- added README.Cryptoflex
- modified ChangeLog - _really_ bumped up the version number this time git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@192 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
c1cac5f311
commit
fd9c25eeed
|
@ -0,0 +1,95 @@
|
|||
|
||||
OpenSC supports the Cryptoflex cards beginning with version 0.5.0.
|
||||
|
||||
Cryptoflex specific features can be tested with cryptoflex-tool.
|
||||
Due to the publicly available datasheets, cryptoflex-tool also includes
|
||||
a PKCS #15 structure generator. At the moment all the encoded information
|
||||
is hardcoded in the source file, but editing the structures should
|
||||
be pretty straightforward.
|
||||
|
||||
Here are the steps to PKCS #15 structure generation:
|
||||
|
||||
WARNING: You should be using a very safe terminal when issuing the
|
||||
following commands.
|
||||
|
||||
0. If you don't have a Cryptoflex 16k, you will have to add the ATR of
|
||||
your card manually to the flex_atrs structure at the top of card-flex.c.
|
||||
The ATR can be found with 'opensc-tool -a' command.
|
||||
|
||||
1. Verify the AAK key and CHV2:
|
||||
|
||||
$ opensc-explorer
|
||||
OpenSC Explorer version 0.5.0
|
||||
Connecting to card in reader Towitoko Chipdrive Micro 0 0...
|
||||
Using card driver: Schlumberger Multiflex/Cryptoflex
|
||||
OpenSC [3F00]> ver KEY1 01:02:03:04:05:06:07:08 # replace these
|
||||
Code correct.
|
||||
OpenSC [3F00]> ver CHV2 31:32:33:34:00:00:00:00 # with your own values
|
||||
Code correct.
|
||||
|
||||
2. Create the CHV2 file, if not present:
|
||||
|
||||
$ cryptoflex-tool -P 2
|
||||
Connecting to card in reader Towitoko Chipdrive Micro 0 0...
|
||||
Using card driver: Schlumberger Multiflex/Cryptoflex
|
||||
Please enter CHV2: 1234
|
||||
Please enter PUK for CHV2: 12345678
|
||||
|
||||
3. Create the PKCS #15 structure
|
||||
|
||||
$ cryptoflex-tool -C
|
||||
Connecting to card in reader Towitoko Chipdrive Micro 0 0...
|
||||
Using card driver: Schlumberger Multiflex/Cryptoflex
|
||||
Please enter CHV1 (key 1): 1234
|
||||
Please enter PUK for CHV1 (key 1): 12345678
|
||||
Please enter CHV1 (key 2): 5678
|
||||
Please enter PUK for CHV1 (key 2): 12345678
|
||||
|
||||
4. Generate two 1024-bit RSA key pairs with openssl:
|
||||
|
||||
$ openssl genrsa -out key1.pem 1024
|
||||
Generating RSA private key, 1024 bit long modulus
|
||||
...........++++++
|
||||
...++++++
|
||||
e is 65537 (0x10001)
|
||||
$ openssl genrsa -out key2.pem 1024
|
||||
Generating RSA private key, 1024 bit long modulus
|
||||
.....................++++++
|
||||
....++++++
|
||||
e is 65537 (0x10001)
|
||||
|
||||
5. Create the files to hold the keys on the card:
|
||||
|
||||
$ cryptoflex-tool -a 5015 -c 1
|
||||
$ cryptoflex-tool -a 4b02 -c 1
|
||||
|
||||
6. Store the key pairs on the card:
|
||||
|
||||
$ cryptoflex-tool -a 5015 -p key1.pem -s -v # (enter CHV1 for key 1)
|
||||
$ cryptoflex-tool -a 4b02 -p key2.pem -s -v # (enter CHV1 for key 2)
|
||||
|
||||
6a. Check if the keys are working:
|
||||
|
||||
$ pkcs15-crypt -i <plaintext-file> -o <signed-data> -s --pkcs1
|
||||
Connecting to card in reader Towitoko Chipdrive Micro 0 0...
|
||||
Trying to find a PKCS#15 compatible card...
|
||||
Found OpenSC Test Card!
|
||||
Enter PIN [Authentication PIN]:
|
||||
PIN code correct.
|
||||
|
||||
7. Create two certificates with openssl. Name them cert1.crt and cert2.crt.This process is not in the scope
|
||||
of this document.
|
||||
|
||||
8. Store the DER-encoded certificates on the card (this process will be
|
||||
automated in the future):
|
||||
|
||||
$ opensc-explorer
|
||||
OpenSC Explorer version 0.5.0
|
||||
Connecting to card in reader Towitoko Chipdrive Micro 0 0...
