Re: [opensc-devel] Windows minidriver and Secure PIN Entry
On 9/10/2012 4:09 PM, Taylor, Tim wrote: I was the OP of this thread. I've tried the following applications: - certutil (specifically certutil -SCInfo to examine card contents) - Outlook 2010 (sending signed emails) I was requesting the author of the minidriver mods that added the PIN PAD support to respond, to how they tested the mod (if at all) and what PINPAD reader(s) were tested with (if at all.) I don't think it was me :) With both of these, I'm prompted to enter my card PIN in a Windows dialog box, rather than on the readers pin pad. I'm using an OmniKey 3821 reader which has a pin pad. - Tim On Mon, 2012-09-10 at 09:56 -0500, Douglas E. Engert wrote: To the list: The minidriver has code to test for reader features to be able to use a PIN PAD reader. Someone added that code. Could they please respond to this thread? I would suspect that the calling applications also need to be updated, and this may be the problem. Is there a minidriver application that can be used with a PIN PAD reader? If so what is it and what reader was used? On 9/7/2012 9:33 AM, Taylor, Tim wrote: On Thu, 2012-09-06 at 15:06 -0500, Douglas E. Engert wrote: With the PKCS#11 OpenSC calls pcsc_detect_readers and this calls the detect_reader_features. With the minidriver, the Microsoft code passes in the handles of open connections to PC/SC, and pcsc_detect_readers is not called, so no special features get detected. It might be possible call the pcsc_reader_features from the minidriver but it would require some code changes and testing. What version of OpenSC are your using? On What Windows OS? Looking closer the reader-pcsc.c in github has two sets of code, one for normal pcsc used by PKCS#11 and one for cardmod i.e. minidriver, that check for reader features for the pin pad. http://msdn.microsoft.com/en-us/windows/hardware/gg487500.aspx Version 6 says External PINs for PIN PAD are new. Vista and later. Version 7 Talks about External PINs. Windows 7 and later. So the code may be there. A trace might be helpful. I'm on Windows 7, fully patched. opensc-tool -i returns: opensc 0.12.2 [Microsoft 1600] Enabled features:pcsc openssl zlib - Tim ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows minidriver and Secure PIN Entry
On Thu, 2012-09-06 at 15:06 -0500, Douglas E. Engert wrote: With the PKCS#11 OpenSC calls pcsc_detect_readers and this calls the detect_reader_features. With the minidriver, the Microsoft code passes in the handles of open connections to PC/SC, and pcsc_detect_readers is not called, so no special features get detected. It might be possible call the pcsc_reader_features from the minidriver but it would require some code changes and testing. What version of OpenSC are your using? On What Windows OS? Looking closer the reader-pcsc.c in github has two sets of code, one for normal pcsc used by PKCS#11 and one for cardmod i.e. minidriver, that check for reader features for the pin pad. http://msdn.microsoft.com/en-us/windows/hardware/gg487500.aspx Version 6 says External PINs for PIN PAD are new. Vista and later. Version 7 Talks about External PINs. Windows 7 and later. So the code may be there. A trace might be helpful. I'm on Windows 7, fully patched. opensc-tool -i returns: opensc 0.12.2 [Microsoft 1600] Enabled features:pcsc openssl zlib - Tim ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows minidriver and Secure PIN Entry
I have installed the drivers from HID Global for this reader. The same reader device driver will be used regardless of whether the PKCS#11 module, or the minidriver is used to interact with the Smart Card, right? And as I mentioned when I use the PCKS#11 driver, I'm prompted to enter my pin on the pinpad. When I use the opensc minidriver, I'm prompted to enter my pin in a windows dialog box using the PC keyboard. Is the opensc minidriver not able to detect and use the pinpad? - Tim On Sat, 2012-08-25 at 01:10 +0200, Frank Morgner wrote: The default Windows USB CCID driver does not support secure PIN entry. You need to get a better driver for your reader. Presumably OmniKey provides such a driver. Cheers, Frank. On Friday, August 24 at 03:03PM, Taylor, Tim wrote: Hello, I've been a long time user of the opensc project on linux. Now I'm trying to use OpenSC on Windows 7. The reader I'm using is an OmniKey 3821 USB CCID device with an LCD display and a PIN pad. Using the opensc PKCS#11 module in applications such as firefox or thunderbird works great, requiring the card PIN to be entered on the PIN pad of the reader as desired. Now I'm looking at using the opensc minidriver to provide access for applications that use the Windows crpyto API. After some fiddling around, I managed to change the driver for my smart card (Gemalto TOPDLGX4 144k) to the opensc minidriver. However, when I use an application that tries to access the card, I'm prompted to enter the PIN in a Windows dialog rather than the reader PIN pad. Is there a way to have the external PIN pad be used to enter card PINs when using the opensc minidriver? - Tim ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows minidriver and Secure PIN Entry
