Package: opensc Version: 0.11.4-5 I'm experimenting with a CryptoFlex eGate 32K USB token, using opensc with the openct framework. FWIW, this device has a security officer PIN (and separate PUK) set, as well as a single User PIN (and separate PUK).
I generated a private key on the card, created an X.509 CSR from it,
signed the CSR with an external CA, and inserted the new certificate
with pkcs15-init --load-certificate.
Then i decided i wanted the device to carry the CA's certificate as
well (though it would not have the CA's private key). I loaded the
CA's cert with --load-certificate as well. But then pkcs15-tool
--show-certificate indicated to me that the CA's certificate was not
marked as an Authority. So i tried to delete the CA's certificate
From the device, and it failed.
Next, i tried to load the same CA's cert but as an authority
explicitly, with:
pkcs15-init --store-certificate cacert.pem --authority
This worked, but i now have 3 certificates on the card instead of 2.
Here's a verbose transcript of a subsequent attempted certificate
delete:
0 pip:~# pkcs15-tool --list-certificate
pkcs15-tool --list-certificate
X.509 Certificate [Certificate]
Flags : 2
Authority: no
Path : 3f0050154545
ID : 45
X.509 Certificate [Certificate]
Flags : 2
Authority: no
Path : 3f0050154546
ID : 46
X.509 Certificate [Certificate]
Flags : 2
Authority: yes
Path : 3f0050154547
ID : 47
0 pip:~# pkcs15-init -D cert --id 46
pkcs15-init -D cert --id 46
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Incorrect parameters in the data
field
[pkcs15-init] card.c:388:sc_delete_file: returning with: Incorrect parameters
in APDU
[pkcs15-init] pkcs15-lib.c:2841:sc_pkcs15init_delete_object:
sc_pkcs15init_delete_by_path failed: -1205
[pkcs15-init] pkcs15-init.c:1213:do_delete_crypto_objects: Failed to delete
object 0: Incorrect parameters in APDU
Deleted 0 objects
Failed to delete object(s): Incorrect parameters in APDU
1 pip:~# pkcs15-init --finalize
pkcs15-init --finalize
Failed to finalizing card: Not supported
1 pip:~# pkcs15-init -D cert --id 46 --verbose --verbose
pkcs15-init -D cert --id 46 --verbose --verbose
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:204:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Connecting to card in reader Schlumberger E-Gate...
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:228:openct_reader_connect: called
[pkcs15-init] card.c:221:sc_connect_card: card info: Cryptoflex 32K e-gate,
2002, 0x1
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0
Using card driver Schlumberger Multiflex/Cryptoflex.
[pkcs15-init] reader-openct.c:420:openct_reader_lock: called
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15.c:706:sc_pkcs15_bind: called
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f002f00
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155031
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15.c:623:sc_pkcs15_bind_internal: The following DFs were
found:
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 8, path
3f0050154401, index 0, count -1
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 0, path
3f0050154402, index 0, count -1
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 1, path
3f0050154403, index 0, count -1
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 4, path
3f0050154404, index 0, count -1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155032
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
Found OpenSC Card
About to delete object(s).
[pkcs15-init] pkcs15.c:1599:sc_pkcs15_read_file: called, path=3f0050154404,
index=0, count=-1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154404
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15.c:1599:sc_pkcs15_read_file: called, path=3f0050154401,
index=0, count=-1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154401
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3261:sc_pkcs15init_authenticate: path=3f005015, op=2
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154546
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3261:sc_pkcs15init_authenticate: path=3f0050154546,
op=2
[pkcs15-init] card.c:383:sc_delete_file: called; type=0, path=4546
[pkcs15-init] card-flex.c:726:flex_delete_file: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Incorrect parameters in the data
field
[pkcs15-init] card.c:388:sc_delete_file: returning with: Incorrect parameters
in APDU
[pkcs15-init] pkcs15-lib.c:2841:sc_pkcs15init_delete_object:
sc_pkcs15init_delete_by_path failed: -1205
[pkcs15-init] pkcs15-init.c:1213:do_delete_crypto_objects: Failed to delete
object 0: Incorrect parameters in APDU
Deleted 0 objects
Failed to delete object(s): Incorrect parameters in APDU
[pkcs15-init] pkcs15.c:781:sc_pkcs15_unbind: called
[pkcs15-init] reader-openct.c:445:openct_reader_unlock: called
[pkcs15-init] card.c:236:sc_disconnect_card: called
[pkcs15-init] reader-openct.c:275:openct_reader_disconnect: called
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0
[pkcs15-init] ctx.c:738:sc_release_context: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:164:openct_reader_finish: called
1 pip:~#
I'm happy to provide more details, if they would be helpful.
--dkg
system info:
0 pip:~# dpkg -l opensc openct
dpkg -l opensc openct
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version
Description
+++-====================================-====================================-========================================================================================
ii openct 0.6.14-3
middleware framework for smart card terminals
ii opensc 0.11.4-5
SmartCard utilities with support for PKCS#15 compatible cards
0 pip:~# uname -a
uname -a
Linux pip 2.6.26-1-686 #1 SMP Thu Oct 9 15:18:09 UTC 2008 i686 GNU/Linux
0 pip:~# lsusb
lsusb
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 003: ID 0973:0001 Schlumberger e-gate Smart Card
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 04f2:b071 Chicony Electronics Co., Ltd
Bus 001 Device 002: ID 0951:1606 Kingston Technology
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
0 pip:~#
pgpDsT6aXITI8.pgp
Description: PGP signature