|
||||
Using card driver: Schlumberger Multiflex/Cryptoflex
|
||||
OpenSC [3F00]> cd 5015
|
||||
OpenSC [3F00/5015]> create 4301 <size of cert1.crt>
|
||||
OpenSC [3F00/5015]> create 4302 <size of cert2.crt>
|
||||
OpenSC [3F00/5015]> put 4301 cert1.crt
|
||||
OpenSC [3F00/5015]> put 4302 cert2.crt
|
||||
|
|
@ -6,7 +6,7 @@ dnl $Id$
|
|||
AC_PREREQ(2.52)
|
||||
|
||||
AC_INIT(src/libopensc/sc.c)
|
||||
AM_INIT_AUTOMAKE(opensc, 0.4.0)
|
||||
AM_INIT_AUTOMAKE(opensc, 0.5.0)
|
||||
AM_CONFIG_HEADER(config.h)
|
||||
|
||||
AC_CANONICAL_HOST
|
||||
|
|
|
@ -189,6 +189,8 @@ struct sc_pkcs15_df {
|
|||
int count, record_length, type;
|
||||
};
|
||||
|
||||
#define SC_PKCS15_CARD_MAGIC 0x10203040
|
||||
|
||||
struct sc_pkcs15_card {
|
||||
struct sc_card *card;
|
||||
char *label;
|
||||
|
@ -212,6 +214,8 @@ struct sc_pkcs15_card {
|
|||
struct sc_pkcs15_df df[SC_PKCS15_DF_TYPE_COUNT];
|
||||
|
||||
int use_cache;
|
||||
|
||||
unsigned int magic;
|
||||
};
|
||||
|
||||
#define SC_PKCS15_CARD_FLAG_READONLY 0x01
|
||||
|
|
|
@ -151,6 +151,14 @@ int sc_pkcs15_encode_aodf_entry(struct sc_context *ctx,
|
|||
|
||||
void sc_pkcs15_print_pin_info(const struct sc_pkcs15_pin_info *pin)
|
||||
{
|
||||
const char *pin_flags[] = {
|
||||
"case-sensitive", "local", "change-disabled",
|
||||
"unblock-disabled", "initialized", "needs-padding",
|
||||
"unblockingPin", "soPin", "disable_allowed",
|
||||
"integrity-protected", "confidentiality-protected",
|
||||
"exchangeRefData"
|
||||
};
|
||||
const int pf_count = sizeof(pin_flags)/sizeof(pin_flags[0]);
|
||||
char path[SC_MAX_PATH_SIZE * 2 + 1];
|
||||
int i;
|
||||
char *p;
|
||||
|
@ -166,7 +174,12 @@ void sc_pkcs15_print_pin_info(const struct sc_pkcs15_pin_info *pin)
|
|||
printf("\tAuth ID : ");
|
||||
sc_pkcs15_print_id(&pin->auth_id);
|
||||
printf("\n");
|
||||
printf("\tFlags : 0x%X\n", pin->flags);
|
||||
printf("\tFlags : [0x%02X]", pin->flags);
|
||||
for (i = 0; i < pf_count; i++)
|
||||
if (pin->flags & (1 << i)) {
|
||||
printf(", %s", pin_flags[i]);
|
||||
}
|
||||
printf("\n");
|
||||
printf("\tLength : %d..%d\n", pin->min_length, pin->stored_length);
|
||||
printf("\tPad char : 0x%02X\n", pin->pad_char);
|
||||
printf("\tReference : %d\n", pin->reference);
|
||||
|
|
|
@ -189,6 +189,8 @@ struct sc_pkcs15_df {
|
|||
int count, record_length, type;
|
||||
};
|
||||
|
||||
#define SC_PKCS15_CARD_MAGIC 0x10203040
|
||||
|
||||
struct sc_pkcs15_card {
|
||||
struct sc_card *card;
|
||||
char *label;
|
||||
|
@ -212,6 +214,8 @@ struct sc_pkcs15_card {
|
|||
struct sc_pkcs15_df df[SC_PKCS15_DF_TYPE_COUNT];
|
||||
|
||||
int use_cache;
|
||||
|
||||
unsigned int magic;
|
||||
};
|
||||
|
||||
#define SC_PKCS15_CARD_FLAG_READONLY 0x01
|
||||
|
|
Loading…
Reference in New Issue