opensc / opensc Goto Github PK

Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend

Home Page: https://github.com/OpenSC/OpenSC/wiki

License: GNU Lesser General Public License v2.1

Shell 1.10% Makefile 0.85% C 95.86% C++ 0.37% Lex 0.03% M4 1.30% Roff 0.19% AppleScript 0.01% Objective-C 0.24% Dockerfile 0.06%

pkcs11 minidriver tokend smartcard security c opensc

opensc's People

Contributors

Stargazers

Watchers

Forkers

vigsterkr marschap walt3r sae joelhockey xwhbin frankmorgner biiont viktortarasov jborg hongquan ludovicrousseau alediator flameeyes kalev cardcontact oltavic entersafe l1k ariadnext aktivco sjoblomt zhalas nmav dirkx germanblanco easyit solans poupas opendnie cagerton cbancroft bartoreebbo fiatflux chesney magujs geoffbeier raedchaabouni sunzhl1130 seciot mikma zone1511 halfnhav ttaylor249 kkhan-ksl commonism stavrossk kress-net metsma ramkumarchandran rainermetsvahi akatopaz qvicksilver thorbjornl daveenaughty martinvarga laurenttrk nabilnoaman mextor glubbered crazyj7 hean01 cristiantm oernii alexeyaa eighthave smartcrib superleo puccia cendioossman henryk consp fancycode szikora shootingatshadow andbil asmw dreamcat4 praseodym philipwendland promovicz kristofdpx maggocnx enavro sschutte resoli dengert ecordonnier neusdan bowlingb tc-anssi sxhao feiyue1206 sfff darconeous xelya shekharrajak fullxing zenmakerlab mbrossard

opensc's Issues

wrong link to svn repository in libp11 wiki

https://github.com/OpenSC/OpenSC/wiki/libp11-PKCS%2311-wrapper-library

OpenSC 0.13.0 is not working correctly with Feitian cards formatted in Windows

I found that OpenSC 0.13.0 opensc-pkcs11.so is not working correctly with Firefox. If i am compiling 0.13 - firefox asks for card PIN but not showing any certificates available. Also card fails with thunderbird and Java apps.

With 0.12.2 everything works as expected. I can provide additional information if needed.

A Slovakian eID card driver?

I am just started writing a driver for Slovakian eID for fun, despite there is a promise from authorities to provide some Linux support in future.

Because I am a naive newbie in opensc and smart cards and till now I have no technical specification for this card, I appreciate any information and help from community.

For now, the plan is to find suitable implementation of function from existing drivers and integrating them into the driver.

If you are interested you are welcome to join.

For now, there is only detection of card and only default iso 7816 functions.

/tools/opensc-tool --reader 0 --atr
3b:df:18:00:81:31:fe:58:00:31:b9:64:05:0e:01:00:73:b4:01:d3:00:00:00:22

varga@ntb-varga:src$ ./tools/opensc-tool --reader 0 --name
Slovakian eID

Martin

missing length check in openpgp-tool

do_userinfo in src/tools/openpgp-tool.c does not have any length checks on the locally created buffer buf. This will cause problems!

myeid.profile: Template insane

Hi,

Running pkcs15-init -C with an Aventra MyEID results in the error:

Couldn't bind to the card: Syntax error

Running pkcs15-init -C -vvv with the same card results in the error:

0x7fff752da180 00:39:46.140694538682402 [pkcs15-init] profile.c:375:sc_profile_load: profile /usr/local/Cellar/opensc/0.13.0/share/opensc/myeid.profile loaded ok
0x7fff752da180 00:39:46.034 [pkcs15-init] profile.c:2394:parse_error: /usr/local/Cellar/opensc/0.13.0/share/opensc/myeid.profile: Template insane: file-ids should be substantially different
0x7fff752da180 00:39:46.4294967330 [pkcs15-init] profile.c:385:sc_profile_load: returning with: -1501 (Syntax error)
0x7fff752da180 00:39:46.4294967330 [pkcs15-init] pkcs15-lib.c:368:sc_pkcs15init_bind: Failed to load profile 'myeid': Syntax error
0x7fff752da180 00:39:46.4294967330 [pkcs15-init] pkcs15-lib.c:379:sc_pkcs15init_bind: Load profile error: -1501 (Syntax error)

Examining the myeid.profile there are two files near the end, privdata and data both of which have file-id = 4501;.

Version 0.13.0 built on OS X 10.8.2 from source at http://sourceforge.net/projects/opensc/files/OpenSC/opensc-0.13.0/opensc-0.13.0.tar.gz

$ opensc-tool --info
opensc 0.13.0 [gcc  4.2.1 Compatible Apple Clang 4.1 ((tags/Apple/clang-421.11.66))]
Enabled features: zlib readline openssl pcsc(/System/Library/Frameworks/PCSC.framework/PCSC)

Thanks

Version check for pkcs15 module wrong

This doesn't work for newer version of OpenSC:
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-syn.c#L271

It could be replaced with something like this:
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/ctx.c#L373

default module for pkcs11-tool

There are many little technical details in the whole process of setting up and using an HSM with opensc, one seems to have a pretty simple answer: providing a default module so pkcs11-tool --list-slots does something by default. From what I read, the concern was the way it was originally implemented, it could be exploited. How about instead hardcoding a default module, i.e. /usr/lib/opensc-pkcs11.so and using that by default if it exists. Distros could then modify that path to the relevant location, i.e. /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so. I'd happily submit a patch to do this if devs here are willing to accept it.

I've been working to smooth out a lot of little details like this in the whole process, you can see the documentation of my efforts here:

race condition in PKCS#15 emulator of iasecc

In iasecc_file_convert_acls of src/pkcs15init/pkcs15-iasecc.c the acl object must not be modified Accessing it here means we have a race condition.

card-muscle.c invalid applet length for selection

Dear Community,
I'm currently playing with Open-SC with a musclecard applet on a smartcard. I'm struggled because OpenSC selects A0 00 00 00 01 instead of A0 00 00 00 01 01.
After checking the card-muscle.c in libopensc, I've just found out that:
line 84: if (msc_select_applet(card, muscleAppletId, 5) == 1) {
should be
if (msc_select_applet(card, muscleAppletId, sizeof(muscleAppletId)) == 1) {

What do you think ?
Many thanks,
Topaz

PKCS11-tool unable to write pem cetificates in softhsm

I am trying to write pem certificates in softhsm using pkcs11-tool but it feels that, pem based certificate are not supported by pkcs11-tool. pkcs11-tool can only write a DER certificate.

Openvpn implementation can only read pem/p12 certificates from any smart card or hsm. I need this to integrate with openvpn? please let me know if there is a way?

Regards,
Sanaullah

ePass2003 on Fedora 19/20

Happy Holidays ;)
At least for Fedora it seems the --enable-sm switch is required to get the card working. Is there a reason why this is not enabled by default? It means that "by default" the ePass2003 is not working...?!
Thanks in advance,
Chris

"Public key enumeration failed: File not found" when attempting to read public key

Apologies if this has already been answered somewhere, but I have been searching for a solution to this issue for the better part of the day with no luck. I'm hoping that you can help.

I am attempting to read a public key in SSH format from a US common access card on a Centos 6.5 system with OpenSC 0.12.2 installed from the EPEL repository.

I am using the following command:

pkcs15-tool --read-ssh-key 1

I am asked for my passphrase, then the command fails with the following output:

[adam.dorsey@333-05 ~]$ pkcs15-tool --read-ssh-key 1
Using reader with a card: SCM SCR 3310 00 00
Please enter PIN [PIV Card Holder pin]: 
Public key enumeration failed: File not found

I can provide debug output as well if this is needed.

C_WaitForSlotEvent() missed during PIN entry (C_OpenSession())

It seems that once C_OpenSession() is entered; the physical removal is not noted in the C_WaitForSlotEvent() (polling) loop.

So code like

  C_OpenSession
  if (PIN needed)
       ask for pin
  ...
  C_Login()

with a separate polling thread on C_WaitForSlotEvent() will not note the removal during that ask-pin period (but will do post C_Login()).

A work around is

  C_OpenSession
  if (PIN needed)
       C_CloseSession)
       ask for pin
       C_OpenSession
  ...
  C_Login()

but this does not help firefox/mozilla and the keychain tokend adaptor. The result is a hang in firefox.

Have EF.Dir but opensc go directly to 50515

I am new to 7816 file structure (I am experienced with JavaCard). I am trying to build a very simple P15 virtual smart card. I have an ER.Dir, when I execute
"pkcs15-tool --list-applications" 3F002F00 is selected and I respond with the following FCI information:
Incoming APDU data [ 24 bytes] =====================================
6F 10 83 02 2F 00 82 01 01 8A 01 05 8C 04 23 00 o.../.........#.
00 00 80 02 00 1A 90 00 ........
Since EF.Dir has a length of 0x1A, I thought that the tool would read/get data the contents of the file to find the rest of the pkcs15 files.
Am I suppose to return the contents of EF.Dir on selction? Please help. Thank you in advance.
Jon

Links in wiki are missing

https://www.opensc-project.org/files/opensc/OpenSC-0.12.2-10.6.dmg

The security certificate in www.opensc-project.org has expired

If I am not wrong, this is actually an issue with the software, since it breaks the compilation process when getting build-10.6.tar.gz.

SIGSEV when re-loading opensc-pkcs11.so

The following code can be used to reproduce

#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/engine.h>
#include <openssl/conf.h>

#define KEY_ID "slot_X-id_Y"
#define PIN "0000"

ENGINE *ENGINE_pkcs11(void)
{
    struct command
    {
        char *cmd;
        char *arg;
    } commands[] =
    {
        {"SO_PATH", "/opt/opensc/lib/engines/engine_pkcs11.so"},
        {"ID","pkcs11"},
//      {"LIST_ADD","1"},
        {"LOAD", NULL},
        {"MODULE_PATH","/opt/opensc/lib/opensc-pkcs11.so"},
        {"PIN", PIN},
        {"VERBOSE", NULL}
    };

    ENGINE_load_dynamic();
    ENGINE *e = ENGINE_by_id("dynamic");
    if( e == NULL )
    {
        perror("ENGINE_by_id");
        ERR_print_errors_fp(stderr);
        exit(1);
    }

    for (int i = 0; i < sizeof(commands) / sizeof(commands[0]); i++)
    {
        struct command *cmd = &commands[i];
        if( ENGINE_ctrl_cmd_string(e, cmd->cmd, cmd->arg, 0) != 1 )
        {
            printf("ENGINE_ctrl_cmd_string %s %s \n", cmd->cmd, cmd->arg);
            ERR_print_errors_fp(stderr);
            exit(1);
        }
    }
    return e;
}

int main() {

    ERR_load_crypto_strings();
    ENGINE_load_dynamic();

    ENGINE *e = ENGINE_pkcs11();

    for (int i=0; i<2; i++)
    {
        ENGINE_init(e);
        /* Read private key */
        EVP_PKEY *pkey = ENGINE_load_private_key(e, KEY_ID, NULL, NULL);
        if (pkey == NULL) {
            perror("ENGINE_load_private_key");
            ERR_print_errors_fp(stderr);
            exit(1);
        }
        EVP_PKEY_free(pkey);
        ENGINE_finish(e);
    }

    ENGINE_free(e);

#define CRASH_NOW 1
#ifdef CRASH_NOW
    SSL_CTX *ctx = NULL;
    ctx = SSL_CTX_new(TLSv1_2_method());
    SSL_CTX_free(ctx);
#endif

