Re: Eutron regressions in 0.11.0 ?

 Am Montag, 29. Mai 2006 22:23 schrieb Nils Larsch:
> Wolfgang Glas wrote:
> ...
>
> > # pkcs15-init -E -C
> >
> > This command asked me for the unspecified PIN 115 (0x73) and I tried to
> > enter the factory default SO PIN several times, which was a fatal error,
> > because after contacting Eutron support I received their tool to reset
> > the token (see: doc/euton.html in the openct ditribution), but this tool
> > is unable to reset the token anyways, because I obviously blocked this
> > factory-default transport PIN, which is undocumented and a secret of
> > Siemens Italia.
>
> just out of curiosity: what does cardos-info give you ?


# cardos-info
Info : CardOS/M4.01a (C) Siemens AG 1994-2002
Chip type: 108
Serial number: 24 72 7b 03 1c 0a
Full prom dump:
33 66 00 1F DD DD DD DD 6C FF 24 72 7B 03 1C 0A 3f......l.$r{...
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
OS Version: 200.4 (that's CardOS M4.01a)
Current life cycle: 16 (operational)
Security Status of current DF:
Free memory : 1000
ATR Status: 0x0 ROM-ATR
Packages installed:
01 04 07 02 C8 04 01 04 13 04 C8 04 ............
Ram size: 4, Eeprom size: 32, cpu type: 66, chip config: 63
Free eeprom memory: 20596
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:
#
               
> > 6) However, when I try to generate a private key using opensc-0.11.0 and
> > the PIN I generated with opensc-0.9.6, I get the follwing errors:
> >
> > # pkcs15-init -G rsa/1024 -a 1 -i 46 -u sign
> > card-cardos.c:225:cardos_check_sw: invalid parameters in data field
> > card.c:376:sc_create_file: returning with: Incorrect parameters in APDU
> > Failed to generate key: Incorrect parameters in APDU
>
> would be interesting to see the APDU log (note: APDU logging needs to be
> enabled in the config due to security reasons) to find out what the exact
> problem is

... The APDU log of the above command for my ITSEC-I is in the file 
opensc-ITSEC-I.log located in the attached tar.gz archive.

> > Well, this is the traditional game over situation, so I gave up with the
> > ITSEC-I at this point. [cannot delete the content of the token, cannot
> > generate another private key :-( ]
>
> yep, it's rather simple to make a smartcard useless
>
> > 7) I switched over to the ITSEC-P token, which should be supported by
> > openct-0.6.7/opensc-0.11.0 and I successfully generated a pkcs15-
> > structure.

card-info is here:

# cardos-info
Received (SW1=0x6A, SW2=0x88)
#

> > 8) I successfully generated a PIN on the ITSEC-P using
> > openct-0.6.7/opensc-0.11.0:
> >
> > # pkcs15-init -P -a 1
> >
> > 9) However, I cannot generate any certificate using this token, here are
> > the corresponding errors:
> >
> > # pkcs15-init -G rsa/1024 -a 1 -i 45 -u sign
> > Security officer PIN required.
> > Please enter Security officer PIN:
> > iso7816.c:99:iso7816_check_sw: No precise diagnosis
> > card.c:686:sc_card_ctl: returning with: Card command failed
> > Failed to generate key: Card command failed
>
> again: a APDU log would be interesting

... The APDU log of the above command for my ITSEC-P is in the file 
opensc-ITSEC-P.log located in the attached tar.gz archive.

   Thanks for your answer, hopefully you can deduce some information out of 
the attached files.

   Wolfgang

-- 
Dr. Wolfgang Glas                          ev-i Informationstechnologie GmbH.
Geschäftsführer                            Sebastian-Kneipp-Weg 17
wolfgang.glas@xxxxxxx                      A-6020 Innsbruck/Austria
phone: +43-512-284883-2 +43-699-12665927 fax: +43-720-699931

opensc-ITSEC-logs.tar.gz
Description: application/tgz