Re: [opensc-devel] pkcs15 init, problem with the profile
Hello, Aventra development: Does the other drivers work when initializing a card, and is the ACL set correctly? The ACL is set correctly for Rutoken. Example (Rutoken ECP): $ pkcs15-init -E -C --so-pin 87654321 --so-puk 21 1.txt 1.txt attached See: card.c:362:sc_create_file: called; type=2, path=3f002f00, size=128 - card-rtecp.c:239:set_sec_attr_from_acl - card-rtecp.c:780:rtecp_construct_fci - card-rtecp.c:561:rtecp_create_file: returning with: 0 [pkcs15-init] ctx.c:735:sc_context_create: === [pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.9-svn [pkcs15-init] reader-openct.c:79:openct_reader_init: called [pkcs15-init] sc.c:196:sc_detect_card_presence: called [pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called [pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1 [pkcs15-init] sc.c:196:sc_detect_card_presence: called [pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called [pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1 [pkcs15-init] card.c:110:sc_connect_card: called [pkcs15-init] reader-openct.c:218:openct_reader_connect: called [pkcs15-init] card.c:140:sc_connect_card: matching configured ATRs [pkcs15-init] card.c:182:sc_connect_card: matching built-in ATRs [pkcs15-init] card.c:188:sc_connect_card: trying driver: cardos [pkcs15-init] card.c:188:sc_connect_card: trying driver: cardos [pkcs15-init] card.c:188:sc_connect_card: trying driver: flex [pkcs15-init] card.c:188:sc_connect_card: trying driver: cyberflex [pkcs15-init] card.c:188:sc_connect_card: trying driver: gpk [pkcs15-init] card.c:188:sc_connect_card: trying driver: gemsafeV1 [pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called [pkcs15-init] card.c:188:sc_connect_card: trying driver: miocos [pkcs15-init] card.c:188:sc_connect_card: trying driver: mcrd [pkcs15-init] card.c:188:sc_connect_card: trying driver: asepcos [pkcs15-init] card.c:188:sc_connect_card: trying driver: setcos [pkcs15-init] card.c:285:sc_lock: called [pkcs15-init] reader-openct.c:410:openct_reader_lock: called [pkcs15-init] card.c:312:sc_unlock: called [pkcs15-init] reader-openct.c:437:openct_reader_unlock: called [pkcs15-init] card.c:188:sc_connect_card: trying driver: starcos [pkcs15-init] card.c:188:sc_connect_card: trying driver: tcos [pkcs15-init] card.c:188:sc_connect_card: trying driver: openpgp [pkcs15-init] card.c:188:sc_connect_card: trying driver: jcop [pkcs15-init] card.c:188:sc_connect_card: trying driver: oberthur [pkcs15-init] card.c:188:sc_connect_card: trying driver: belpic [pkcs15-init] card.c:188:sc_connect_card: trying driver: atrust-acos [pkcs15-init] card.c:188:sc_connect_card: trying driver: muscle [pkcs15-init] card.c:285:sc_lock: called [pkcs15-init] reader-openct.c:410:openct_reader_lock: called [pkcs15-init] card.c:312:sc_unlock: called [pkcs15-init] reader-openct.c:437:openct_reader_unlock: called [pkcs15-init] muscle.c:276:msc_select_applet: returning with: -1200 [pkcs15-init] card.c:188:sc_connect_card: trying driver: incrypto34 [pkcs15-init] card.c:188:sc_connect_card: trying driver: piv [pkcs15-init] card-piv.c:1769:piv_match_card: called [pkcs15-init] card-piv.c:493:piv_find_aid: called [pkcs15-init] card.c:285:sc_lock: called [pkcs15-init] reader-openct.c:410:openct_reader_lock: called [pkcs15-init] card.c:312:sc_unlock: called [pkcs15-init] reader-openct.c:437:openct_reader_unlock: called [pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported [pkcs15-init] card.c:285:sc_lock: called [pkcs15-init] reader-openct.c:410:openct_reader_lock: called [pkcs15-init] card.c:312:sc_unlock: called [pkcs15-init] reader-openct.c:437:openct_reader_unlock: called [pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported [pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208 [pkcs15-init] card.c:188:sc_connect_card: trying driver: acos5 [pkcs15-init] card.c:188:sc_connect_card: trying driver: akis [pkcs15-init] card.c:188:sc_connect_card: trying driver: entersafe [pkcs15-init] card-entersafe.c:101:entersafe_match_card: called [pkcs15-init] card.c:188:sc_connect_card: trying driver: rutoken [pkcs15-init] card-rutoken.c:129:rutoken_match_card: called [pkcs15-init] card-rutoken.c:135:rutoken_match_card: returning with: 0 [pkcs15-init] card.c:188:sc_connect_card: trying driver: rutoken_ecp [pkcs15-init] card-rtecp.c:50:rtecp_match_card: returning with: 1 [pkcs15-init] card.c:196:sc_connect_card: matched: Rutoken ECP driver [pkcs15-init] card-rtecp.c:83:rtecp_init: returning with: 0 [pkcs15-init] card.c:221:sc_connect_card: card info: Rutoken ECP card, 0, 0x0 [pkcs15-init] card.c:222:sc_connect_card: returning with: 0 [pkcs15-init] card.c:285:sc_lock: called [pkcs15-init] reader-openct.c:410:openct_reader_lock: called [pkcs15-init] card.c:668:sc_card_ctl: called [pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported [pkcs15-init] card.c:532:sc_select_file: called; type=2,
Re: [opensc-devel] pkcs15 init, problem with the profile
Hi, Example (This is a circumstance worthy of being noted) $ pkcs15-init -E -C ... ... No PIN objects ... Create DF (Example PKCS15-AppDF: (rutoken_ecp.profile) acl = *=NONE, DELETE=___CHV2___) ... Create PIN ... Create DF (Example PKCS15-AODF: (rutoken_ecp.profile) acl = *=NEVER, READ=NONE, UPDATE=___$SOPIN___, WRITE=___$SOPIN___, DELETE=___$SOPIN___) ... Aventra development: Hi! Hi We are trying to implement the pkcs15 initialization to the MyEID cards and can't get it to work. (...) Does anybody know where the problem might be? Does the other drivers work when initializing a card, and is the ACL set correctly? Yes it's working fine... at least for me. Perhaps can you send some logs Thanks for the offer, but we have now looked at the Rutoken ECP driver (thanks Aleksey) and noticed that we were missing some required implementations of some functions. We are currently doing the implementations, and hope to get it working soon. I will ask again if we still need some help with this. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] pkcs15 init, problem with the profile
Hi! We are trying to implement the pkcs15 initialization to the MyEID cards and cant get it to work. The current problem is that the ACL definitions are not set correctly according to how we have set them in the profile file. The ACL written to the card is always 0, regardless of what the profile has set. The MyEID drivers function that gets called, receives the ACL values 0 every time. We tried to look at the other drivers code, but could not find a solution there. Does anybody know where the problem might be? Does the other drivers work when initializing a card, and is the ACL set correctly? Any help would be much appreciated. Otherwise we have to do as many others, develop own tool for the initialization. At this point it feels that that would be much easier, that trying to fully understand why the profile handling does not work. Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