    /* OpenSSL cleanup */
    ERR_free_strings();
    ERR_remove_state(0);
    COMP_zlib_cleanup();
    CONF_modules_unload(1);
    OBJ_cleanup();
    OBJ_NAME_cleanup(-1);
    BIO_sock_cleanup();
    EVP_cleanup();

    /* if not CRASH_NOW - we will crash here */
    ENGINE_cleanup();

    CRYPTO_cleanup_all_ex_data();
    ERR_free_strings();
    ASN1_STRING_TABLE_cleanup();
    CRYPTO_set_locking_callback(NULL);
    RAND_cleanup();
    // The SSL compression method stack doesn't get freed properly by any of the functions above.
    // This was necessary as of 1.0.0-beta3, but may be fixed.
    sk_pop_free((_STACK *)SSL_COMP_get_compression_methods(), free);

    return (0);
}

Set your keyid and pin, compile with

gcc -O0 -g -std=c99 -Wall -Werror gost.c -o gost -lcrypto -lssl

run and it'll crash, maybe not directly but you can see the memory corruption with valgrind

If CRASH_NOW is set, valgrind will provide a trace similar to

==30882== Invalid read of size 8
==30882==    at 0x4F0EF53: look_str_cb (tb_asnmth.c:216)
==30882==    by 0x4F1BDDE: lh_doall_arg (lhash.c:292)
==30882==    by 0x4F0D71B: engine_table_doall (eng_table.c:349)
==30882==    by 0x4F0F312: ENGINE_pkey_asn1_find_str (tb_asnmth.c:236)
==30882==    by 0x4F417C4: EVP_PKEY_asn1_find_str (ameth_lib.c:213)
==30882==    by 0x524A2E3: get_optional_pkey_id (ssl_ciph.c:356)
==30882==    by 0x524B41E: ssl_create_cipher_list (ssl_ciph.c:733)
==30882==    by 0x5244D2F: SSL_CTX_new (ssl_lib.c:1762)
==30882==    by 0x4011EC: main (gost.c:79)
==30882==  Address 0x5cbd980 is 96 bytes inside a block of size 216 free'd
==30882==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30882==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==30882==    by 0x4F0BB67: engine_free_util (eng_lib.c:136)
==30882==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==30882==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==30882==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==30882==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==30882==    by 0x6464D35: ???
==30882==    by 0x6464A68: ???
==30882==    by 0x6466AB5: ???
==30882==    by 0x6461D58: ???
==30882==    by 0x646218E: ???

in case it is not set, it will fault in ENGINE_cleanup() similar to

--4389-- Discarding syms at 0x624be50-0x62507d8 in /opt/opensc/lib/libp11.so.2.2.0 due to munmap()
==4389== Invalid read of size 1
==4389==    at 0x4F2D535: EVP_PKEY_meth_free (pmeth_lib.c:293)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D25C: int_cleanup_cb_LHASH_DOALL (eng_table.c:220)
==4389==    by 0x4F1BD6C: lh_doall (lhash.c:294)
==4389==    by 0x4F0D582: engine_table_cleanup (eng_table.c:230)
==4389==    by 0x4F0B8C5: engine_cleanup_cb_free (eng_lib.c:186)
==4389==    by 0x4F1B47F: sk_pop_free (stack.c:283)
==4389==    by 0x4F0BC71: ENGINE_cleanup (eng_lib.c:193)
==4389==    by 0x401103: main (gost.c:98)
==4389==  Address 0x5d08634 is 4 bytes inside a block of size 208 free'd
==4389==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==4389==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==4389==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==4389==    by 0x6464D2F: ???
==4389==    by 0x6464A68: ???
==4389==    by 0x6466A75: ???
==4389==    by 0x6461D58: ???
==4389== 
==4389== Invalid free() / delete / delete[] / realloc()
==4389==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D25C: int_cleanup_cb_LHASH_DOALL (eng_table.c:220)
==4389==    by 0x4F1BD6C: lh_doall (lhash.c:294)
==4389==    by 0x4F0D582: engine_table_cleanup (eng_table.c:230)
==4389==    by 0x4F0B8C5: engine_cleanup_cb_free (eng_lib.c:186)
==4389==    by 0x4F1B47F: sk_pop_free (stack.c:283)
==4389==    by 0x4F0BC71: ENGINE_cleanup (eng_lib.c:193)
==4389==    by 0x401103: main (gost.c:98)
==4389==  Address 0x5d08630 is 0 bytes inside a block of size 208 free'd
==4389==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4389==    by 0x4E933EC: CRYPTO_free (mem.c:397)
==4389==    by 0x4F0EE94: engine_pkey_meths_free (tb_pkmeth.c:163)
==4389==    by 0x4F0BB35: engine_free_util (eng_lib.c:129)
==4389==    by 0x4F0C79B: engine_unlocked_finish (eng_init.c:112)
==4389==    by 0x4F0D3C1: engine_table_register (eng_table.c:178)
==4389==    by 0x4F0F091: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==4389==    by 0x4F0E007: ENGINE_set_default (eng_fat.c:96)
==4389==    by 0x6464D2F: ???
==4389==    by 0x6464A68: ???
==4389==    by 0x6466A75: ???
==4389==    by 0x6461D58: ???

The problem is in OpenSSL here.

#include <openssl/engine.h>
#include <openssl/ssl.h>

#define GOST    "gost"

void load(void)
{
    ENGINE *e = ENGINE_by_id(GOST);
    ENGINE_set_default(e, ENGINE_METHOD_ALL);
    ENGINE_free(e);
}

int main(void)
{
    ENGINE_load_builtin_engines();
    load();
    load();
    SSL_CTX *ctx = SSL_CTX_new(SSLv3_client_method());
    return 0;
}

crashes the same way without using OpenSC at all.

The actual problem is in the gost engine.
The gost engine uses global statics,which do not get unregistered when unloading the engine.
Loading/ENGINE_set_default gost the first time, things get initialized and registered within OpenSSL, doing it the second time, gost gets finished without unregistering the registered 'things', but they get free'd.
This way, loading gost twice destroys OpenSSL internally.

To OpenSC this is a real problem.
ENGINE_init for a engine_pkcs11 will load opensc-pkcs11.so.
Loading opensc-pkcs11.so loads gost in sc_pkcs11_register_openssl_mechanisms().
ENGINE_finish() for will call the engine_pkcs11 pkcs11_finish, which will unmapp the pkcs11 library opensc-pkcs11.so.
Second time ENGINE_init is called, gost is loaded and set default the second time, things break.

This can be fixed in OpenSSL, it should be fixed in OpenSSL.
I provided different patches patching it in multiple ways in OpenSSL, no patch was accepted by OpenSSL.

Therefore I propose to remove gost from OpenSC, using it breaks everything else.
Just do not load it, it'll be broken, but does not work reliable anyway and OpenSC is the wrong scope for repair.

card-atrust-acos should be renamed to card-acos

The driver for smartcards Mentioned in the title are named incoreectly. ACOS is the operationg system of the card (produced by AustriaCard), atrust is the name of an Austrian CA which only uses these cards.
To be in accordance with the other naming schemes, the driver should be renamed to card-acos.

x509 ertificates not working

Hello,
I am working with the Spanish DNIe and opensc 0.13.0.
Everything seems to work, as long as the changes in commit 98db499 (pkcs15: 'issuer' and 'subject' have to be DER encoded sequence) are reverted!
It did take me some time to figure that out.
So my guess now is that either there is a mistake in that change or the certificate stored in the DNIe card stores subject and issuer in an special way.
Could anybody please tell me if this change works for other certificates stored in a smart card?
Regards,
Germán Blanco.

Failed to connect to card: Unresponsive card (correctly inserted?)

user@user:~$ opensc-tool --serial
Using reader with a card: SCM SCR 355 [CCID Interface] 00 00
Failed to connect to card: Unresponsive card (correctly inserted?)

I am using a SLE 4428 card I got off ebay. I believe the card is completely blank and has nothing on it. No matter what command I issue, if it tries to do anything with the card I get that error. I have spent hours on google and cant find any solutions. Anyone know how to fix this? Only used this for install "sudo apt-get install libpcsclite1 pcscd pcsc-tools
".

OS: Ubuntu 12.04
Reader: SCM Microsystems SCR3310
Card: SLE 4428

Support for 10.8

Hello,

I'm stuck at problem, gettin ePass2003 to work with 10.8

Steps I tried:

Installing https://www.opensc-project.org/files/macosx/OpenSC-0.13.0.dmg
- opensc-tool -D not listing epass2003 driver
Installing opensc package from Homebrew
- again, although it's 0.13.0 it does not contain epass2003 driver
Installing pre-built package 0.12.2-10.8.dmg from http://blog.irq0.org/09-16-2012/etokens-slash-smartcards-on-os-x-10-dot-8.html
- opensc-tool -D not listing epass2003, but now it's correct, as support for epass2003 was added ion 0.13.0

Building OpenSC from git

git clone git://github.com/OpenSC/OpenSC.git cd OpenSC ./MacOSX/build
As a fix I linked MacOSX10.8.sdk to /Developer/SDKs/MacOSX10.6.sdk
I've tried to add --enable-sm --enable-openssh --enable-pcsc flags

fails on building OpenSC.tokend

OpenSC.tokend/build/security_cdsa_utilities.framework/Headers/handletemplates.h:132:17: error: use 'template' keyword to treat 'findAllRefs' as a dependent template name
state().findAllRefs<Subtype>(refs);
        ^
        template 
1 error generated.```

Is there any possible pre-built package for use with 10.8 or step-by-step tutorial for building under new SDKs ?

I've found some possible problems between newest SDK and tokend library, but no tutorial to fix build.

I've installed `libusb 1.0.9` from Homebrew, newest `libccid` installed by tutorial on http://www.gooze.eu/howto/smartcard-quickstarter-guide/installing-libusb-and-upgrading-libccid

I've also installed SmartCardServices v2.0b1 via provided installer: http://smartcardservices.macosforge.org/post/os-x-lion-smartcardservices-installer-v20b1-beta/

SIGSEGV in sc_asn1_read_tag when parsing malformed ASN.1 data

The issue is on this line:
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/asn1.c#L68

When passing in an object starting with 00 or FF the function returns SC_SUCCESS with an uninitialized tag_out and taglen.
Most caller like pgp_enumerate_blob will call the function again after adding the uninitialized length to the pointer resulting in a SIGSEGV.

I can see three ways to fix it (I'd prefer the first one):
A) Don't treat 00 or FF as special tag values (I don't see why they should be by reading ITU X.690 but I might have missed something).

B) Return an error instead of SC_SUCCESS

C) Set tag_out = 0, tag_len = 0 and modify all callers so they don't enter an infinite loop in that situation (least favored fix).

What is the best way to fix it? Send you a patch?

New location of sca-0.2.8.dmg

Hello,

I just can't find this file:

http://www.opensc-project.org/files/sca/sca-0.2.8.dmg

Where is the new location?
Thanks!

opensc 0.13 for windows compilation

Hi,

is there any clear instruction available for compiling opensc 0.13 for windows? I am trying to cross compile it using Mingw in linux but getting errors.

Regards,
Sanaullah

Memory corruption with firefox

I have found that the opensc-pkcs11 plugin induces memory corruption in firefox 28 on a Feora 20 system.
This happens both with the distribution package AND with a recompiled version of the latest git checkout.

Authentication with the smartcard is succesful and the browser prompts correctly for the certificate therein stored; however, as soon as the certificate is shown it seems that the memory gets corrupted and I get either

a) a segmentation fault on part of the browser
b) first the error message
Received incorrect handshakes hash values from peer. (Error code: ssl_error_bad_handshake_hash_value)
followed by
security library: memory allocation failure. (Error code: sec_error_no_memory)

The reference for the bug on fedora bugzilla is
https://bugzilla.redhat.com/show_bug.cgi?id=1089476

Can't use pinpad with gnupg card

I'm using the GPGv2 card for SSH. Entering the PIN through the terminal works fine, but if I leave the PIN blank and press ok (which triggers pinpad input as far as I know), the PIN isn't requested via pinpad.

