Comments (8)
I think we can add this ATR to customactions.cpp and card-jpki.c
@hamano ?
from opensc.
If you want to try it with minidriver:
- Run regedit - Registry Editor
- change to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\JPKI
- export the JPKI to some file.
- edit the file replace ATR and ATRmask so it looks like like the following and save as JPKI-2.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\JPKI-2]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
"80000001"="C:\\Program Files\\OpenSC Project\\OpenSC\\minidriver\\opensc-minidriver.dll"
"ATR"=hex:3b da 13 ff 81 31 fb 46 80 12 39 2f 31 c1 73 c6 01 c0 3b
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"InstalledBy"="OpenSC"
- With regedit, cd to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards
- import the new file
Then for 32 bit with regedit cd to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Calais\SmartCards
and do the same as above.
Note: the 8000001 path has "C:\Program Files (x86)"
from opensc.
@dengert Yeah, I changed to it then works!
C:\Program Files\OpenSC Project\OpenSC\tools>certutil -scinfo
Microsoft 스마트 카드 리소스 관리자가 실행 중입니다.
현재 판독기/카드 상태:
판독기: 1
0: Hewlett Packard MFP Smart Card Reader 0
--- 판독기: Hewlett Packard MFP Smart Card Reader 0
--- 상태: SCARD_STATE_PRESENT | SCARD_STATE_INUSE
--- 상태: 다른 프로세스가 카드를 공유하고 있습니다.
--- 카드: JPKI-2
--- ATR:
3b da 13 ff 81 31 fb 46 80 12 39 2f 31 c1 73 c6 ;....1.F..9/1.s.
01 c0 3b ..;
=======================================================
판독기에서 카드 분석 중: Hewlett Packard MFP Smart Card Reader 0
--------------===========================--------------
================ 인증서 0 ================
--- 판독기: Hewlett Packard MFP Smart Card Reader 0
--- 카드: JPKI-2
Provider = Microsoft Base Smart Card Crypto Provider
키 컨테이너 = (null) [기본 컨테이너]
일련 번호: 0705d990
발급자: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
NotBefore: 2024/01/22 1:37
NotAfter: 2024/12/25 23:59
주체: CN=8439XXXXXXXXXXXXXXXX, C=JP
루트가 아닌 인증서
인증서 해시(sha1): 1cee37bf42c26ba4a9XXXXXXXXXXXXXXXXXXX
AT_SIGNATURE 공개 키 일치 검사를 수행 중...
공개 키 일치 확인 테스트 성공
키 컨테이너 = c5a0a252-9d2dXXXXXXXXXXXXXXXXXXX
Provider = Microsoft Base Smart Card Crypto Provider
ProviderType = 1
Flags = 1
0x1 (1)
KeySpec = 2 -- AT_SIGNATURE
개인 키 확인
인증서 체인 검증 수행 중...
CertGetCertificateChain(dwErrorStatus) = 0x1010040
스마트 카드의 체인이 유효하지 않음
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
CertContext[0][0]: dwInfoStatus=1 dwErrorStatus=1000040
Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
NotBefore: 2024/01/22 1:37
NotAfter: 2024/12/25 23:59
Subject: CN=843944E81LXXXXXXXXXXXXXXXXXXXX, C=JP
Serial: 0705d990
Cert: 1cee37bf42c26ba4XXXXXXXXXXXXXXXXXXXXXXXX
Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
Issuance[0] = 1.2.392.200149.8.5.1.3.30
Application[0] = 1.3.6.1.5.5.7.3.2 클라이언트 인증
Exclude leaf cert:
Chain: da39a3ee5e6b4bXXXXXXXXXXXXXXXXXXX
Full chain:
Chain: 1cee37bf42c26ba4XXXXXXXXXXXXXXXXXXXX
Missing Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
NotBefore: 2024/01/22 1:37
NotAfter: 2024/12/25 23:59
Subject: CN=843944EXXXXXXXXXXXXXXXX, C=JP
Serial: 0705d990
Cert: 1cee37bf42c26ba4a9378feeXXXXXXXXXXXXXXXX
인증서 체인을 신뢰된 최상위 인증 기관에 만들 수 없습니다. 0x800b010a (-2146762486 CERT_E_CHAINING)
완료되지 않은 인증서 체인
인증서를 찾을 수 없습니다.
OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
다음 판독기를 위해 AT_SIGNATURE 인증서를 표시했습니다. Hewlett Packard MFP Smart Card Reader 0
다음 판독기에 AT_KEYEXCHANGE 키가 없습니다. Hewlett Packard MFP Smart Card Reader 0
--------------===========================--------------
================ 인증서 0 ================
--- 판독기: Hewlett Packard MFP Smart Card Reader 0
--- 카드: JPKI-2
Provider = Microsoft Smart Card Key Storage Provider
키 컨테이너 = c5a0a252-9d2d-eb60-fec0-41b4fbd722a2
일련 번호: 0705d990
발급자: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
NotBefore: 2024/01/22 1:37
NotAfter: 2024/12/25 23:59
주체: CN=843944EXXXXXXXXXXXXXA, C=JP
루트가 아닌 인증서
인증서 해시(sha1): 1cee37bf42c26XXXXXXXXXXXXXXXXXXXXXXXXXX
공개 키 일치 검사를 수행 중...