On 9/5/2012 4:32 PM, Taylor, Tim wrote: I have installed the drivers from HID Global for this reader. The same reader device driver will be used regardless of whether the PKCS#11 module, or the minidriver is used to interact with the Smart Card, right? And as I mentioned when I use the PCKS#11 driver, I'm prompted to enter my pin on the pinpad. When I use the opensc minidriver, I'm prompted to enter my pin in a windows dialog box using the PC keyboard. Is the opensc minidriver not able to detect and use the pinpad? With the PKCS#11 OpenSC calls pcsc_detect_readers and this calls the detect_reader_features. With the minidriver, the Microsoft code passes in the handles of open connections to PC/SC, and pcsc_detect_readers is not called, so no special features get detected. It might be possible call the pcsc_reader_features from the minidriver but it would require some code changes and testing. - Tim On Sat, 2012-08-25 at 01:10 +0200, Frank Morgner wrote: The default Windows USB CCID driver does not support secure PIN entry. You need to get a better driver for your reader. Presumably OmniKey provides such a driver. Cheers, Frank. On Friday, August 24 at 03:03PM, Taylor, Tim wrote: Hello, I've been a long time user of the opensc project on linux. Now I'm trying to use OpenSC on Windows 7. The reader I'm using is an OmniKey 3821 USB CCID device with an LCD display and a PIN pad. Using the opensc PKCS#11 module in applications such as firefox or thunderbird works great, requiring the card PIN to be entered on the PIN pad of the reader as desired. Now I'm looking at using the opensc minidriver to provide access for applications that use the Windows crpyto API. After some fiddling around, I managed to change the driver for my smart card (Gemalto TOPDLGX4 144k) to the opensc minidriver. However, when I use an application that tries to access the card, I'm prompted to enter the PIN in a Windows dialog rather than the reader PIN pad. Is there a way to have the external PIN pad be used to enter card PINs when using the opensc minidriver? - Tim ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows minidriver and Secure PIN Entry
On Thu, Sep 6, 2012 at 12:32 AM, Taylor, Tim ttay...@mitre.org wrote: Is the opensc minidriver not able to detect and use the pinpad? At the moment, no. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Windows minidriver and Secure PIN Entry
Hello, I've been a long time user of the opensc project on linux. Now I'm trying to use OpenSC on Windows 7. The reader I'm using is an OmniKey 3821 USB CCID device with an LCD display and a PIN pad. Using the opensc PKCS#11 module in applications such as firefox or thunderbird works great, requiring the card PIN to be entered on the PIN pad of the reader as desired. Now I'm looking at using the opensc minidriver to provide access for applications that use the Windows crpyto API. After some fiddling around, I managed to change the driver for my smart card (Gemalto TOPDLGX4 144k) to the opensc minidriver. However, when I use an application that tries to access the card, I'm prompted to enter the PIN in a Windows dialog rather than the reader PIN pad. Is there a way to have the external PIN pad be used to enter card PINs when using the opensc minidriver? - Tim ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows minidriver and Secure PIN Entry
The default Windows USB CCID driver does not support secure PIN entry. You need to get a better driver for your reader. Presumably OmniKey provides such a driver. Cheers, Frank. On Friday, August 24 at 03:03PM, Taylor, Tim wrote: Hello, I've been a long time user of the opensc project on linux. Now I'm trying to use OpenSC on Windows 7. The reader I'm using is an OmniKey 3821 USB CCID device with an LCD display and a PIN pad. Using the opensc PKCS#11 module in applications such as firefox or thunderbird works great, requiring the card PIN to be entered on the PIN pad of the reader as desired. Now I'm looking at using the opensc minidriver to provide access for applications that use the Windows crpyto API. After some fiddling around, I managed to change the driver for my smart card (Gemalto TOPDLGX4 144k) to the opensc minidriver. However, when I use an application that tries to access the card, I'm prompted to enter the PIN in a Windows dialog rather than the reader PIN pad. Is there a way to have the external PIN pad be used to enter card PINs when using the opensc minidriver? - Tim ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Frank Morgner Virtual Smart Card Architecture http://vsmartcard.sourceforge.net OpenPACEhttp://openpace.sourceforge.net IFD Handler for libnfc Devices http://sourceforge.net/projects/ifdnfc pgpUN9MQA4Wmo.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel