MUSCLE Is 61xx handled in your driver?

[Naomaru Itoi]

When a card returns 61.xx, it means that the card has xx byte to
return to host. 

Does a smartcard reader driver handle this, usually?  Does it
automatically send get_response APDU and get the return data, or does
it pass the status code 61.xx to the application? 

I am not trying to find out which the right way is.  I am trying to
find out how the actual reader drivers do it.

Thank you. 

--
Concentration .. Naomaru Itoi, coding @ home
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE VerifyKey using OCF

[Naomaru Itoi]

Does your OCF have a PassThru API?  (Sun's OCF does.)  If it does,
PassThru allows you to send an APDU directly to the card, so you could
try that.  

--
Concentration .. Naomaru Itoi, coding @ home
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Disk encryption and more

[Naomaru Itoi]

Hi, 

It's still crude, but we have a paper on smartcard based secure
booting: 

http://www.citi.umich.edu/techreports/

Boot up from secure ROM, and use a smartcard to make sure kernels and
application binaries are good. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Getting started

[Naomaru Itoi]

Hi, Steve,

Excuse me for repeating this for 100 times, but I recommend
Schlumberger Cyberflex smartcard (https://www.cardstore.slb.com/),
Todos Argos Mini reader (http://www.todos.se/argosmini.htm), and the
Linux Starter Kit
(http://www.citi.umich.edu/projects/smartcard/cyberflex_starter/).  

: Steve Crouse <[EMAIL PROTECTED]> wrote:
: 
> Hello all,
> 
> This is my first post to this list. I am interested in begining
> smart card development so I'm trying to decide which reader and card to
> buy. The CHIPDRIVE linux pack looks good and I see that it was actually
> developed in conjunction with this group so I'm leaning towards it. But
> I'd like to use Java for my development if possible and I'm not sure if
> this reader supports that.
> 
> So if anyone could give me some recommendations that would be great.
> I'm looking for a good reader/writer that works under linux and a card
> that will run Java.
> 
> Thanks in advance,

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Carldlet tools

[Naomaru Itoi]

Mick,

We use an application called "pay" in this homepage.  

http://www.citi.umich.edu/projects/smartcard/cyberflex_starter/

pay doesn't have a GUI, though.  

> Date: Tue, 23 Jan 2001 17:25:57 +
> From: Michael McCabe <[EMAIL PROTECTED]>
> 
> Does anybody have any tools that will upload and delete applets from a
> Cyberflex Java card like the xcard application used to do.
> Unfortunately nobody supports this app now and I'd rather work on my
> cardlet rather than the tools that support it.
> 
> Cheers,
> Mick.
> 
> ***
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Xcard and pcsc-lite

[Naomaru Itoi]

We do not support XCard, nor does Schlumberger. 
So I think you are on your own. 

- Original Message - 
From: Michael McCabe <[EMAIL PROTECTED]>
To: Muscle <[EMAIL PROTECTED]>
Sent: Tuesday, January 23, 2001 9:15 AM
Subject: MUSCLE Xcard and pcsc-lite


> As somebody else pointed out XCard does not work with the newer versions
> of pcsc-lite.  Is anybody supporting this product at the moment or is it
> up to me to try and fix it myself.
> 
> Regards,
> Mick.
> 
> ***
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***
> 

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Help to a newbie in SmartCard

[Naomaru Itoi]

Helio,

The tutorial we used in the University of Michigan is at:

http://www.citi.umich.edu/projects/smartcard/smartcard_seminar/

You may find it helpful.

- Original Message -
From: Helio Chissini de Castro <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 23, 2001 7:07 AM
Subject: MUSCLE Help to a newbie in SmartCard


> Hello all
>
> I'm really a newbie in SmatCards world, and really need some start steps
to
> begin the management of my kit.
> At this moment i have a Gemplus-Core 410 working well with pcsc ( by the
way,
> since i'm a linux programmer i was found the formaticc seg fault bug and
made
> some hack um pcsc code, before the mail with solution ), and i have pcsc
> information acou insert/remove cards ok.
> But, at this point, i don't know exactly what i need to do to store
> information, format the chip, well.. anything.. :-/
> If any could help me where to find a begginer step by step or some useful
> information, i'll be very pleased..
>
> Thanks in advance..
>
> --
> Helio Castro
> Desenvolvimento Corporativo Conectiva S.A.
> Brasil
>
> BEGIN GEEK CODE BLOCK 
> GCS/MU d-- S: a- C+++() ULU+++ UHSU+ L+ W+++ w++ OM PS+++ PE-- Y
> t++@ S+++ X R tv+++@ b DI+ D(+) e h(+) r-() UF++(+++)
> -END GEEK CODE BLOCK -
> http://www.geekcode.com
> ***
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***
>

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Beginning smartcards in Linux

[Naomaru Itoi]

Hi, Chris,

It's not a newbie-ish question.  It is kind of confusing out there. 
Although we distribute the Linux starter kit at our homepage, we use  
neither the Reflex 60 reader, nor the xcard application, so
unfortunately we cannot help you much on your problems.  Also,
Schlumberger has dropped support for the starter kit, so you are on
your own. 

That said, general PC/SC advice ...
1. Make sure the reader configuration file, /etc/reader.conf, is there and
is correct.  Especially the port number (or CHANNELID) part.
2. Make sure the permission of the serial port you attach your reader is
open to you. For example, 666 for /dev/cua0 and /dev/cua1.
3. Try running pay instead of xcard, and type 1 or 2 (card reset).  This
way, you can at least tell whether the problem is in the reader driver, or
in the application (xcard or pay, in this case).

Just for your reference, my /etc/reader.conf looks like this.

FRIENDLYNAME"Todos"
DEVICENAME  TODOS_AG
LIBPATH /usr/local/pcsc/lib/libtodos_ag.so
CHANNELID   0x0102f8

FRIENDLYNAME"Todos Debug"
DEVICENAME  TODOS_AG
LIBPATH /usr/local/pcsc/lib/libtodos_ag_dbg.so
CHANNELID   0x0102f8

FRIENDLYNAME"Towitoko Chipdrive"
DEVICENAME  TOW_CHP_DV
LIBPATH /usr/local/pcsc/lib/libtowitoko.so
CHANNELID   0x0102F8


Good luck.

> Hi all
> 
> I've gottan pcscd to compile and start up, and it detects card inserts 
> and such, so I think that I've got the driver working and the 
> middleware, however when I run xCard, it says that it can't locate the 
> "Reflex 60" card reader or some such error.  So I can't read or write to 
> the card.  Is this the right tool to be using, or should I be using some 
> other piece of software?
> 
> I'm running RedHat 6.2 with the 2.4.0 kernel (stable).  I know this is a 
> really newbie-ish question, but I'm stumped.
> 
> Thanks for any help you can offer,
> Chris TenHarmsel

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Linux iButton support?

[Naomaru Itoi]

> (2)  The iButton development environment revolves around Java (not
> surprising), so JavaCard/OpenCard etc.  But I'm assuming that the PAM
> drivers will be C/C++.  Can I assume that "a smart card is just a smart
> card" and the iButton would respond to APDUs from C/C++ code (PAM .so's)
> on the PC side?

Yes.  As long as your application (PAM this case) sends APDUs, it's
fine. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE RNG's

[Naomaru Itoi]

What was your "simple tests"?  Did you find any tendencies?  Or is
that a secret?  

> The "get challenge" apdu, 0x84, normally returns a random number.  I once
> collected 160 bytes from a Payflex P1 card and ran some simple tests.  I
> don't know how the rng is implemented in Payflex, and it's probably a highly
> guarded secret.
> 
> If anyone wants to run some tests, the bits are here:
> 
> http://www.citi.umich.edu/projects/smartcard/mc1-noise-200k.bin

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Newbie!!!

[Naomaru Itoi]

I do most of my smartcard development work on Linux.  I personally
like it much better than smartcard environments on Windows because
it's more convenient and is free. 

reader: Todos Argos Mini and Towitoko Chipdrive
card: Schlumberger Cyberflex Access
development environment: 
  http://www.citi.umich.edu/projects/smartcard/cyberflex_starter/

Have fun, 

> Hello!
> 
> I am a total newbie regarding smartcards, but I'm very interestet
> in this tecnologie. What reader/writer and cards would you suggest
> , if I would like to use it with linux? The Problem is, that because I
> just do it for fun, I don't have a spechial task to do and so I like
> to have a system that I can use for many things! 
> Do you think it is a good idea anyway to use it with linux, or is the
> windows world more comfortable up to now (don't hope so)? 
> 
> Thanxx in advance

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE Cyberflex Access Starter Kit now available!

