Re: Netkey E4: detect if local pins are already set

Hi Christian!

> i can now use the NetKey E4 in my company to authenticate on
> firewalls to establish vpn-tunnels. I have to patch OpenSC for
> this to work (with the pristine version the wrong cert is grabbed),
> and to patch OpenSwan (take matching of cert-subject the firewall
> sends me against the id the firewall sends to me).
> Thanks for helping to get this work :)

What were the changes you had to apply? Which version of
OpenSC are you using?

> I remastered a knoppix with drivers for three cardreaders and the
> needed software, yet there are still some manual steps for the user
> to do after booting up - i try to strip the manual actions of
> the user down.
> 
> On every fresh NetKey E4-card the local-pins have to be set, on
> some of the cards here also unblock is needed.
> Is there a way for the script to test if the localpins  are already
> set? Right now i just order the user to execute the needed
> netkey-tool-commands "once on a fresh card".

On a fresh Netkey card the global PIN is in NULLPIN-state. All
other PINs are already set to random numbers. There's no
way to detect wether the local PINs are still set to their
initial random numbers or have been changed to some other
values.

You may detect a fresh card by the state of its global PIN.

  netkey-tool | grep NullPin

should do this job.

Peter
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192