My Reader: Cherry GmbH SmartTerminal ST-2xxx

Supports Extended Length APDU
Has a pinpad
Has no display
Supports variable length pin input

I'm using opensc 0.13

Log:

0x7fea12807800 15:03:36.791 [opensc-pkcs11] pkcs11-session.c:259:C_Login: C_Login(0x7fea1407cfe0, 1)
0x7fea12807800 15:03:36.791 [opensc-pkcs11] pkcs15-pin.c:293:sc_pkcs15_verify_pin: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN((nil);len:0)
0x7fea12807800 15:03:36.791 [opensc-pkcs11] pkcs15-pin.c:295:sc_pkcs15_verify_pin: Auth(type:0;method:1)
0x7fea12807800 15:03:36.791 [opensc-pkcs11] pkcs15-pin.c:299:sc_pkcs15_verify_pin: PIN value validated
0x7fea12807800 15:03:36.791 [opensc-pkcs11] card.c:315:sc_lock: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] reader-pcsc.c:517:pcsc_lock: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] card.c:610:sc_select_file: called; type=2, path=3f00
0x7fea12807800 15:03:36.791 [opensc-pkcs11] card-openpgp.c:904:pgp_select_file: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x7fea12807800 15:03:36.791 [opensc-pkcs11] card.c:638:sc_select_file: returning with: 0 (Success)
0x7fea12807800 15:03:36.791 [opensc-pkcs11] sec.c:157:sc_pin_cmd: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] card-openpgp.c:1239:pgp_pin_cmd: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] reader-pcsc.c:1614:pcsc_pin_cmd: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7fea12807800 15:03:36.791 [opensc-pkcs11] reader-pcsc.c:1655:pcsc_pin_cmd: PC/SC v2 pinpad block: 1e:1e:02:00:00:20:06:02:00:00:00:00:00:00:00:05:00:00:00:00:20:00:82:00
0x7fea12807800 15:03:36.791 [opensc-pkcs11] reader-pcsc.c:182:pcsc_internal_transmit: called
0x7fea12807800 15:03:36.843 [opensc-pkcs11] reader-pcsc.c:208:pcsc_internal_transmit: Cherry GmbH SmartTerminal ST-2xxx [Vendor Interface] (000004fa) 00 00:SCardTransmit/Control failed: 0x80100016
0x7fea12807800 15:03:36.843 [opensc-pkcs11] reader-pcsc.c:370:pcsc_detect_card_presence: called
0x7fea12807800 15:03:36.843 [opensc-pkcs11] reader-pcsc.c:283:refresh_attributes: Cherry GmbH SmartTerminal ST-2xxx [Vendor Interface] (000004fa) 00 00 check
0x7fea12807800 15:03:36.843 [opensc-pkcs11] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0x7fea12807800 15:03:36.843 [opensc-pkcs11] reader-pcsc.c:375:pcsc_detect_card_presence: returning with: 1
0x7fea12807800 15:03:36.843 [opensc-pkcs11] reader-pcsc.c:370:pcsc_detect_card_presence: called
0x7fea12807800 15:03:36.844 [opensc-pkcs11] reader-pcsc.c:283:refresh_attributes: Cherry GmbH SmartTerminal ST-2xxx [Vendor Interface] (000004fa) 00 00 check
0x7fea12807800 15:03:36.844 [opensc-pkcs11] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0x7fea12807800 15:03:36.844 [opensc-pkcs11] reader-pcsc.c:375:pcsc_detect_card_presence: returning with: 1
0x7fea12807800 15:03:36.844 [opensc-pkcs11] reader-pcsc.c:1659:pcsc_pin_cmd: PC/SC v2 pinpad: block transmit failed!: -1107 (Transmit failed)
0x7fea12807800 15:03:36.844 [opensc-pkcs11] iso7816.c:1001:iso7816_pin_cmd: APDU transmit failed: -1107 (Transmit failed)
0x7fea12807800 15:03:36.844 [opensc-pkcs11] card-openpgp.c:1266:pgp_pin_cmd: returning with: -1107 (Transmit failed)
0x7fea12807800 15:03:36.844 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: -1107 (Transmit failed)
0x7fea12807800 15:03:36.844 [opensc-pkcs11] pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1107
0x7fea12807800 15:03:36.844 [opensc-pkcs11] card.c:353:sc_unlock: called
0x7fea12807800 15:03:36.844 [opensc-pkcs11] reader-pcsc.c:554:pcsc_unlock: called
0x7fea12807800 15:03:36.848 [opensc-pkcs11] pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: -1107 (Transmit failed)
0x7fea12807800 15:03:36.848 [opensc-pkcs11] framework-pkcs15.c:1464:pkcs15_login: PKCS15 verify PIN returned -1107
0x7fea12807800 15:03:36.848 [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc return value: -1107 (Transmit failed)

Error while linking sample program with opensc-pkcs11

I have written a sample program in C++ by using libopensc-pkcs11.so library in Red Hat linux. My program takes a string as input and encrypts the input string and decrypts the encrypted string. My program is compiled successfully but error is occuring while linking and the symbols 'C_DecryptInit','C_Decrypt', 'C_EncryptInit','C_Encrypt' are not found.

Following is the error log during linking:

CAESHandlerImplSolaris.o: In function CAESHandlerImplSolaris::decrypt(unsigned char const*)': CAESHandlerImplSolaris.cpp:(.text+0x1c6): undefined reference toC_DecryptInit' CAESHandlerImplSolaris.cpp:(.text+0x25c): undefined reference to C_Decrypt' CAESHandlerImplSolaris.o: In functionCAESHandlerImplSolaris::encrypt(unsigned char const*)': CAESHandlerImplSolaris.cpp:(.text+0x41b): undefined reference to C_EncryptInit' CAESHandlerImplSolaris.cpp:(.text+0x4ba): undefined reference toC_Encrypt' CAESHandlerImplSolaris.o: In function CAESHandlerImplSolaris::initializeSession()': CAESHandlerImplSolaris.cpp:(.text+0x8dd): undefined reference toC_Initialize' CAESHandlerImplSolaris.cpp:(.text+0x95c): undefined reference to C_GetSlotList' CAESHandlerImplSolaris.cpp:(.text+0x998): undefined reference toC_GetSlotList' CAESHandlerImplSolaris.cpp:(.text+0xa7c): undefined reference to C_OpenSession' CAESHandlerImplSolaris.cpp:(.text+0xaef): undefined reference toC_GetMechanismInfo' CAESHandlerImplSolaris.cpp:(.text+0xb81): undefined reference to C_CreateObject' CAESHandlerImplSolaris.cpp:(.text+0xbfa): undefined reference toC_DestroyObject' CAESHandlerImplSolaris.cpp:(.text+0xc0a): undefined reference to C_CloseSession' CAESHandlerImplSolaris.o: In functionCAESHandlerImplSolaris::~CAESHandlerImplSolaris()': CAESHandlerImplSolaris.cpp:(.text+0xd69): undefined reference to C_DestroyObject' CAESHandlerImplSolaris.cpp:(.text+0xdb0): undefined reference toC_CloseSession' CAESHandlerImplSolaris.o: In function CAESHandlerImplSolaris::~CAESHandlerImplSolaris()': CAESHandlerImplSolaris.cpp:(.text+0xeb1): undefined reference toC_DestroyObject' CAESHandlerImplSolaris.cpp:(.text+0xef8): undefined reference to C_CloseSession' CAESHandlerImplSolaris.o: In functionCAESHandlerImplSolaris::~CAESHandlerImplSolaris()': CAESHandlerImplSolaris.cpp:(.text+0xff9): undefined reference to C_DestroyObject' CAESHandlerImplSolaris.cpp:(.text+0x1040): undefined reference toC_CloseSession' main.o: In function main': main.cpp:(.text+0x69d): undefined reference toC_Finalize' main.cpp:(.text+0x758): undefined reference to `C_Finalize' collect2: ld returned 1 exit status

I have provided the following libraries during linking : opensc-pkcs11.so, pkcs11-spy.so, libopensc.so.

Please suggest me if I am missing anything.

Thanks in advance AnjanN

Multiple PINs on ASEPCOS broken

Attempting to utilize multiple PINs (e.g. one for signature, one for general authentication) for PKCS#15 with OpenSC on an Athena ASEPCOS card fails: The correct PIN is requested, as indicated by the PKCS#15 structure, but the card gives "Security status not satisfied" when trying to use a key that was supposed to be protected by PINs other than the first one created.

Software: Ubuntu 14.04 LTS fully updated, including

pcscd 1.8.10-1ubuntu1,
libccid 1.4.15-1,
opensc 0.13.0-3ubuntu4.

Hardware:

Lenovo Thinkpad Integrated Smart Card Reader (USB 17ef:1003) through libccid,
ASECard with ATR 3B D6 18 00 81 B1 80 7D 1F 03 80 51 00 61 10 30 8F

Steps to reproduce:

Set up a new card

(Starting with an empty card, e.g. calling pkcs15-init -E if necessary)

pkcs15-init -C -T --so-pin 12345678 --so-puk 87654321
pkcs15-init -P -l "Auth PIN" -a 1 --pin 123456 --puk 654321 --so-pin 12345678
pkcs15-init -P -l "Sign PIN" -a 2 --pin 11223344 --puk 44332211 --so-pin 12345678
pkcs15-init -G rsa/1024 -a 2 -i 1 -u sign -l "Sign key" --pin 123456 --so-pin 12345678
pkcs15-init -G rsa/1024 -a 1 -i 3 -u sign -l "Auth key" --pin 123456 --so-pin 12345678

(Note how even generating both keys requires only the first created PIN. This may be by design, I'm not sure, or may be related to the issue I'm reporting)

Sign something with a key protected by the first PIN

echo "Foo" > sign-in
pkcs15-crypt -k 3 -s --pkcs1 -i sign-in -o sign-out

Sign something with a key protected by the second PIN

pkcs15-crypt -k 1 -s --pkcs1 -i sign-in -o sign-out

Actual results

When using the key 3, which is protected by PIN 1, this PIN is requested and the signature is performed.

When using key 1, which should by protected by PIN 2, this PIN is requested and the signature fails. The card issues the error "Security status not satisfied".

Note: This behaviour is reversed when the PINs are created in reversed order (then one also needs PIN 2 – now the first one created – to generate the keys).

Expected results

Using key 1 with PIN 2 should work, using key 3 with PIN 1 should work, regardless of the order they were created in.

Further information

When I use an APDU shell and manually verify PIN 1 before trying to use key 1, I can actually use key 1. Thus, I believe the ASEPCOS driver set the wrong ACLs on the key. I have no ASEPCOS documentation, so I can't check. This report is already way too long, and github doesn't allow attachments, so I've pasted the outputs of pkcs15-tool -D, and opensc-explorer info for both key files here: https://gist.github.com/henryk/0ff6a78d2d8cf387f871

I also have a full APDU log for all three processes (creation, failing signature, working signature here: https://gist.github.com/henryk/b6f8e7fb1bc81ba8ea09

openssl req -engine pkcs11 fails with PKCS11_get_private_key returned NULL

Forked off Issue #202. With the latest master, openssl req fails with out Aventra cards:

openssl req -engine pkcs11 -new -key slot_01 -keyform engine -x509 -out /tmp/tmp.dOrPFR1LVU/cert.pem -text -config /tmp/tmp.dOrPFR1LVU/openssl.cnf
initializing engine
engine "pkcs11" set.
Looking in slot 1 for key:
Found 2 slots
[18446744073709551615] Virtual hotplug slot no tok
[1] OmniKey CardMan 3121 00 0 login (MyEID (Basic PIN))
Found slot: OmniKey CardMan 3121 00 00
Found token: MyEID (Basic PIN)
Found 0 certificate:
Found 1 key:
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
139781956970312:error:80028012:PKCS11 library:PKCS11_get_attribute:Attribute type invalid:p11_attr.c:53:
139781956970312:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:eng_pkey.c:126:
unable to load Private Key

Due to issue #202, and since the fix 5437f87 contain a lot of unrelated stuff, it's difficult to use "git bisect" to find the problem.