[Naomaru Itoi]

Thanks everyone for waiting so patiently.  Schlumberger has kindly
agreed to distribute all the software needed to program Cyberflex
Access freely.  It is now distributed by CITI, the University of
Michigan, in the following homepage. 

http://www.citi.umich.edu/projects/smartcard/cyberflex_starter/

Please send questions / comments to [EMAIL PROTECTED] .

Enjoy, 

--
/\
||
| ## |
| ##  Naomaru Itoi   |
||
\/
CITI Smartcard Group
http://www-personal.engin.umich.edu/~itoi
http://www.citi.umich.edu
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE cyberflex sdk for linux

[Naomaru Itoi]

> On Tue, Nov 14, 2000 at 06:04:56PM -0500, Jim Rees wrote:
> > The linux sdk was there two weeks ago, but now I can't find it.  Maybe it
> > has been removed now that Danny is gone.  You can put most of it together
> > yourself except for mksolo and the class files.  The Readme is still there
> > and describes what was in the sdk:
> > 
> > http://www.cyberflex.slb.com/Support/cyberflex_linux_readme.html
> 
> I found these the other day after poking around some.  
> 
> so anyway, don't I *need* mksolo & related classes in order to build
> cardlets with the Cyberflex Access 00 cards?

Yes, you do.  Class files are necessary to compile .java to .class,
and mksolo is necessary to convert .class to .bin.

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE selecting a cardlet

[Naomaru Itoi]

Hello,

First of all, you are using Cyberflex Access, correct?  I assume so in
the following. 

I think you are doing the right thing, and you have succeeded to
select the applet.  From my experience, Cyberflex Access does not
return information after you select an applet.  It does return info
after you select a file. 

Besides, what information do you want to obtain?

> I'm trying to select a cardlet with AID "niamh" and when I do the
> transmit I get 0x90 0x00 back in the return string.  According to the
> documentation I should be getting more information back or am I reading
> the docs incorrectly.
> 
> The byte sequence I'm sending is.
> 
>   s[0] = 0x00;
>   s[1] = 0xa4;
>   s[2] = 0x04;
>   s[3] = 0x00;
>   s[4] = 0x05;
>   s[5] = 0x6e;
>   s[6] = 0x69;
>   s[7] = 0x61;
>   s[8] = 0x6d;
>   s[9] = 0x68;
>   dwSendLength = 10;
> 
> Can anyone see anything obviously wrong here.
> 
> Cheers,
> Michael.
> 

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE smartcard uses?

[Naomaru Itoi]

Hello, Michael, 

> I was just wondering what sort of things people are actually using their
> 
> cards for.  What sort of end programs are being written etc.  I want to
> start programming them but I just want to find out what people are doing
> 
> first.

Some projects of ours are described here: 
http://www.citi.umich.edu/projects/smartcard/

Good luck. :) 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE A question about RSA padding

[Naomaru Itoi]

We have done something like that (Cyberflex Access & SSH 1.2.27).
Maybe our course homepage helps. 
http://www.citi.umich.edu/eecs598/ssh_sc.html.

Cyberflex pad the data with 0.  When your data is smaller than RSA key
size, it will be padded to:

0 0  ... 0 data

and then encrypted. 

We have some code to use RSA operation on Cyberflex.  I can send it to
you if you want. 

--
/\
||
| ## |
| ##  Naomaru Itoi   |
||
\/
CITI Smartcard Group
http://www-personal.engin.umich.edu/~itoi
http://www.citi.umich.edu


> Hello everyone,
> I think I'm in a little too deep with something I'm playing around
> with so I was wondering if anyone could help me out.
> I'm playing around with making openssh use my Cyberflex Access for
> authentication. Right now I'm just testing out my understanding of the
> smartcard and openssh so I'm writing a little test that gets the
> smartcard ready then attempts to decrypt a challenge.
> I start by creating the challenge as a BIGNUM.
> Next I call openssh's rsa_public_encrypt just like it would call in
> sshconnect. It expects a BIGNUM to encrypt and the public key. The
> problem here is that inside rsa_public_encrypt they call the openssl
> RSA functions to encrypt with PKCS1 padding which apparently is quite
> popular.
> Now I use the smartcard to decrypt using the ssp-lite call
> CSP_CK_Decrypt. Everything here seems to go alright, however I'm not
> sure if there is any way to specify padding when decrypting with the
> smartcard. I haven't found anything in the Cyberflex Programming
> reference.
> Anyway, so I go along my merry way and attempt to look at the output
> by converting the binary buffer back to a BIGNUM. When I print it out
> in hex I always get similar results. I get a long number that always
> has 02 at the beginning and whatever my initial challenge was at the
> end with a bunch of junk in between.
> So then I started looking at padding and that's where I am now. I was
> wondering if I could check the padding after I decrypt with the
> smartcard with RSA_padding_check_PKCS1_type2 type functions in openssl
> and if I can how do I use them?
> 
> Any tips would be appreciated.
> 
> Stephen Pellicer

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE readers that run faster than 9.6Kbps?

