 ... Good stuff. This means kernel driver and OpenCT are all in order. In order to work easily with OpenSC and other software that might want to use the reader I would suggest to replicate the setup I have. I've built pcsc-lite with support not only for USB CCID but also for openct, and that is how OpenSC can reach the cm4040. 0x7fd1227f8700 19:33:54.493 [opensc-tool] reader-pcsc.c:1023:pcsc_detect_readers: returning with: -1101 (No readers found) No smart card readers found. .. So, why is opensc trying to talk to pcsc? I'm not sure OpenSC still supports OpenCT directly. Anyway, taking the detour through pcscd allows also other software than OpenSC to use the card, which was a requirement for me. Is there anything I have to do, so that opensc recognizes openct devices? pcscd needs a reader.conf to know about the reader: --8-- /etc/reader.conf FRIENDLYNAME cm4040 DEVICENAME /dev/null LIBPATH /usr/lib/openct-ifd.so CHANNELID 0x0 --8-- Then I simply run pcscd -f and can watch what is going on with the card. If I haven't run openct-control init, this is my pcscd output: $ pcscd -f Error: can't open /var/run/openct/status: No such file or directory readerfactory.c:1050:RFInitializeReader() Open Port 0 Failed (/dev/null) 1082 readerfactory.c:233:RFAddReader() cm4040 init failed. 00330333 tokenparser.l:175:LTPBundleFindValueWithKey() Value/Key not defined for: ifdVendorID in /usr/lib/readers/usb/ifd-ccid.bundle/Contents/Info.plist ^C $ openct-control init $ openct-tool list 0 CCID Compatible $ pcscd -f tokenparser.l:175:LTPBundleFindValueWithKey() Value/Key not defined for: ifdVendorID in /usr/lib/readers/usb/ifd-ccid.bundle/Contents/Info.plist ^C The plist error is harmless, everything works for me anyway. Key is to build pcsc-lite with support for openct. Watch out with udev rules if you also want to connect a USB CCID reader. That can be supported both by OpenCT and pcsc-lite. I choose to let pcsc-lite handle those in my system, so I have to take out the OpenCT udev rules so that OpenCT leaves them alone, but you may prefer to use OpenCT. Let me know if you have any questions. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