OpenSC formatted Starcos 2.3 smartcard cannot be initialized

I've reported a regression against Ubuntu, but this bug is also present with
e8eb4cd.

The issue copied here is:

What happened
Erasing and initializing a Starcos 2.3 smartcard returns the error:
Error -1211: Security status not satisfied
Test case
$ pkcs15-init -E
$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --label "Test"

I've bisected the issue with the OpenSC git project and found that the first bad commit is:
1d82e8a

Here is a link to the Launchpad bug:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1166500

pscs_scan output will be attached to the Launchpad bug.

Thanks,
--chris j arges

OpenPGP v2 fails to store certificate

Hi,

I have a virgin OpenPGP card. When I try to store a certificate with opensc 0.13.0, I get a "transfer failed". From all what I've read in the net, it should be possile to do it via "pkcs15-init --store-certificate cert.crt --id 3 --auth-id 3 --so-pin 12345678" (I use the default PIN of a freshly reset card, and the verbose output below contains real but throw-away cert data to make sure I have a real copy&paste and real data). The cert was created via "openssl genrsa -out cert.key 4096; openssl req -new -x509 -days 1826 -key cert.key -out cert.crt". If I try the same with a p12 file, the key is stored but the certificate fails to be stored on the card. Generating keys on the card itself works, so I assume the card reader and the card itself are OK.

Verbose error message:
---snip---
0x802006400 14:32:35.576 [pkcs15-init] sc.c:231:sc_detect_card_presence: called
0x802006400 14:32:35.577 [pkcs15-init] reader-pcsc.c:370:pcsc_detect_card_presence: called
0x802006400 14:32:35.577 [pkcs15-init] reader-pcsc.c:283:refresh_attributes: REINER SCT cyberJack ecom_a (2457677771) 00 00 check
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:375:pcsc_detect_card_presence: returning with: 1
0x802006400 14:32:35.578 [pkcs15-init] sc.c:236:sc_detect_card_presence: returning with: 1
Using reader with a card: REINER SCT cyberJack ecom_a (2457677771) 00 00
0x802006400 14:32:35.578 [pkcs15-init] sc.c:231:sc_detect_card_presence: called
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:370:pcsc_detect_card_presence: called
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:283:refresh_attributes: REINER SCT cyberJack ecom_a (2457677771) 00 00 check
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:375:pcsc_detect_card_presence: returning with: 1
0x802006400 14:32:35.578 [pkcs15-init] sc.c:236:sc_detect_card_presence: returning with: 1
0x802006400 14:32:35.578 [pkcs15-init] card.c:125:sc_connect_card: called
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:450:pcsc_connect: called
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:283:refresh_attributes: REINER SCT cyberJack ecom_a (2457677771) 00 00 check
0x802006400 14:32:35.578 [pkcs15-init] reader-pcsc.c:299:refresh_attributes: returning with: 0 (Success)
0x802006400 14:32:35.579 [pkcs15-init] reader-pcsc.c:479:pcsc_connect: Initial protocol: T=1
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:a8
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:56:1b:16:83:01:90:00:86
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:01:90:00:e1
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:0f:90:00:ef
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:146:sc_connect_card: matching configured ATRs
0x802006400 14:32:35.579 [pkcs15-init] card.c:155:sc_connect_card: trying driver 'authentic'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:155:sc_connect_card: trying driver 'iasecc'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'cardos'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'flex'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:95:15:40:20:68:01:02:00:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:15:40:FF:68:01:02:02:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:15:40:FF:68:01:02:02:04
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:85:40:20:68:01:01:05:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:94:40:FF:63:01:01:02:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:15:40:FF:63:01:01:02:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:64:02:01:01:02
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:62:01:01:00:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:62:01:02:01:04
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:62:04:01:01:05
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:95:15:40:ff:68:01:02:45:47
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:E2:00:00:40:20:49:06
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:E2:00:00:40:20:49:05
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:E2:00:00:40:20:49:07
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:85:40:20:68:01:01:03:05
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:02:14:50
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:19:14:55:90:01:02:01:00:05:04:B0
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:32:15:00:06:80
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:32:15:00:06:95
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:19:14:59:01:01:0F:01:00:05:08:B0
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:19:14:55:90:01:01:01:00:05:08:B0
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:16:94:81:10:06:01:81:3F
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:16:94:81:10:06:01:81:2F
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'cyberflex'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:95:15:40:20:68:01:02:00:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:15:40:FF:68:01:02:02:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:15:40:FF:68:01:02:02:04
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:85:40:20:68:01:01:05:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:94:40:FF:63:01:01:02:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:15:40:FF:63:01:01:02:01
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:64:02:01:01:02
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:62:01:01:00:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:62:01:02:01:04
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:95:18:40:FF:62:04:01:01:05
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:95:15:40:ff:68:01:02:45:47
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:E2:00:00:40:20:49:06
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:E2:00:00:40:20:49:05
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:E2:00:00:40:20:49:07
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:85:40:20:68:01:01:03:05
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:02:14:50
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:19:14:55:90:01:02:01:00:05:04:B0
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:32:15:00:06:80
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:32:15:00:06:95
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:19:14:59:01:01:0F:01:00:05:08:B0
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:19:14:55:90:01:01:01:00:05:08:B0
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:16:94:81:10:06:01:81:3F
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:16:94:81:10:06:01:81:2F
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'gpk'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:27:00:80:65:A2:04:01:01:37
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:27:00:80:65:A2:05:01:01:37
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:27:00:80:65:A2:0C:01:01:37
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:A7:00:40:14:80:65:A2:14:01:01:37
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:A7:00:40:18:80:65:A2:08:01:01:52
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:A7:00:40:18:80:65:A2:09:01:01:52
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:A7:00:40:18:80:65:A2:09:01:02:52
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:A7:00:40:18:80:65:A2:09:01:03:52
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'gemsafeV1'
0x802006400 14:32:35.579 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7B:94:00:00:80:65:B0:83:01:01:74:83:00:90:00
0x802006400 14:32:35.579 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.579 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:6B:00:00:80:65:B0:83:01:01:74:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:6d:00:00:80:31:80:65:b0:83:01:02:90:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:6B:00:00:80:65:B0:83:01:03:74:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7A:94:00:00:80:65:A2:01:01:01:3D:72:D6:43
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7D:94:00:00:80:31:80:65:B0:83:01:01:90:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7D:96:00:00:80:31:80:65:B0:83:11:48:C8:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:C0:A9:83:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:C0:A9:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:00:C8:83:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:00:C8:83:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'miocos'
0x802006400 14:32:35.580 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:9D:94:40:23:00:68:10:11:4D:69:6F:43:4F:53:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:9D:94:40:23:00:68:20:01:4D:69:6F:43:4F:53:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'mcrd'
0x802006400 14:32:35.580 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:FF:94:00:FF:80:B1:FE:45:1F:03:00:68:D2:76:00:00:28:FF:05:1E:31:80:00:90:00:23
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:6f:00:ff:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:FE:94:00:FF:80:B1:FA:45:1F:03:45:73:74:45:49:44:20
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:FE:18:00:00:80:31:FE:45:45:73:74:45:49:44:20:76:65:72:20:31:2E:30:A8
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:FE:18:00:00:80:31:FE:45:80:31:80:66:40:90:A4:56:1B:16:83:01:90:00:86
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:01:90:00:e1
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fe:18:00:00:80:31:fe:45:80:31:80:66:40:90:a4:16:2a:00:83:0f:90:00:ef
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'asepcos'
0x802006400 14:32:35.580 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:d6:18:00:81:b1:80:7d:1f:03:80:51:00:61:10:30:8f
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:d6:18:00:81:b1:fe:7d:1f:03:41:53:45:37:35:35:01
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'starcos'
0x802006400 14:32:35.580 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:B7:94:00:c0:24:31:fe:65:53:50:4b:32:33:90:00:b4
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:B7:94:00:81:31:fe:65:53:50:4b:32:33:90:00:d1
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:b7:18:00:c0:3e:31:fe:65:53:50:4b:32:34:90:00:25
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'tcos'
0x802006400 14:32:35.580 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:BA:13:00:81:31:86:5D:00:64:05:0A:02:01:31:80:90:00:8B
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:BA:14:00:81:31:86:5D:00:64:05:14:02:02:31:80:90:00:91
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:BA:96:00:81:31:86:5D:00:64:05:60:02:03:31:80:90:00:66
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:BA:96:00:81:31:86:5D:00:64:05:7B:02:03:31:80:90:00:7D
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:BF:96:00:81:31:FE:5D:00:64:04:11:03:01:31:C0:73:F7:01:D0:00:90:00:7D
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3B:BF:B6:00:81:31:FE:5D:00:64:04:28:03:02:31:C0:73:F7:01:D0:00:90:00:67
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:189:sc_connect_card: trying driver 'openpgp'
0x802006400 14:32:35.580 [pkcs15-init] card.c:870:match_atr_table: ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1
0x802006400 14:32:35.580 [pkcs15-init] card.c:884:match_atr_table: ignored - wrong length
0x802006400 14:32:35.580 [pkcs15-init] card.c:881:match_atr_table: ATR try : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c
0x802006400 14:32:35.580 [pkcs15-init] card.c:196:sc_connect_card: matched: OpenPGP card
0x802006400 14:32:35.580 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.580 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.580 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0x802006400 14:32:35.580 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.580 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.580 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:0, data(6) 0x7fffffffcef0
0x802006400 14:32:35.580 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.580 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 12 bytes] =====================================
#00 A4 04 00 06 D2 76 00 01 24 01 00 ......v..$..

0x802006400 14:32:35.580 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.659 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 25 bytes] =====================================
62 15 84 10 D2 76 00 01 24 01 02 00 00 05 00 00 b....v..$.......
#18 F7 00 00 8A 01 05 90 00 .........

0x802006400 14:32:35.659 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.659 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.659 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.659 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0x802006400 14:32:35.663 [pkcs15-init] iso7816.c:321:iso7816_process_fci: processing FCI bytes
0x802006400 14:32:35.663 [pkcs15-init] iso7816.c:379:iso7816_process_fci: File name: D2 76 00 01 24 01 02 00 00 05 00 00 18 F7 00 00 .v..$...........
0x802006400 14:32:35.663 [pkcs15-init] card.c:646:sc_get_data: called, tag=5f52
0x802006400 14:32:35.663 [pkcs15-init] card-openpgp.c:1128:pgp_get_data: called
0x802006400 14:32:35.663 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.663 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.663 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0x802006400 14:32:35.663 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.663 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.663 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:CA, P1:5F, P2:52, data(0) 0x0
0x802006400 14:32:35.663 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.663 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 7 bytes] =====================================
#00 CA 5F 52 00 08 00 .._R...

0x802006400 14:32:35.663 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.675 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 12 bytes] =====================================
#00 31 C5 73 C0 01 40 05 90 00 90 00 .1.s..@.....