공개 키 일치 확인 테스트 성공
키 컨테이너 = c5a0a252-9d2d-ebXXXXXXXXXXXXXXX
Provider = Microsoft Smart Card Key Storage Provider
ProviderType = 0
Flags = 1
0x1 (1)
KeySpec = 0 -- XCN_AT_NONE
개인 키 확인
Microsoft Smart Card Key Storage Provider: KeySpec=0
AES256+RSAES_OAEP(RSA:CNG) 테스트 건너뜀
인증서 체인 검증 수행 중...
CertGetCertificateChain(dwErrorStatus) = 0x1010040
스마트 카드의 체인이 유효하지 않음
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
CertContext[0][0]: dwInfoStatus=1 dwErrorStatus=1000040
Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
NotBefore: 2024/01/22 1:37
NotAfter: 2024/12/25 23:59
Subject: CN=843944E81XXXXXXXXXXXXXXXXXXX, C=JP
Serial: 0705d990
Cert: 1cee37bf42c26ba4XXXXXXXXXXXXXXXXXXXXXXXX
Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
Issuance[0] = 1.2.392.200149.8.5.1.3.30
Application[0] = 1.3.6.1.5.5.7.3.2 클라이언트 인증
Exclude leaf cert:
Chain: da39a3ee5e6b4b0d32XXXXXXXXXXXXXXXXX
Full chain:
Chain: 1cee37bf42c26ba4a937XXXXXXXXXXXXXXXXX
Missing Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
NotBefore: 2024/01/22 1:37
NotAfter: 2024/12/25 23:59
Subject: CN=843944E8XXXXXXXXXXXXX, C=JP
Serial: 0705d990
Cert: 1cee37bf42c26ba4a937XXXXXXXXXXXXXXXXXX
인증서 체인을 신뢰된 최상위 인증 기관에 만들 수 없습니다. 0x800b010a (-2146762486 CERT_E_CHAINING)
완료되지 않은 인증서 체인
인증서를 찾을 수 없습니다.
OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP
다음 판독기를 위해 인증서를 표시했습니다. Hewlett Packard MFP Smart Card Reader 0
--------------===========================--------------
완료.
CertUtil: -SCInfo 명령이 성공적으로 완료되었습니다.
from opensc.
During driver development, I didn't understand ATR well then, and I still don't understand it well now.
What exactly is ATR? Even with the same card, changing the reader will get in a different ATR prefix.
Therefore, it's not possible to detect card types based on ATR.
In card-jpki.c, we're checking the responce of SELECT FILE, so the code for _sc_match_atr() can be removed.
It might take some time to recall the workings of Windows.
Does the result of opensc-tool -n
respond "jpki"?
from opensc.
The ATR is an old feature to detect the type of a smart card and Windows still uses this as primary method to select the correct smart card driver (hence, the need for modifying the registry). In you driver everything works fine (has fallback to AID selection), but since the ATR seems to be bijective, you may use this as short cut in the match card callback.
from opensc.
Thank you for your explanation.
I had been considering the possibility of using ATR as a shortcut.
I have five JPKI cards and two readers, so I will list them.
Since ATR relies more on the reader than the card, I still don't think it can be utilized for detecting card types.
# card 1 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:0d:1d:23:f3:00:00:05:e0:b3:81:a1:eb
jpki
# card 2 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:44:50:20:8a:00:4b:51:ff:00:81:d1:56
jpki
# card 3 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:01:2e:ac:d3:00:00:41:e0:b3:81:a1:3f
jpki
# card 4 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:00:e2:96:c9:00:00:05:e0:b3:81:a1:96
jpki
# card 5 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:a4:d1:f2:98:00:00:05:e0:b3:81:a1:34
jpki
# card 1 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:05:e0:b3:81:a1:00:7f
jpki
# card 2 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:4b:51:ff:00:81:d1:00:bc
jpki
# card 3 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:41:e0:b3:81:a1:00:3b
jpki
# card 4 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:05:e0:b3:81:a1:00:7f
jpki
# card 5 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:05:e0:b3:81:a1:00:7f
jpki
from opensc.
The first reader is a contact reader and the ATR comes from the card. The second reader is using NFC, and in that protocol the ATR from the card is not available, so software constructs ATR. The first part of ATR has voltage, timing and protocol values which are only used with a contact reader.
The historical bytes are usually the same. in both cases. But it could be the card be different
https://cardwerk.com/smart-card-standard-iso7816-4-section-8-historical-bytes/
"The information carried by the historical bytes may also be found in an ATR file (default EF identifier=’2F01′)."
https://www.acs.com.hk/en/products/403/acr1255u-j1-acs-secure-bluetooth%C2%AE-nfc-reader/
https://smartcard-atr.apdu.fr/ can be used to parse an ATR.
from opensc.
Thank you for providing the reference.
The ACS ACR122 and ACS ACR1255U-J1 are both contact-less readers.
I unearthed an old contact-full reader in the garage and when I read five cards, it responded with two types of ATR:
- 3b:e0:00:ff:81:31:fe:45:14
- 3b:da:13:ff:81:31:fb:46:80:12:39:2f:31:c1:73:c6:01:c0:3b
Nowadays, I believe there are few users of contact-full readers, but since these two are likely jpki card-specific identifiers, I agree to add them.
I tried to select ATR file(2F01) but not found it.
from opensc.
Related Issues (20)
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
- Compilation error HOT 3
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
- RSA padding in release 0.25.1 HOT 3
- French eID - reading HOT 1
- OpenSC Minidriver Does Not Display the Second Key Container of JPKI Card When certutil -scinfo Is Executed HOT 30
- Closing orphaned open sessions HOT 2
- Extend the tests with PivApplet to use piv-tool instead of yubico-piv-tool
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.