Comments (13)
Jakuje
commented on July 18, 2024
From the source code, the second should be identified as 840, but it looks like the mask overlaps since #2958.
OpenSC/src/libopensc/card-idprime.c
Lines 72 to 75 in 26b9067
Is it correct that it should be 840?
The workaround might be to change the order of the masks.
from opensc.
msetina
commented on July 18, 2024
Yes, one should be 840. The other is OK to be 940. I am not familiar with the masks usage.
from opensc.
msetina
commented on July 18, 2024
If I understand properly the mentioned PR turned off the bits that identify the card. What was the reason @Nihlus ?
from opensc.
Jakuje
commented on July 18, 2024
If I understand properly the mentioned PR turned off the bits that identify the card. What was the reason @Nihlus ?
No, it set the mask to 0x00, which means any bits match there. It looks like something we overlooked and I think just changing order of the entries should solve the issue. But we will need to test it with various cards ...
from opensc.
msetina
commented on July 18, 2024
I have 940 and 840. Will try changing order.
from opensc.
msetina
commented on July 18, 2024
But this also means that 940 and 940C overlap.
from opensc.
msetina
commented on July 18, 2024
Changing order fixes identification, but it uncovered that 840 does not have EC support. Specs say:
Encryption algorithms:
RSA: up to RSA 2048 bits, RSA OAEP & RSA PSS, elliptic curves: P-256, P-384, P-521 bits, ECDSA, ECDH, (RSA & Elliptic) 3DES (ECB, CBC), AES (128, 192, 256 bits),
Hash functions:
Hash: SHA-1, SHA-256, SHA-384, SHA-512
Memory size:
80 kB, up to 15 containers for storage of encryption keys (RSA, elliptic curves)
Data storage in memory:
25+ years
Memory overwriting:
at least 500.000 cycles
Operating conditions:
T=0, T=1, PPS, with baud up to 230 Kbps
from opensc.
msetina
commented on July 18, 2024
This is set just for 930 and 940, but it is also usable for MD 840:
OpenSC/src/libopensc/card-idprime.c
Lines 656 to 665 in 26b9067
from opensc.
msetina
commented on July 18, 2024
I am not sure about the ext_flags.
from opensc.
Nihlus
commented on July 18, 2024
Yeah, I just updated the mask so that the 940 card I had passed (enabling the bits that differed). I don't have any other IDPrime cards to test with, so I went with the naive approach. Changing as previously suggested seems like a fair option.
from opensc.
Jakuje
commented on July 18, 2024
@msetina do you want to submit a PR with your changes getting the 940 card detected correctly?
from opensc.
msetina
commented on July 18, 2024
I was wondering why this card driver does not support key generation.
from opensc.
Jakuje
commented on July 18, 2024
Because nobody implemented it. There is no specification for this applet.
If you would like to capture the APDU trace of official driver while generating keys and implement it into opensc, we would be happy to take your patches. But so far we had quite enough work to get the card detection and readonly operations right (as you can see).
from opensc.
Related Issues (20)
- Avoid non SELECT(AID) commands for probing HOT 28
- Install p11-kit configuration file HOT 1
- JPKI SELECT AID not following ISO standards HOT 1
- OpenSC 0.25.1 dmg not notarized correctly HOT 2
- SmartCard-HSM issue with Windows AD Smart Card Logon & Micrsoft Encrypting File System HOT 4
- SmartCard-HSM issue with Microsoft Word 2019 & Outlook 2019 HOT 2
- Receiving "No slots" output from pkcs11-tool at boot time HOT 4
- Importing encrypted RSA and plain RSA private keys in SmartCard-HSM HOT 6
- SmartCard-HSM Error creating HSM backup smart card HOT 2
- OpenPGP card v3.4 DestroyObject returns as ok, but does nothing HOT 1
- pkcs11-tool should provide an option to get slot information as pkcs11-uri HOT 1
- pkcs11-tool: extend for printing the PKCS#11 URI for the objects
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
- Compilation error HOT 3
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.