0x802006400 14:32:35.675 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.675 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.675 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.675 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0x802006400 14:32:35.683 [pkcs15-init] card-openpgp.c:1141:pgp_get_data: returning with: 10
0x802006400 14:32:35.683 [pkcs15-init] card.c:651:sc_get_data: returning with: 10
0x802006400 14:32:35.683 [pkcs15-init] card.c:646:sc_get_data: called, tag=006e
0x802006400 14:32:35.683 [pkcs15-init] card-openpgp.c:1128:pgp_get_data: called
0x802006400 14:32:35.683 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.683 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.683 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0x802006400 14:32:35.683 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.683 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.683 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:CA, P1:0, P2:6E, data(0) 0x0
0x802006400 14:32:35.683 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.683 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 7 bytes] =====================================
#00 CA 00 6E 00 08 00 ...n...

0x802006400 14:32:35.683 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.765 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 219 bytes] =====================================
4F 10 D2 76 00 01 24 01 02 00 00 05 00 00 18 F7 O..v..$.........
00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 [email protected]
81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 ....|...........
01 08 00 00 20 00 C2 06 01 08 00 00 20 00 C3 06 .... ....... ...
01 08 00 00 20 00 C4 07 00 20 20 20 03 00 03 C5 .... .... ....
3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <...............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 ..............<.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 CD 0C 00 00 00 ................
#00 00 00 00 00 00 00 00 00 90 00 ...........

0x802006400 14:32:35.765 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.765 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.765 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.765 [pkcs15-init] reader-pcsc.c:554:pcsc_unlock: called
0x802006400 14:32:35.777 [pkcs15-init] card-openpgp.c:1141:pgp_get_data: returning with: 217
0x802006400 14:32:35.777 [pkcs15-init] card.c:651:sc_get_data: returning with: 217
0x802006400 14:32:35.777 [pkcs15-init] card.c:232:sc_connect_card: card info name:'CryptoStick v1.2 (OpenPGP v2.0)', type:9002, flags:0x0, max_send/recv_size:2048/2048
0x802006400 14:32:35.777 [pkcs15-init] card.c:1199:sc_card_sm_check: called
0x802006400 14:32:35.777 [pkcs15-init] card.c:1204:sc_card_sm_check: returning with: 0 (Success)
0x802006400 14:32:35.777 [pkcs15-init] card.c:243:sc_connect_card: returning with: 0 (Success)
0x802006400 14:32:35.777 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.777 [pkcs15-init] reader-pcsc.c:517:pcsc_lock: called
0x802006400 14:32:35.777 [pkcs15-init] pkcs15-lib.c:301:sc_pkcs15init_bind: called
0x802006400 14:32:35.777 [pkcs15-init] card.c:761:sc_card_ctl: called
0x802006400 14:32:35.777 [pkcs15-init] card-openpgp.c:2170:pgp_card_ctl: called
0x802006400 14:32:35.777 [pkcs15-init] card-openpgp.c:2191:pgp_card_ctl: returning with: -1408 (Not supported)
0x802006400 14:32:35.777 [pkcs15-init] card.c:768:sc_card_ctl: card_ctl(4) not supported
0x802006400 14:32:35.777 [pkcs15-init] profile.c:332:sc_profile_load: called
0x802006400 14:32:35.777 [pkcs15-init] profile.c:362:sc_profile_load: Using profile directory '/usr/local/share/opensc'.
0x802006400 14:32:35.777 [pkcs15-init] profile.c:370:sc_profile_load: Trying profile file /usr/local/share/opensc/pkcs15.profile
0x802006400 14:32:35.777 [pkcs15-init] profile.c:375:sc_profile_load: profile /usr/local/share/opensc/pkcs15.profile loaded ok
0x802006400 14:32:35.778 [pkcs15-init] profile.c:385:sc_profile_load: returning with: 0 (Success)
0x802006400 14:32:35.778 [pkcs15-init] profile.c:332:sc_profile_load: called
0x802006400 14:32:35.778 [pkcs15-init] profile.c:362:sc_profile_load: Using profile directory '/usr/local/share/opensc'.
0x802006400 14:32:35.778 [pkcs15-init] profile.c:370:sc_profile_load: Trying profile file /usr/local/share/opensc/openpgp.profile
0x802006400 14:32:35.778 [pkcs15-init] profile.c:375:sc_profile_load: profile /usr/local/share/opensc/openpgp.profile loaded ok
0x802006400 14:32:35.778 [pkcs15-init] profile.c:385:sc_profile_load: returning with: 0 (Success)
0x802006400 14:32:35.778 [pkcs15-init] profile.c:397:sc_profile_finish: called
0x802006400 14:32:35.778 [pkcs15-init] profile.c:440:sc_profile_finish: returning with: 0 (Success)
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-lib.c:408:sc_pkcs15init_bind: returning with: 0 (Success)
0x802006400 14:32:35.778 [pkcs15-init] pkcs15.c:1134:sc_pkcs15_bind: called
0x802006400 14:32:35.778 [pkcs15-init] pkcs15.c:1135:sc_pkcs15_bind: application(aid:'empty')
0x802006400 14:32:35.778 [pkcs15-init] pkcs15.c:1157:sc_pkcs15_bind: PKCS#15 options: use_file_cache=0 use_pin_cache=1 pin_cache_counter=10 pin_cache_ignore_user_consent=0
0x802006400 14:32:35.778 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-syn.c:130:sc_pkcs15_bind_synthetic: called
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-syn.c:171:sc_pkcs15_bind_synthetic: no emulator list in config file, trying all builtin emulators
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-syn.c:173:sc_pkcs15_bind_synthetic: trying westcos
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-westcos.c:258:sc_pkcs15emu_westcos_init_ex: sc_pkcs15_init_func_ex westcos
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-westcos.c:245:westcos_detect_card: westcos_detect_card (CryptoStick v1.2 (OpenPGP v2.0))
0x802006400 14:32:35.778 [pkcs15-init] pkcs15-syn.c:173:sc_pkcs15_bind_synthetic: trying openpgp
0x802006400 14:32:35.778 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=00655f2d
0x802006400 14:32:35.778 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.778 [pkcs15-init] card.c:646:sc_get_data: called, tag=0065
0x802006400 14:32:35.778 [pkcs15-init] card-openpgp.c:1128:pgp_get_data: called
0x802006400 14:32:35.778 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.778 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.778 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.778 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.778 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:CA, P1:0, P2:65, data(0) 0x0
0x802006400 14:32:35.778 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.778 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 7 bytes] =====================================
#00 CA 00 65 00 08 00 ...e...

0x802006400 14:32:35.778 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.802 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 13 bytes] =====================================

5B 00 5F 2D 02 64 65 5F 35 01 39 90 00 [._-.de_5.9..

0x802006400 14:32:35.802 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.802 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.802 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.802 [pkcs15-init] card-openpgp.c:1141:pgp_get_data: returning with: 11
0x802006400 14:32:35.802 [pkcs15-init] card.c:651:sc_get_data: returning with: 11
0x802006400 14:32:35.802 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.802 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.802 [pkcs15-init] card.c:445:sc_read_binary: called; 2 bytes at index 0
0x802006400 14:32:35.802 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.802 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 2
0x802006400 14:32:35.802 [pkcs15-init] card.c:485:sc_read_binary: returning with: 2
0x802006400 14:32:35.802 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c4
0x802006400 14:32:35.802 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.802 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 7 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 7
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 7
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c5
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 60 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 60
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 60
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c1
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 6 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c2
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 6 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c3
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 6 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c1
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 6 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c2
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 6 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=006e007300c3
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.803 [pkcs15-init] card.c:445:sc_read_binary: called; 6 bytes at index 0
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1019:pgp_read_binary: called
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1040:pgp_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:485:sc_read_binary: returning with: 6
0x802006400 14:32:35.803 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=7f21
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.803 [pkcs15-init] card.c:646:sc_get_data: called, tag=7f21
0x802006400 14:32:35.803 [pkcs15-init] card-openpgp.c:1128:pgp_get_data: called
0x802006400 14:32:35.803 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.803 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.803 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.803 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.803 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:CA, P1:7F, P2:21, data(0) 0x0
0x802006400 14:32:35.803 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.803 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 7 bytes] =====================================
#00 CA 7F 21 00 08 00 ...!...

0x802006400 14:32:35.803 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.816 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 2 bytes] =====================================
#90 00 ..

0x802006400 14:32:35.816 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.816 [pkcs15-init] card-openpgp.c:1141:pgp_get_data: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] card.c:651:sc_get_data: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.816 [pkcs15-init] pkcs15.c:1194:sc_pkcs15_bind: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] pkcs15-lib.c:438:sc_pkcs15init_set_p15card: called
0x802006400 14:32:35.816 [pkcs15-init] profile.c:621:sc_profile_get_file_by_path: called
0x802006400 14:32:35.816 [pkcs15-init] profile.c:625:sc_profile_get_file_by_path: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] profile.c:621:sc_profile_get_file_by_path: called
0x802006400 14:32:35.816 [pkcs15-init] profile.c:625:sc_profile_get_file_by_path: returning with: 0 (Success)
0x802006400 14:32:35.816 [pkcs15-init] pkcs15-lib.c:472:sc_pkcs15init_set_p15card: sc_pkcs15init_set_p15card() returns
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:1594:sc_pkcs15init_store_certificate: called
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:2166:select_intrinsic_id: called
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:2172:select_intrinsic_id: returning with: 0 (Success)
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:2271:select_id: called
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:2277:select_id: returning with: 0 (Success)
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:1617:sc_pkcs15init_store_certificate: Store cert(Certificate,ID:03,der(0x802077a00,1500))
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-lib.c:1827:sc_pkcs15init_store_data: called
0x802006400 14:32:35.817 [pkcs15-init] pkcs15-openpgp.c:248:openpgp_store_data: called
0x802006400 14:32:35.817 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=7f21
0x802006400 14:32:35.817 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.817 [pkcs15-init] card.c:646:sc_get_data: called, tag=7f21
0x802006400 14:32:35.817 [pkcs15-init] card-openpgp.c:1128:pgp_get_data: called
0x802006400 14:32:35.817 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.817 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.817 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.817 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.817 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:CA, P1:7F, P2:21, data(0) 0x0
0x802006400 14:32:35.817 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.817 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 7 bytes] =====================================
#00 CA 7F 21 00 08 00 ...!...

0x802006400 14:32:35.817 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.830 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 2 bytes] =====================================
#90 00 ..