[Naomaru Itoi]

Hello,

Is there any smartcard reader that (1) runs faster than 9.6Kbps -
ideally runs at 105Kbps, and (2) has an IFD driver for Linux (on
MUSCLE)?

I know PC3 runs fast, but this is out of production.

Thank you, 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE ReadBinary EOF?

[Naomaru Itoi]

There is no way of knowing the data size (a.k.a. logical size of a
file) in the ISO 7816 file system.  Inconvenient.  I wish the
standarization group or some smartcard venders put logical size in the
file system meta data.

I think the best way of working this around is to store the logical
size in the first two bytes of the file. 

> I created a file called ABCD with length 500 bytes. I am able to write DER
> encoded DSA keys on it. The size of the keys vary from 490 to 496.
> 
> When calling ReadBinary, how do I know how many bytes of data
> are in a file? Calling GetResponse only gives the size of the file, but
> not how much data was written to it. 
> 
> The bytes that are not written to have value 0xff. For example, if I wrote
> 496 bytes to a 500 byte file, the last 4 bytes of the file have value
> 0xff. I guess I can use 0xff as a terminator much '\0' is used to
> terminate a string in C, but then I wouldnt be able to use 0xff as a data
> value.

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE response data from SelectFile

[Naomaru Itoi]

> Hi,
> 
> The cyberflex documentation indicates that response 
> data containing information about the selected file/directory
> is returned in a SelectFile command. How can I get this data?
> It is not in the recieve buffer of SCardTransmit(). Only a two byte
> status code is in the recieve buffer.  Do I have to send some
> other command to the card to get this data?
> 
> The cyberflex documentation on page 97 and page 115 talks about a
> Getreponse command, but I can't seem to find any documentation on this.
>

Issue get response APDU after select file APDU.
Example:

itoi@alice :) pay
pay> 2
1:3b 2:96 3:94 4:40 5:28 6:81 7:10 8:6 9:1 10:62 11:34 
pay> ic f0 a4 0 0 2 /* select 3f.00 */
Enter 2 data bytes (hex):
3f 0
61 17 ok; response available 17
pay> oc f0 c0 0 0 17/* get response for length 0x17 byte */
1:0 2:0 3:29 4:ba 5:3f 6:0 7:1 8:0 9:0 10:0 11:0 12:0 13:a 14:13 15:1 16:8 17:2 18:0 
19:83 20:83 21:0 22:0 23:0 /* reply */
90 00 ok
pay> q

> I'm coding base on the cyberflex documenation and the PC/SC-lite
> documentation.  Would the APDU command for cyberflex work for other
> smartcards like Bull?

Depends on which APDU commands you are talking about.  All the ISO
7816-4 compliant smartcards should understand select APDU and
get_response APDU, but I believe only Schlumberger smartcards return
file information after the select APDU.

Even though most of the smartcards speak ISO 7816-4, they often use
different CLA bytes. 

--
Concentration .. Naomaru Itoi
http://www.citi.umich.edu
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE smart card+PKI

[Naomaru Itoi]

Cyberflex Access has an impressively fast RSA coprocessor, too.  It
can do 1024 bit RSA decryption (signature) in about 2 seconds.  The
only other smartcard we tried was iButton, and this took about 7
seconds. 

We tried to purchase Java cards with RSA from Gemplus and G&D a half
year ago, but they were not shipping them then, and we have not heard
from them. 

> This library will work with both Cryptoflex and Cyberflex Access cards (they each 
>have RSA and 3DES support, while only Cryptoflex has key gen -- Access will have key 
>gen later this year).  It is a middleware that lies on top of PCSC-lite for Linux.  
>I'm
> pretty sure the API's will be the same as on Windows so that you can write programs 
>that talk to the same API on both Linux and Windows.

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE iButton progress?

