ACOS5 PKI Smart Cards with OpenSC

Dear All,

I need help, I have ACOS5 PKI Smart Cards and want to initialize it using OpenSC but when I do so it says ACOS not supported. Please help me how can I use these cards with OpenSC as I can't buy the ACOS SDK.  Or is there any other option to play around these cards.


Thanks in advance.

---

New Windows 7: Find the right PC for you. Learn more.
_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

Am Dienstag 27 Oktober 2009 10:48:35 schrieb sohail khan:
> how can I use these cards with OpenSC

write a driver for acos5. until someone does, the
card is not useable with opensc.

Regards, Andreas
_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

Hi,
I need a bit help to understand the correct usage of the command for storing
private data objects.

My expected result would be this:

C:\Program Files\Smart card bundle>pkcs15-tool.exe -C
Using reader with a card: OMNIKEY CardMan 3x21 0
Reading data object <0>
applicationName:
Label:           keyfile
applicationOID:  NONE
Path:            3f00501596a1
Auth ID:         02


I tried pkcs11-tool and pkcs15-tool with a number of switches but the
applicationOID will be empty and i am not able to store the object under the
correct PIN.

Can you help me, what command should i issue exactly to get the expected
result?

Thanks in advance!
Marc

_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

> write a driver for acos5. until someone does, the
> card is not useable with opensc.

I wish I could :)

---

New Windows 7: Find the right PC for you. Learn more.
_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

Earlier opensc releases had a security issue with that.
so the best document is the security advisory on that issue,
as it shows step by step how to do that (and how to see that
your card is secure now).

http://www.opensc-project.org/pipermail/opensc-announce/2009-
February/000023.html

--cut--
WARNING! Only follow this procedure if you know what you are doing.
This could damage your card or erase all data on it! No warranty of any kind,
you are on your own! WARNING!

Testing your card:
  To create a file with a secret:
    echo "This is my secret data" > secret-file
   
  To initialise a blank card:
    pkcs15-init  --create-pkcs15  --use-default-transport-keys \
        --profile pkcs15+onepin --pin 123456 --puk 78907890

  To write a private data object to the card:
    pkcs11-tool --label "my secret"  --type data --write-object secret-file \
         --private --login --pin 123456
         
  To see all objects on the card:
     pkcs15-tool --dump
     
     This will list the data object, including the path it is stored, e.g.:
     "Path:            3f0050154701"

  To access such an object with low level tools:
    opensc-explorer
    cd 5015
    get 4701
--cut--

the problem with pkcs11-tool is you can't specify which pin you mean.
I think the pkcs#11 api has no option for that (or I simply don't know
how to do that).

pkcs15-init has similar options to store a private data object,
and you can specify "-a" with that.

I have no clue about applicationOID, but if you show us what you want
to do, and how the result should look like, very likely we can find
a way to implement that.

Regards, Andreas
_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

sohail khan kirjoitti:
> > write a driver for acos5. until someone does, the
> > card is not useable with opensc.
>
> I wish I could :)

Actually, I'm considering to start working on acos5, but my intention is
to get some working card.. and currently I got some samples of aventra
myeid card. There seems to be not too much decent cards easily
accessable. These 2 seems to be most promising.

Hannu

_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

Am Mittwoch 28 Oktober 2009 21:53:47 schrieb Hannu Kotipalo:
hmm. acos5 is nice and cheap. but aventra? any idea how much they
will charge for cards? or will they sell cards only fully initialized?
last time I looked the web page shop didn't sell cards.

a third option would be working on javacards. ok, there is the muscle
applet, but like gemalto and aventra are showing, it is possible to
implement much more functionality in such an applet, maybe cover
the whole functionality of normal filesystem cards.

IIRC muscle applet and the muscle card driver have some restrictions,
thus the situation could be improved. also I'm not so sure what
is needed, maybe the steps currently done with gpshell can be
integrated into opensc, so there is one tool for the whole init
process.

Regards, Andreas
_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user

Hi,
I am testing some Feitian pki cards, for the moment they work fine with the
onepin profile.
The question is, is the normal profile also supported, or only the onepin
profile?
Thanks & regards
Marc


_______________________________________________
opensc-user mailing list
opensc-user@...
http://www.opensc-project.org/mailman/listinfo/opensc-user