0x802006400 14:32:35.830 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.830 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.830 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.830 [pkcs15-init] card-openpgp.c:1141:pgp_get_data: returning with: 0 (Success)
0x802006400 14:32:35.830 [pkcs15-init] card.c:651:sc_get_data: returning with: 0 (Success)
0x802006400 14:32:35.830 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.830 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3350:sc_pkcs15init_authenticate: called
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3351:sc_pkcs15init_authenticate: path '7f21', op=23
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3362:sc_pkcs15init_authenticate: acl 0x8020ed400
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3376:sc_pkcs15init_authenticate: verify acl(method:1,reference:3)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3200:sc_pkcs15init_verify_secret: called
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3204:sc_pkcs15init_verify_secret: get and verify PIN('PIN',type:0x1,reference:0x3)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:1748:sc_pkcs15init_get_pin_reference: called
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:1758:sc_pkcs15init_get_pin_reference: found 3 auth objects; looking for AUTH object(auth_method:1,reference:3)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:1765:sc_pkcs15init_get_pin_reference: check PIN(User PIN (sig),auth_method:1,type:2,reference:1,flags:13)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:1765:sc_pkcs15init_get_pin_reference: check PIN(User PIN,auth_method:1,type:2,reference:2,flags:13)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:1765:sc_pkcs15init_get_pin_reference: check PIN(Admin PIN,auth_method:1,type:2,reference:3,flags:9B)
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:1768:sc_pkcs15init_get_pin_reference: returning with: 3
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3224:sc_pkcs15init_verify_secret: found PIN reference 3
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3250:sc_pkcs15init_verify_secret: found PIN object 'Admin PIN'
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3255:sc_pkcs15init_verify_secret: PIN object 'Admin PIN'; pin_obj->content.len:0
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-lib.c:3273:sc_pkcs15init_verify_secret: 'get_pin' callback returned 0; pinsize:8
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-pin.c:293:sc_pkcs15_verify_pin: called
0x802006400 14:32:35.830 [pkcs15-init] pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN(0x7fffffffcdf0;len:8)
0x802006400 14:32:35.831 [pkcs15-init] pkcs15-pin.c:295:sc_pkcs15_verify_pin: Auth(type:0;method:1)
0x802006400 14:32:35.831 [pkcs15-init] pkcs15-pin.c:299:sc_pkcs15_verify_pin: PIN value validated
0x802006400 14:32:35.831 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.831 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=3f00
0x802006400 14:32:35.831 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.831 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.831 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.831 [pkcs15-init] sec.c:157:sc_pin_cmd: called
0x802006400 14:32:35.831 [pkcs15-init] card-openpgp.c:1239:pgp_pin_cmd: called
0x802006400 14:32:35.831 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.831 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.831 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.831 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.831 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:20, P1:0, P2:83, data(8) 0x7fffffff8060
0x802006400 14:32:35.831 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.831 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 13 bytes] =====================================
#00 20 00 83 08 31 32 33 34 35 36 37 38 . ...12345678

0x802006400 14:32:35.831 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 2 bytes] =====================================
#90 00 ..

0x802006400 14:32:35.951 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.951 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.951 [pkcs15-init] card-openpgp.c:1266:pgp_pin_cmd: returning with: 0 (Success)
0x802006400 14:32:35.951 [pkcs15-init] sec.c:204:sc_pin_cmd: returning with: 0 (Success)
0x802006400 14:32:35.951 [pkcs15-init] pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result 0
0x802006400 14:32:35.951 [pkcs15-init] pkcs15-pin.c:590:sc_pkcs15_pincache_add: called
0x802006400 14:32:35.951 cannot lock memory, sensitive data may be paged to disk
0x802006400 14:32:35.951 [pkcs15-init] pkcs15-pin.c:630:sc_pkcs15_pincache_add: PIN(Admin PIN) cached
0x802006400 14:32:35.951 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.951 [pkcs15-init] pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: 0 (Success)
0x802006400 14:32:35.951 [pkcs15-init] card.c:610:sc_select_file: called; type=2, path=7f21
0x802006400 14:32:35.951 [pkcs15-init] card-openpgp.c:904:pgp_select_file: called
0x802006400 14:32:35.951 [pkcs15-init] card.c:646:sc_get_data: called, tag=7f21
0x802006400 14:32:35.951 [pkcs15-init] card-openpgp.c:1128:pgp_get_data: called
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.951 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:CA, P1:7F, P2:21, data(0) 0x0
0x802006400 14:32:35.951 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.951 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 7 bytes] =====================================
#00 CA 7F 21 00 08 00 ...!...

0x802006400 14:32:35.951 [pkcs15-init] reader-pcsc.c:182:pcsc_internal_transmit: called
0x802006400 14:32:35.964 [pkcs15-init] apdu.c:185:sc_apdu_log:
Incoming APDU data [ 2 bytes] =====================================
#90 00 ..

0x802006400 14:32:35.964 [pkcs15-init] apdu.c:524:sc_single_transmit: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] apdu.c:676:sc_transmit: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] card.c:353:sc_unlock: called
0x802006400 14:32:35.964 [pkcs15-init] card-openpgp.c:1141:pgp_get_data: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] card.c:651:sc_get_data: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] card-openpgp.c:971:pgp_select_file: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] card.c:638:sc_select_file: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] pkcs15-lib.c:3324:sc_pkcs15init_verify_secret: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] pkcs15-lib.c:3383:sc_pkcs15init_authenticate: returning with: 0 (Success)
0x802006400 14:32:35.964 [pkcs15-init] card.c:538:sc_update_binary: called; 1500 bytes at index 0
0x802006400 14:32:35.964 [pkcs15-init] card-openpgp.c:2241:pgp_update_binary: called
0x802006400 14:32:35.964 [pkcs15-init] card-openpgp.c:1157:pgp_put_data: called
0x802006400 14:32:35.964 [pkcs15-init] apdu.c:687:sc_transmit_apdu: called
0x802006400 14:32:35.964 [pkcs15-init] card.c:315:sc_lock: called
0x802006400 14:32:35.964 [pkcs15-init] apdu.c:654:sc_transmit: called
0x802006400 14:32:35.964 [pkcs15-init] apdu.c:509:sc_single_transmit: called
0x802006400 14:32:35.964 [pkcs15-init] apdu.c:514:sc_single_transmit: CLA:0, INS:DA, P1:7F, P2:21, data(1500) 0x802077a00
0x802006400 14:32:35.964 [pkcs15-init] reader-pcsc.c:249:pcsc_transmit: reader 'REINER SCT cyberJack ecom_a (2457677771) 00 00'
0x802006400 14:32:35.965 [pkcs15-init] apdu.c:185:sc_apdu_log:
Outgoing APDU data [ 1507 bytes] =====================================
00 DA 7F 21 00 05 DC 30 82 05 D8 30 82 03 C0 02 ...!...0...0....
01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 ..0....H.......
00 30 81 B1 31 0B 30 09 06 03 55 04 06 13 02 44 .0..1.0...U....D
45 31 11 30 0F 06 03 55 04 08 0C 08 53 61 61 72 E1.0...U....Saar
6C 61 6E 64 31 12 30 10 06 03 55 04 07 0C 09 45 land1.0...U....E
70 70 65 6C 62 6F 72 6E 31 22 30 20 06 03 55 04 ppelborn1"0 ..U.
0A 0C 19 68 74 74 70 3A 2F 2F 77 77 77 2E 4C 65 ...http://www.Le
69 64 69 6E 67 65 72 2E 6E 65 74 2F 31 11 30 0F idinger.net/1.0.
06 03 55 04 0B 0C 08 73 73 68 40 68 6F 6D 65 31 ..U....ssh@home1
1C 30 1A 06 03 55 04 03 0C 13 41 6C 65 78 61 6E .0...U....Alexan
64 65 72 20 4C 65 69 64 69 6E 67 65 72 31 26 30 der Leidinger1&0
24 06 09 2A 86 48 86 F7 0D 01 09 01 16 17 41 6C $...H........Al
65 78 61 6E 64 65 72 40 4C 65 69 64 69 6E 67 65 exander@Leidinge
72 2E 6E 65 74 30 1E 17 0D 31 33 30 32 31 31 31 r.net0...1302111
35 31 33 31 31 5A 17 0D 31 35 30 32 31 31

openpgp-tool missing in Windows installer

The useful openpgp-tool is not included in the opensc 0.13 installation package for Windows. Please include it in the next revision.

vmware view is not able to load opensc

Hello there,

today I tried to let vmware view load OpenSC as PKCS#11 module. For that you have to create the folder /usr/lib/vmware/view/pkcs11 and symlink the PKCS#11 library. Creating a symlink with the original filename does not work out for vmware view, because then it tries to access libopensc-pkcs11.so.so. So I renamed it to libopensc-pkcs11.so, which does the trick.

ln -s /usr/lib/pkcs11/opensc-pkcs11.so /usr/lib/vmware/view/pkcs11/libopensc-pkcs11.so

But then, when it tries to load the module, following error occurs:

vmware-view.log:

Sep 12 16:21:47.418: vmware-view 4357| Initializing smartcard modules
Sep 12 16:21:47.418: vmware-view 4357| Attempting to load cryptoki module /usr/lib/vmware/view/pkcs11/libopensc-pkcs11.so
Sep 12 16:21:47.418: vmware-view 4357| Could not resolve C_Initialize from /usr/lib/vmware/view/pkcs11/libopensc-pkcs11.so
Sep 12 16:21:47.419: vmware-view 4357| Loaded 0 modules from /usr/lib/vmware/view/pkcs11

CoolKey, Gemalto and other pkcs#11 implementations are working fine. So, I guess, there is a problem with OpenSC.

OpenSC versions tried: 0.13.0 and 0.12.2
Version from VMware View: 2.1.0

Best regards…

PKCS11-tool with softhsm

Hi,
I have compiled the softhsm with ECC and openssl support. I can create the ECC based key pair using PKCS11-tool but when i try to generate the csr using openssl pkcs11 engine after loading the modules with the following command.
engine dynamic -pre SO_PATH:/usr/lib/ssl/engines/engine_pkcs11.so
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:/usr/local/lib/softhsm/libsofthsm.so
(dynamic) Dynamic engine loading support

Loaded: (pkcs11) pkcs11 engin

after this when i tried to generate the CSR using openssl based on ECC keys generated by pkcs11-tool in softhsm. I am getting the following error.

req -engine pkcs11 -new -key id_04 -keyform engine -out req.pem
engine "pkcs11" set.
key not found.
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
3073751240:error:26096080:engine
routines:ENGINE_load_private_key:failed loading private
key:eng_pkey.c:126:
unable to load Private Key
error in req

Can i generate the CSR using pkcs11-tool? or something i am missing with openssl to read the keys?

Regards,
Sanaullah

sc_get_response() behavior with multiple GET RESPONSE

Hello,

I have difficulty geting response data from card when the card only
support shorts APDU and have to use multiple GET RESPONSE commands, done
internally by sc_transmit_apdu and sc_get_response functions.

Because I don't know how big returned data will be, I set apdu.resplen
to a maximum number (say 2048), but after getting enough data (actual
length is less than 2048), the sc_get_response() still try to acquire
more and fall to "6D 00" error.

If I set apdu.resplen = 256, sc_get_response() stop when 256 bytes data
was got, regardless there is still more data.

How can I make sc_get_response() stop right after it receives "90 00"
from card?

I'm working with OpenPGP card in Gnuk device.

Broken reader, C3PO LTC31

This reader doesn't have a pinpad. Could it be added to the broken list?

--- reader-pcsc.c.orig  2013-12-31 19:26:55.000000000 +0100
+++ reader-pcsc.c   2013-12-31 19:30:37.000000000 +0100
@@ -819,7 +819,10 @@
    PCSC_TLV_STRUCTURE *pcsc_tlv;
    LONG rv;
    const char *log_disabled = "but it's disabled in configuration file";
-   const char *broken_readers[] = {"HP USB Smart Card Keyboard"};
+   const char *broken_readers[] = {
+       "C3PO LTC31 v2",
+       "HP USB Smart Card Keyboard"
+   };

    SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);

openpgp-tool in not included in OpenSC package for Windows

In OpenSC 0.13 for Windows, openpgp-tool is missing. Please include it.

Russian Universal Electronic Card (UEC) support

This duplicates my message sent to opensc-devel mailing list few days ago.

Is there any plans to support Russian Universal Electronic Card (UEC)?