[Naomaru Itoi]

> Would you consider sending a copy to others as well? In particular, I
> would like a copy. Thanks,

You can download it at:

http://www-personal.engin.umich.edu/~itoi/ibutton/ibutton.tar.gz

Thanks. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE iButton progress?

[Naomaru Itoi]

Mukesh Agrawal got an IFD driver for Java iButton working.
I will send it to you and David.  

Peter Lister: 
> Andreas Bogk said he'd started work on MUSCLE iButton support - is this
> specifically for the Java iButton, or just the 1-wire / MicroLAN I/O? I'd be
> quite interested just being able to get at the non-Java stuff.
> 
> If it's any help to porting ct-api or iBlab, I got the extremely crappy "linux"
> code from dalsemi to return the ID numbers of my iButtons. Works with RH 6.1.

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Security Design for PC/SC

[Naomaru Itoi]

Hi, David, 

This is not a suggestion for PC/SC, but is kind of related.  We are
trying to implement a protocol called EKE on Jim's IP stack on
smartcards.  EKE is a key distribution protocol which establishes a 
session key between two parties from a weak secret, such as a
password, shared between the parties.  We run EKE between a user's
workstation and a smartcard on a remote host.  This way, the
connection is end-to-end in that the messages are encrypted and
decrypted on the smartcard.  In secure RPC, encrypted messages are 
decrypted on the remote host, thus revealing messages to the remote
host.  

Another advantage of this approach is that since it is on IP, the
smartcard is named by its IP address, no matter on which machine the 
smartcard is plugged in.  In RPC case, smartcard's name is host's IP
address + serial port number (or reader number), which is location
dependent.  

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE IFD handler document?

[Naomaru Itoi]

Hello,

I am trying to write an IFD_Handler PC/SC driver.  Is there any spec /
document on how to write one?  Otherwise, I will start from David's
code.

Thanks. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Projects..

[Naomaru Itoi]

Hello, 

We at CITI, the University of Michigan, are doing research projects
like these:  

scfs, scfs/nt
  Smartcard filesystem.  It allows mounting smartcard files into
  UNIX file structure.  scfs/nt is implementation of scfs on
  Windows NT.  

smartcard web server
  Webserver runs on smartcard.  It has http/tcp/ip stacks on
  smartcard.

smartcard / Palm Pilot hardware & software
  Smartcard reader for Palm Pilot.  Applications on Palm to access 
  smartcards through the reader.

Kerberos/smartcard
  Kerberos client which does authentication with smartcard.
  It replaces password typing in Kerberos with smartcard for 
  convenience and better security (avoid dictionary attack).

SSH/smartcard
  SSH client which does authentication with smartcard. 

RaMaRK
  Cyberflex implementation of Randomly Mapped Remotely Keyed
  encryption.  It is a symmetric cipher that stores a key on
  smartcard, but does most of the computation on host for high 
  performance.

Linux development environment 
  Applet and key loader for Cyberflex on UNIX.  We plan to
  integrate MUSCLE pcsc-lite to this to support more card 
  readers.

Misc
  secure booting with smartcard, Kerberos server on secure
  coprocessor, RPC on secure coprocessor

Future work
  smartcard / PGP 2.6 integration, smartcard IP over PPP (no
  7816), smartcard protected files in Pilot, One-Time Password
  system with smartcard, smartcard reader for HandSpring.


Our homepage is www.citi.umich.edu.

Thanks.  I am eager to hear about other people's projects.  

--
Concentration .. Naomaru Itoi


> Date: Wed, 1 Mar 2000 09:15:09 -0800 (PST)
> From: Angie Mitchell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: MUSCLE Projects..
> 
> Hi all.. been on the list for a while not and I'm always seeing people
> that are having problems working on this or trying to make that work,
> etc..  and I'm curious what you're all working on.. if you don't mind
> sharing I'd be intrested in hearing what some of your are working on
> :)  thanks..
> 
> tda

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE driver for Java crypto iButtons?

[Naomaru Itoi]

Hell, 

Is anyone working on a pcsc-lite driver for Dallas Semiconductor's
Java crypto iButtons? 

If not, is there any starting point you would suggest?  

Thank you. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE CyberflexAccess Infos

[Naomaru Itoi]

Hi,

First of all, Cyberflex DES has a little problem.  Look at:

http://smartie.austin.apc.slb.com/forums/cybacjavadefload/66.html

> Hi all,
> 
> is there anyone with a few time to help me with my fist steps with this card
> ?
> I've just a few questions:
> 
> a) I've read from the docs about "key files":
>   0011 external key file
>   0001 internal key file
>   0012 secret key file
>   1012 public key file
>   Are these the only files usable for the EXTERNAL & INTERNAL AUTHENTICATE
>   cmds, or not ? What is the rule of the "key number (key_nb)" parameter
>   in such files and in the commands (if it uses always these files, it
>   does not need any number ?!?)
>   I need analogous explations about the second 2 files.

Each key file contains a number of keys.  key_nb is an index of a key
in the file.

> b) In order to do a INT/EXT AUTHENTICATE for a DES key, for example,
>what should I take as initial parameters for the algorythm
>(the IVs) ?
> 
> c) I was said the card should be able to SIGN something using the
>INT/EXT AUTH. cmds, specifying RSA as algo. Is it right ?
> 

I have not done internal / external authentication.

I can help you about DES more if you want, but not with in/ex auth. 

Thanks. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Advice...

[Naomaru Itoi]

Hi, Justin,

We in CITI use:

reader: Todos Argos Mini
smartcard:  Schlumberger Cyberflex Access

and we are fairly happy.  We develop all the applications on Linux
using Linux jdk, mksolo from Linux Schlumberger, and our own applet
loader: 
http://www.citi.umich.edu/projects/sinciti/smartcard/sc7816.html

> OK, I am new to the smartcard field, but I need to build a small demonstration
> of principle application over the next month or so. All it needs to do at the
> moment is read a smallish amount of data off the card, and sometimes write
> some new data back. In the future we might want to add some sort of crypto
> function, but we could use different cards for this. It needs to interface
> with some other Linux applications of course.
> 
> Can anyone recommend cards and readers to use that will be hassle free, quite
> cheap, have good Linux support (binary only kernel modules are no good as
> other factors dictate which kernel version we use, and I dont like them).

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

release sc7816 library (Re: MUSCLE MakeSolo for Cyberflex Access / JC2.1 ? )

[Naomaru Itoi]

We are happy to announce the sc7816 library, a package of routines for
talking to ISO 7816 smart cards.  One of its applications, called
"pay", can download compiled Java applet (*.bin) to Cyberflex Access.
Right now, the library supports Todos Argos Mini reader and dumb
readers.  We are integrating it with pcsc-lite to support more readers.  

You can find the source code and precompiled binary for RedHat Linux in:  
http://www.citi.umich.edu/projects/sinciti/smartcard/sc7816.html

Please send questions and comments to [EMAIL PROTECTED] .

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

DES signature of Cyberflex Access (Re: MUSCLE Help where do I find cardlet loaders for linux?)

[Naomaru Itoi]

Hi, Danny,

I tried out your mksolo on Linux ... works great with Cyberflex
Access.  Thanks!
(I think you should mention that you need -g with javac, though.)

Now the problem is loading the created .bin file to Cyberflex Access.
XCard-1.0 which you sent to us does not to seem to work with Towitoko
reader nor Cyberflex Access.  Therefore, I would like to implement the
applet loader on our text-based smartcard interface (probably on top
of pcsc-lite so that it will be reader independent).

I want to know how to compute applet's signature which is sent along
with the "manage program - validate" APDU (00 0a 0a 00 08 ...).  Is
this SHA1 hash of the whole program file encrypted with the signature
key or something? 

Thanks. 

> Date: Fri, 17 Dec 1999 15:48:29 -0600
> From: Danny Kumamoto <[EMAIL PROTECTED]>
> Organization: Schlumberger APC
> To: [EMAIL PROTECTED]
> Subject: Re: MUSCLE Help where do I find cardlet loaders for linux?
> 
> 
> Juan Olmedilla-Arregui wrote:
> 
> > I am thinking about buying some smartcard reader, possibly one from Schlumberger 
>or Gemplus, as well as some JavaCards from one of them again.
> >
> > My problem is that I do not want to spend too much money buying the SDK's as well, 
>and I thought that may be there are some carldlet loaders for these cards on Linux. 
>Something like the MakeSolo from Schlumberger but specific for Linux and 
>free-software.
> 
> I guess you've missed my previous reply but you're more than welcome to try to 
>implement it.  I'll send you stuff you need (mksolo + Access version of: class files 
>and map files needed to compile the binary file) and I can also email you the old 
>Cyberflex Open16K kit for Linux, as well.
> 
> Plenty of interests but no has been working on it (or else we'll see some 
>announcement here, no?)
> 
> Danny
> --
> [EMAIL PROTECTED]  Product Manager, Smart Cards, Schlumberger APC
> TEL/FAX: +1 512-331-3727 8311 N RR 620, Austin, TX 78726  U.S.A.
> 
> 
> ***
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE pcsc-lite