This card is detected by pcsc_scan utility from pcsc-tools with fresh smartcard_list.txt as:

3B 6C 00 00 80 64 11 65 01 90 73 00 00 00 81 07
        Universal Electronic Card (UEC Russia) (eID)

But I can't do anything with this card with OpenSC:

$ opensc-explorer
OpenSC Explorer version 0.13.0
Using reader with a card: ACS ACR 38U-CCID 00 00
unable to select MF: Incorrect parameters in APDU

$ pkcs15-tool --dump
Using reader with a card: ACS ACR 38U-CCID 00 00
PKCS#15 binding failed: Unsupported card

$ opensc-tool --name
Using reader with a card: ACS ACR 38U-CCID 00 00
Unsupported card

$ opensc-tool --atr
Using reader with a card: ACS ACR 38U-CCID 00 00
3b:6c:00:00:80:64:11:65:01:90:73:00:00:00:81:07

I'm using latest Ubuntu 13.10 with OpenSC 0.13.0-3ubuntu1, PCSCD 1.8.6-3ubuntu1b1 and PCSC-Tools 1.4.21-1.

Info about UEC

This is an electronic ID card combined with smart card, bank card and public transportation card (and more).

Wikipedia EN: http://en.wikipedia.org/wiki/Universal_Electronic_Card
Wikipedia RU: http://ru.wikipedia.org/wiki/Универсальная_электронная_карта
Official website (in russian, no technical info): http://www.uecard.ru/
On windows it's supported by CryptoPro software and they've developed software bundle for it (available for free for card holders, 90 day trial also available): http://www.cryptopro.ru/products/fkc/kriptopro-csp-uec

The card itself isn't much widespread now, but there's plans to give it to every russian citizen in few years.

In my card written digital signature certificate and private key with GOST R 34.10-2001 cryptographic algorithm, that may used for document signing, website login, etc.

So, I want to extract my certificate from card, install it somewhere in system (i.e. in browser) and also to sometime sign some files with this card. I'm new to smartcards and cryptography and now just playing with new interesting thing.

I've checked card on windows, and it works OK, I able to sign in on gosuslugi.ru government services website using card (they provide special browser plugin there and it's exists for linux as deb package), and have signed Word document (again, with special MS Office plugin by CryptoPro as MS Office doesn't support GOST algorithms out of the box).

So, please tell me is it possible and what else info can I provide to make it possible? Thanks.

With best regards, Andrey Novikov.

P.S> pcsc_scan utility output:

$ pcsc_scan
PC/SC device scanner
V 1.4.21 (c) 2001-2011, Ludovic Rousseau <[email protected]>
    Compiled with PC/SC lite version: 1.8.6
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR 38U-CCID 00 00

Sun Feb  2 22:22:59 2014
Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted, 
  ATR: 3B 6C 00 00 80 64 11 65 01 90 73 00 00 00 81 07

ATR: 3B 6C 00 00 80 64 11 65 01 90 73 00 00 00 81 07
+ TS = 3B --> Direct Convention
+ T0 = 6C, Y(1): 0110, K: 12 (historical bytes)
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 64 11 65 01 90 73 00 00 00 81 07
  Category indicator byte: 80 (compact TLV data object)
    Tag: 6, len: 4 (pre-issuing data)
      Data: 11 65 01 90
    Tag: 7, len: 3 (card capabilities)
      Selection methods: 00
      Data coding byte: 00
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 1
      Command chaining, length fields and logical channels: 00
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 1
    Tag: 8, len: 1 (status indicator)
      LCS (life card cycle): 07

Possibly identified card (using /home/envek/.cache/smartcard_list.txt):
3B 6C 00 00 80 64 11 65 01 90 73 00 00 00 81 07
  Universal Electronic Card (UEC Russia) (eID)

Readers with bogus firmware (Dell Smart Card Reader Keyboard)

It looks like there isn't good firmware for readers like Dell Smart Card Reader Keyboard. I don't think I can convince Dell to fix this. Replacing the readers with others from a compliant vendor is not reasonable.

Is there any chance you could accept a patch that would set enable_pinpad to "auto" and put in a separate file all the reader quirks that decide whether to set it to true or false? E.g., if Dell Reader and a card without PIN padding, then disable pinpad.

Failure to init Muscle Card

pkcs15-init -C fails on a Muscle card with this error:

Failed to create PKCS #15 meta structure: File not found

the relevant part of a verbose log seems to be:

0x7f0112a5f700 12:47:38.382 [pkcs15-init] card-muscle.c:371:select_item: returning with: -1201 (File not found)
0x7f0112a5f700 12:47:38.382 [pkcs15-init] card-muscle.c:440:muscle_select_file: returning with: -1201 (File not found)
0x7f0112a5f700 12:47:38.382 [pkcs15-init] card.c:681:sc_select_file: 'SELECT' error: -1201 (File not found)
0x7f0112a5f700 12:47:38.382 [pkcs15-init] card.c:402:sc_unlock: called
0x7f0112a5f700 12:47:38.382 [pkcs15-init] pkcs15-pin.c:372:sc_pkcs15_verify_pin: returning with: -1201 (File not found)
0x7f0112a5f700 12:47:38.382 [pkcs15-init] pkcs15-lib.c:3302:sc_pkcs15init_verify_secret: Cannot validate pkcs15 PIN: -1201 (File not found)
0x7f0112a5f700 12:47:38.382 [pkcs15-init] pkcs15-lib.c:3383:sc_pkcs15init_authenticate: returning with: -1201 (File not found)
0x7f0112a5f700 12:47:38.382 [pkcs15-init] pkcs15-lib.c:826:sc_pkcs15init_add_app: Create 'DIR' error: -1201 (File not found)

With the patch from joelhockey@c010dc7 it works.
This seems to be due to the fact that the pin_obj is created as a virtual object in sc_pkcs15init_add_app() while then looked for directly with sc_select_file() in sc_pkcs15_verify_pin().

Fail to generate or write key to Feitian PKI smartcard (FTCOS / PK-01C)

I try to get a Smart card starter kit from Gooze up and running on Mac OS X 10.8.

Following the steps describe in the Smartcard quickstarter guide I succeeded with the Initialization .

When ever I try to write a key to the smart card or generate one directly on the card I end up with the following:

Using reader with a card: Feitian SCR301 00 00
0x1005d3180 09:46:16.4294968284 [pkcs15-tool] pkcs15-itacns.c:857:sc_pkcs15emu_itacns_init_ex: called
PKCS#15 Card [(null)]:
    Version        : 0
    Serial number  : 0357154813170712
    Manufacturer ID: entersafe
    Flags          :

I do not know how to figure out what is going wrong here. I would highly appreciate any help to figure this out.

"Invalid ASN.1 object" with ePass2003

When trying to use generate, or import, an rsa key as per e.g.:
pkcs15-init --generate-key rsa/2048 --auth-id 01 -u sign,decrypt
...I get the following error message:
Failed to generate key: Invalid ASN.1 object

...any ideas? It seems as its always something new wrong with this... :(
Cheers,
Chris

supported card reader

Hi, i'd like to know if this card reader
http://www.made-in-china.com/showroom/snowcrt/product-detailHbLJqcNVlvkX/China-Half-Insert-IC-Card-Reader-CRT-188-.html
is supported by openSC.
Thank you

No PIN entry with OpenVPN and OpenSC PKCS#11 module (Windows 7 x64)

Hello.

I set up my OpenVPN Windows 7 x64 client to authorize with private key and certificate stored onto my OpenPGP v2 GPF CryptoStick 1.2 smart-card. But the OpenVPN connection fails at client's certificate verification phase. Smart-card's activity LED indicator lights up, but a PIN entry dialog never appears.

In use:

Windows 7 x64 Pro;
OpenVPN 2.3.0 x86_64-w64-mingw32;
OpenSC 0.13.0 x64 (x32 version returns command "openvpn --show-pkcs11-ids opensc-pkcs11.dll" with error, so simply not usable in my case);
4096-bit RSA Auth key with respected self-signed certificate onto smart-card.

OpenVPN auth configuration:

ca ca.crt
pkcs11-providers C:\\Windows\\System32\\opensc-pkcs11.dll
pkcs11-id 'ZeitControl/PKCS\x2315\x20emulated/000500001469/OpenPGP\x20card\x20\x28User\x20PIN\x29/03'

OpenVPN log:

Fri Mar 15 22:12:30 2013 OpenVPN 2.3.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar  7 2013
Enter Management Password:
Fri Mar 15 22:12:30 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Mar 15 22:12:30 2013 Need hold release from management interface, waiting...
Fri Mar 15 22:12:30 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Mar 15 22:12:30 2013 MANAGEMENT: CMD 'state on'
Fri Mar 15 22:12:30 2013 MANAGEMENT: CMD 'log all on'
Fri Mar 15 22:12:30 2013 MANAGEMENT: CMD 'hold off'
Fri Mar 15 22:12:30 2013 MANAGEMENT: CMD 'hold release'
Fri Mar 15 22:12:30 2013 PKCS#11: Adding PKCS#11 provider 'C:\Windows\System32\opensc-pkcs11.dll'
Fri Mar 15 22:12:34 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Mar 15 22:12:34 2013 MANAGEMENT: >STATE:1363371154,RESOLVE,,,
Fri Mar 15 22:12:34 2013 UDPv4 link local (bound): [undef]
Fri Mar 15 22:12:34 2013 UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
Fri Mar 15 22:12:34 2013 MANAGEMENT: >STATE:1363371154,WAIT,,,
Fri Mar 15 22:12:34 2013 MANAGEMENT: >STATE:1363371154,AUTH,,,
Fri Mar 15 22:12:34 2013 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, sid=d3a3dde8 f91fbcc8
Fri Mar 15 22:12:34 2013 VERIFY OK: depth=1, C=XXX, ST=XXX, L=XXX, O=XXX
Fri Mar 15 22:12:34 2013 VERIFY OK: depth=0, C=XXX, ST=XXX, O=XXX, CN=XXX
Fri Mar 15 22:12:42 2013 PKCS#11: Cannot perform signature 1:'CKR_CANCEL'
Fri Mar 15 22:12:42 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib
Fri Mar 15 22:12:42 2013 TLS Error: TLS object -> incoming plaintext read error
Fri Mar 15 22:12:42 2013 TLS Error: TLS handshake failed
Fri Mar 15 22:12:42 2013 SIGTERM[hard,tls-error] received, process exiting
Fri Mar 15 22:12:42 2013 MANAGEMENT: >STATE:1363371162,EXITING,tls-error,,

OpenSC PKCS#11 dll module log:

http://pastebin.com/s4czqnEe

What can be done to resolve the issue?

Thanks in advance!

Problem opensc minidriver

Hi,
I use OpenSC 0.13 in Windows 7 64 bit system with Crypto Stick v1.2 and have the following problem:
- The smart card driver in Device Manager is not successfully installed after installing OpenSC with option full install .

But OpenSC's tools (opensc-explorer, pkcs11-tool, ...) work properly.
- I try to configure by hand and create the Windows registry key "Crypto stick" and update driver with opensc-minidriver.inf file (see opensc-minidriver.inf content).Device manager have opensc driver.