[Naomaru Itoi]

Hi, David,

> Date: Fri, 31 Dec 1999 15:43:48 -0500
> To: [EMAIL PROTECTED]
> From: David Corcoran <[EMAIL PROTECTED]>
> Subject: Re: MUSCLE pcsc-lite
> 
> Hello,
> 
> I removed the card driver from the web site because it worked with the old
> pcsc.  It was written in C++, used STL, and a bunch of other bloated and
> unportable stuff so I got rid of it.
> 
> This is what I was asking the other day.  Does anyone on the list think it
> would be appropriate to create a C API for card abstraction such as:
> 
> SCardDirectory
> SCardCreateFile
> SCardValidate
> SCardInvalidate
> ..
> 
> instead of the C++ API that Microsoft describes for card abstraction ?  All
> the crypto stuff will be done in PKCS-11.

Yes, I think this is a good idea.  This way, we can eliminate the
card dependency, and we no longer have to tailor APDUs for each type
of cards, right?  

I am happy to help you with a driver for Cyberflex Access, as it is
our main development platform right now.  Please let me know the
details of the C API you are planning.  

> Or I can use the Microsoft C++
> API but avoiding STL's and other nasty things.  The Microsoft API is the
> ISCardFileAccess class.

I think the advantage of providing C API is that there are a lot of C  
programs which can benefit from using pcsc-lite, e.g., Kerberos,
filesystem, ssh, and pgp.  What's the benefit of C++ API?  

> I will probably keep pcsc-lite as it is and make
> the SSP provider it's own middleware that uses pcsc-lite as a plugin to
> keep things pretty modular.
> 
> I'll try to have something ready by next week and a SSP driver that works
> with the Schlumberger Cryptoflex card ( I know it the best ).

That's cool.  

Thanks.

--
Concentration .. Naomaru Itoi

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE pcsc-lite

[Naomaru Itoi]

I made sure that "test" in pcsc-lite works on my RedHat-6.1.  Wow. :)

One thing I noticed was that there was no "card driver" posted on
the MUSCLE web site.  I think I saw a driver for Cyberflex Access 
there ... why did you remove it?  

Thanks. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE crypto JavaCard

[Naomaru Itoi]

Hi,

How about Cyberflex Access from Schlumberger?
It has DES, RSA, and SHA1 (what else?), and is Java programmable.
In addition, their development support (can ask questions about how to
program it) is pretty helpful.  

> Hi,
> 
> I am looking for a JavaCard which has a crypto engine on it.  Could somebody 
>recommend one? How about cards without crypto?
>
> ...
> JH



--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE Re: Chris Dee

[Naomaru Itoi]

Hi Chris,

I used G&D STARCOS 2.1 for Kerberos (this card is great for DES, it 
talks at 115KBps and has DES CBC chain mode) and Schlumberger
MultiFlex 8K for SSH & PGP.  Now I am looking at Schluberger Cyberflex 
Access to see if I can use it for both projects. 

> > http://www.citi.umich.edu/techreports/reports/citi-tr-98-7.ps.gz
> > and SSH, PGP with a smartcard (private keys stored in the card)
> > http://www.citi.umich.edu/techreports/reports/citi-tr-98-8.ps.gz.
> > (both will appear in USENIX/Smartcard workshop in Chicago in May)
> >
> > Although they are written in OpenBSD, if someone wants to, or wants me
> > to, extend them to Linux and integrate with PAM, I think we can do
> > that.  If we can use smartcards for Kerberos, SSH and PGP in Linux, I
> > think it would be great (secure and convenient) ...
> >
> > Pls. tell me what you think.
> 
> This sounds great. It's exactly what I was looking for. What type of
> smardcards did you use for these projects?
> 
> --
> -  Kind regards, Chris Dee... -- e-mail : [EMAIL PROTECTED]  -
> -  X75/V34/FAX = +31-(0)102409323 -- URL: http://www.xs4all.nl/~cd/  -
> -  Tired of rebooting Windows?-- Visit  : http://www.linux.org   -  

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE Bounced mail

[Naomaru Itoi]

Hi, this is Nao from the University of Michigan.

We did Kerberos authenticaion with a smartcard (user key stored in the card)
http://www.citi.umich.edu/techreports/reports/citi-tr-98-7.ps.gz
and SSH, PGP with a smartcard (private keys stored in the card)
http://www.citi.umich.edu/techreports/reports/citi-tr-98-8.ps.gz.
(both will appear in USENIX/Smartcard workshop in Chicago in May)

Although they are written in OpenBSD, if someone wants to, or wants me
to, extend them to Linux and integrate with PAM, I think we can do
that.  If we can use smartcards for Kerberos, SSH and PGP in Linux, I
think it would be great (secure and convenient) ... 

Pls. tell me what you think. 

--
Naomaru Itoi <[EMAIL PROTECTED]>
Ph.D. candidate / GSRA
http://www-personal.engin.umich.edu/~itoi/
Center for Information Technology Integration, University of Michigan
http://www.citi.umich.edu/


> I think we are *really* on to something here - a truly useful
> Linux/smartcard app.
> 
> At the moment, we are doing some work with smartcard authentication at UT,
> but for now it is restricted to NT 5 (build 1974).  I sure would like to get
> my Linux box into that loop & be 1 step ahead for the "stampede" Dennis
> talks about ;^).
> 
> Is there anyone working on card-based PAMs at this time?
> 
> Regards,
> 
> 
> 
> Eduardo
> 
> [EMAIL PROTECTED]
> 
> 
> -Original Message-
> From: Morten Norman <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Wednesday, March 03, 1999 11:50 AM
> Subject: Re: MUSCLE applications? (was: Re: Bouncer)
> 
> 
> >
> >>Single sign-on on Linux would be a valuable application.
> >>The market for this application is huge especially when
> >>the migration from NT to Linux becomes a stampede.
> >>
> >>Dennis Wier
> >
> >This gives some hope!
> >
> >There already is a demonstration PAM (Pluggable Authentication
> >Modules) application in MUSCLE!  I guess someone will extend it when it's
> >"application time".
> >
> >My experience of PAM is almost nil, but as I understand, most Linuxes
> >already uses it.  It's just that it asks for a password in the default
> >setup.
> >
> >Was it plug'n play they called it? :-)

***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE PC/SC Release 4 Out

[Naomaru Itoi]

Hello,

I installed your PC/SC (pcsc-src-0.0.4a) on my RedHat-5.2 Linux box.
Thanks for your hard work! :)

> Simple Create File for the ICCSP for Cryptoflex/Multiflex.
> 
> Remember:  You will have to add the correct ATR of the card you are
> planning on using in order for any of the applications to work.

So I am trying to use PC/SC with Multiflex 8K card, but it does not
recognize the card.  I think I put the correct ATR in card.conf file,
but PC/SC says the ATR does not match.  

This is what 'test' says:


snoopy :) ./test
../src/iccsp/common/SCard.c:143 Matching Card NOT Found
SCardComm.c:  96  Loading device:
SCardComm.c:  97  Port Requested: 4000a3c8 SCardComm.c:  98
Library Path:,AT(By
SCardComm.c: 105   Dlopen Handle: 0 
SCardComm.c: 108Dlerror reports: ,AT(By: cannot open shared object file: 
No such file or directory
A Matching ATR Card was not Found

Be sure to place a correct ATR in the above definition


This is the ATR of the card: 3b 32 15 0 6 80

And this is my card.conf file:

# Schlumberger Cryptoflex 4K
CARDNAMESLB_CRYPTO_4K
ATR 3B3215000680
#ATR3BE24903
LIBPATH 
/usr/local/src/pcsc-src-0.0.4a/src/iccsp/slb_crypto4k/libslb_crypto4k.so


This is my PCSC_CONFIG
snoopy :) env | grep PCSC
PCSC_CONFIG=/usr/local/src/pcsc-src-0.0.4a/etc/reader.conf


So what am I doing wrong?  PC/SC might not be looking at the card.conf
file?  Any advice would be appreciated.

Thanks!


--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

MUSCLE card insertion notification?

[Naomaru Itoi]

Hello, 

I am Naomaru Itoi, a graduate student in the University of Michigan,
doing research on smartcards.  I am trying to use MUSCLE software
... may I ask a question about it? 

Is there any way to receive notification when a smartcard is inserted
into a card reader with your PC/SC software?  I saw something like
that in Open Card Framework, but could not find it in PC/SC
specification ... 

Thanks. 

--
Concentration .. Naomaru Itoi
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***