But when I use Internet Explorer to connect to startssl.com website to authenticate via certificate store in device,the result fails, this like error certificate not found but i'm sure certificate ready in Crypto stick. (see startssl.png).

opensc-minidriver content

[Version]
Signature="$Windows NT$"
Class=SmartCard
ClassGuid={990A2BD7-E738-46c7-B26F-1CF8FB9F1391}
Provider=%ProviderName%
CatalogFile=delta.cat
DriverVer=05/02/2010,@OPENSC_VERSION_MAJOR@,@OPENSC_VERSION_MINOR@,@OPENSC_VERSION_FIX@,0

[Manufacturer]
%ProviderName%=Minidriver,NTamd64,NTamd64.6.1,NTx86,NTx86.6.1

[Minidriver.NTamd64]
%CardDeviceName%=Minidriver64_Install,SCFILTER\CID_00640181010c829000

[Minidriver.NTx86]
%CardDeviceName%=Minidriver32_Install,SCFILTER\CID_00640181010c829000

[Minidriver.NTamd64.6.1]
%CardDeviceName%=Minidriver64_61_Install,SCFILTER\CID_00640181010c829000

[Minidriver.NTx86.6.1]
%CardDeviceName%=Minidriver32_61_Install,SCFILTER\CID_00640181010c829000

[DefaultInstall]
CopyFiles=x86_CopyFiles
AddReg=AddRegDefault

[DefaultInstall.ntamd64]
CopyFiles=amd64_CopyFiles
CopyFiles=wow64_CopyFiles
AddReg=AddRegWOW64
AddReg=AddRegDefault

[DefaultInstall.NTx86]
CopyFiles=x86_CopyFiles
AddReg=AddRegDefault

[DefaultInstall.ntamd64.6.1]
AddReg=AddRegWOW64
AddReg=AddRegDefault

[DefaultInstall.NTx86.6.1]
AddReg=AddRegDefault

[SourceDisksFiles]
%SmartCardCardModule%=1
%SmartCardCardModule64%=1

[SourceDisksNames]
1 = %MediaDescription%

[Minidriver64_Install.NT]
CopyFiles=amd64_CopyFiles
CopyFiles=wow64_CopyFiles
AddReg=AddRegWOW64
AddReg=AddRegDefault

[Minidriver64_61_Install.NT]
AddReg=AddRegWOW64
AddReg=AddRegDefault
Include=umpass.inf
Needs=UmPass

[Minidriver32_Install.NT]
CopyFiles=x86_CopyFiles
AddReg=AddRegDefault

[Minidriver32_61_Install.NT]
AddReg=AddRegDefault
Include=umpass.inf
Needs=UmPass

[Minidriver64_61_Install.NT.Services]
Include=umpass.inf
Needs=UmPass.Services

[Minidriver32_61_Install.NT.Services]
Include=umpass.inf
Needs=UmPass.Services

[Minidriver64_61_Install.NT.HW]
Include=umpass.inf
Needs=UmPass.HW

[Minidriver64_61_Install.NT.CoInstallers]
Include=umpass.inf
Needs=UmPass.CoInstallers

[Minidriver64_61_Install.NT.Interfaces]
Include=umpass.inf
Needs=UmPass.Interfaces

[Minidriver32_61_Install.NT.HW]
Include=umpass.inf
Needs=UmPass.HW

[Minidriver32_61_Install.NT.CoInstallers]
Include=umpass.inf
Needs=UmPass.CoInstallers

[Minidriver32_61_Install.NT.Interfaces]
Include=umpass.inf
Needs=UmPass.Interfaces

[amd64_CopyFiles]
;%SmartCardCardModule%,%SmartCardCardModule64%

[x86_CopyFiles]
;%SmartCardCardModule%

[wow64_CopyFiles]
;%SmartCardCardModule64%

[AddRegWOW64]
HKLM, %SmartCardNameWOW64%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00
HKLM, %SmartCardNameWOW64%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
HKLM, %SmartCardNameWOW64%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider"
HKLM, %SmartCardNameWOW64%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider"
HKLM, %SmartCardNameWOW64%,"80000001",0x00000000,%SmartCardCardModule64%

[AddRegDefault]
HKLM, %SmartCardName%,"ATR",0x00000001,3f,69,00,00,00,64,01,00,00,00,80,90,00
HKLM, %SmartCardName%,"ATRMask",0x00000001,ff,ff,ff,ff,ff,ff,ff,00,00,00,f0,ff,ff
HKLM, %SmartCardName%,"Crypto Provider",0x00000000,"Microsoft Base Smart Card Crypto Provider"
HKLM, %SmartCardName%,"Smart Card Key Storage Provider",0x00000000,"Microsoft Smart Card Key Storage Provider"
HKLM, %SmartCardName%,"80000001",0x00000000,%SmartCardCardModule%

[DestinationDirs]
amd64_CopyFiles=10,system32
x86_CopyFiles=10,system32
wow64_CopyFiles=10,syswow64

; =================== Generic ==================================

[Strings]
ProviderName ="OpenSC"
MediaDescription="OpenSC Smart Card Minidriver Installation Disk"
CardDeviceName="OpenSC Minidriver"
SmartCardName="SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos"
SmartCardNameWOW64="SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\Cev Westcos"
SmartCardCardModule="opensc-minidriver.dll"

Reg file conent [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\Cryptostick] "80000001"="opensc-minidriver.dll" "Crypto Provider"="Microsoft Base Smart Card Crypto Provider" "ATR"=hex:3b,da,18,ff,81,b1,fe,75,1f,03,00,31,c5,73,c0,01,40,00,90,00,0c "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff

Mac OS X (10.8) not supported

Cannot build opensc on 10.8 as it is not yet supported.

freezing after 2x call to C_Initialize(NULL) with OpenVPN->pkcs11-helper->OpenSC.C_Initialize

Using a smartcard to authenticate with OpenVPN freezes completely after entering the pin. The connection is authenticated and is getting setup but during the unwind of the card auth it freezes completly. It looks like a second time a call is made to the __pkcs11h_forkFixup breaks it down. This call is called inside the pkcs11-helper lib.
I traced down the death-trail as follow when the C_Initiliaze is called for a second time.

__pkcs11h_forkFixup(...)
-calling: current->f->C_Initialize (NULL);
-calling: C_Finalize(NULL_PTR);
-card_removed(sc_ctx_get_reader(context, i));
-sc_disconnect_card(card->card);
-card->reader->ops->disconnect(card->reader); // <- Sigfaults! freezes up all

Enviroment

OsX 10.8.3
pkcs11-helper-1.10
libusb 1.0.9
CCID 1.4.10
OpenVPN 2.3.1
Hardware Token: ePass2003 and SRC301
OpenSC 0.13.0

Steps to reproduce

Compile the components with the default settings.
Compile OpenVPN with:
./configure --enable-pkcs11

OpenVPN client.config

-- start openvpn.conf --

remote foo.bar 1194 udp
tls-client
tls-auth ta.key 1
pull
pkcs11-providers /Library/OpenSC/lib/opensc-pkcs11.so
pkcs11-id
dev tun
persist-tun
persist-key
comp-lzo adaptive
nobind
ca ca.crt
verb 900

---- end ---

openvpn --config client.config

Starting the openvpn client results in:
Wed May 15 17:55:01 2013 us=954513 TUN/TAP device /dev/tun0 opened
Wed May 15 17:55:01 2013 us=954530 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed May 15 17:55:01 2013 us=954560 /sbin/ifconfig tun0 delete
Wed May 15 17:55:01 2013 us=955103 PKCS#11: __pkcs11h_forkFixup entry pid=26671, activate_slotevent=1
Wed May 15 17:55:02 2013 us=927488 PKCS#11: __pkcs11h_forkFixup return
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
Wed May 15 17:55:02 2013 us=929588 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Wed May 15 17:55:02 2013 us=929670 /sbin/ifconfig tun0 10.10.0.6 10.10.0.5 mtu 1500 netmask 255.255.255.255 up
Wed May 15 17:55:02 2013 us=930107 PKCS#11: __pkcs11h_forkFixup entry pid=26673, activate_slotevent=1
Frozen

==== Dirty Fixes that Worked, but are probably not the solution ===
Dirty Fix (to dirty dont use):
Commenting out the line:
/pkcs11-helper-1.10//lib/pkcs11h-core.c:__pkcs11h_forkFixup line: 1309 calls the current->f->C_Initialize (NULL); Just removing it makes OpenVPN work properly and use smartcards for authentication.

Other Dirty Fix: (might be more viable but hopefully some one has the best solution)
In the function C_Finalize file:./src/pkcs11/pkcs11-global.c
there is a loop in the function C_Finalize:
for (i=0; i < (int)sc_ctx_get_reader_count(context); i++)
card_removed(sc_ctx_get_reader(context, i));
Just make a check before this and change it into:

if (!sc_pkcs11_conf.plug_and_play) {
for (i=0; i < (int)sc_ctx_get_reader_count(context); i++)
card_removed(sc_ctx_get_reader(context, i));
}
This solves the sigfault but I am lacking the knowledge if this is the best solution for this bug. The initialize reader was protected the same, so perhaps this is a solution.

Hope my ticket will help someone to improve it to a proper solution. and make software like OpenVPN work again.

Many thanks! Wessel

Bug: Not issue enough GET_RESPONSE

Hello,

I'm reading long data from a card which only support short APDU (Gnuk card).
To read this, we need multiple GET_RESPONSE command but OpenSC only issued 1 then stop.
Here is the debug log: http://hastebin.com/pametuleki.md
At line 7, card returned 61 00.
At line 10, OpenSC checked SW and flags. They were all OK and GET_RESPONSE was issued.
The problem then came: The iso7816_get_response() function changed the flag: line 12 & 13.
As a result, at line 46, the check was not OK and OpenSC did not issue GET_RESPONSE any more. We could not get enough data (line 53).

Memory Leak in pkcs11h_openssl_getX509

certificate_blob is allocated but never freed.

Adding
_pkcs11h_mem_free((void *)&certificate_blob);
to the cleanup label fixed that.

Problems with OpenPGP CryptoStick smartcard and OpenSC PKCS#11 module

Hello. I have several problems under Windows 7 x64 using GPF CryptoStick v1.2 smart-card and OpenCS 0.13.0 (and below) opensc-pkcs11.dll module:

TRUECRYPT 7.1a

have a keyfile stored into CryptoStick DO3 by TrueCrypt itself via a proprietary pkcs11 module recommended by the manufacturer
http://imageshost.ru/photo/177858/id2747477.html
setting up TrueCrypt to use OpenSC PKCS#11 module
http://imageshost.ru/photo/177965/id2747476.html
when trying to mount a TrueCrypt volume with a keyfile I get a User PIN request twice it a row:
FIRST - http://imageshost.ru/photo/50551/id2747470.html
SECOND - http://imageshost.ru/photo/50539/id2747471.html
after entering User PIN twice I get either 'Security Token Error''
http://imageshost.ru/photo/41896/id2747473.html
or 'Keyfile not found' error
http://imageshost.ru/photo/50329/id2747472.html
Available keyfiles list is empty, TrueCrypt volume obviously is not mounted
http://imageshost.ru/photo/178020/id2747469.html

FIREFOX (and any app utilizing X.509 certificate stored into CryptoStick)

load OpenSC PKCS#11 module
http://imageshost.ru/photo/322098/id2747480.html
the same behavior of asking for a User PIN twice in a row:
http://imageshost.ru/photo/66486/id2747479.html
AND
http://imageshost.ru/photo/70470/id2747478.html)
certificate SUCCESSFULLY retrieved from a smart-card

Though, there is no any problems with using proprietary DLL mentioned above
http://smartcard-auth.de/download-en.html

PS. There is "pkcs11-tool --list-slots --module opensc-pkcs11.dll" execution result if needed:

Available slots:
Slot 0 (0xffffffff): Virtual hotplug slot
  (empty)
Slot 1 (0x1): German Privacy Foundation Crypto Stick v1.2 0
  token label        : OpenPGP card (User PIN (sig))
  token manufacturer : ZeitControl
  token model        : PKCS#15 emulated
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 000500001469
Slot 2 (0x2): German Privacy Foundation Crypto Stick v1.2 0
  token label        : OpenPGP card (User PIN)
  token manufacturer : ZeitControl
  token model        : PKCS#15 emulated
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 000500001469

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.