On 09/04/2009 02:33 AM, Toomas Nurmoja wrote:
Hello,
we decided in our company to implement PKI. The Dogtag project with
Fedora 10 was the choise. A part of this PKI implementation is to use
smart card as a repository for digital signing key. The Redhat
certificate system documentation
(http://www.redhat.com/docs/manuals/cert-system/8.0/install/html/BeforeInstalling.html#supported-smart-cards)
states that supported is "Gemalto TOP IM FIPS CY2 64K token, both as a
smart card and GemPCKey USB form factor key" and "The only card
manager applet supported with Certificate System is the CoolKey applet
which ships with Red Hat Enterprise Linux 5.3."
So now I have at my desk some cards named "TOP IM FIPS CY2 Codeshield
(Old name = Cyberflex 64K v2)". It follows the JC2.1 / GP2.0.1
standards (http://www.gemalto.com/products/top_javacard/).
I downloaded the coolkey applet (CardEdge.1.3.473df442.ijc) from the
page http://directory.fedoraproject.org/wiki/AppletInformation. And
gpshell toolkit (ver 1.4.2 for WindowsXP) from
http://sourceforge.net/projects/globalplatform/.
Not sure about gpshell. Have never played with it.
But have you tried with our esc client and pki-tps server
to perform like a "format" operation of the token ?
I get access to card and I am able to load the applet, but then
something failed.
Here is the GPSHELL script:
----
mode_201
enable_trace
establish_context
card_connect
select -AID a000000003000000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key
404142434445464748494a4b4c4d4e4f -enc_key
404142434445464748494a4b4c4d4e4f
delete -AID a627601FF000000
delete -AID a627601FF0000
install_for_load -pkgAID a627601FF0000 -nvCodeLimit 18000 -sdAID
A000000003000000
load -file CardEdge.1.3.473df442.ijc
install_for_install -instParam 00 -priv 02 -AID a627601FF000000
-pkgAID a627601FF0000 -instAID a627601FF000000 -nvDataLimit 18000
card_disconnect
release_context
----
and here is the debug:
----
mode_201
establish_context
card_connect
* reader name OMNIKEY AG Smart Card Reader USB 0
select -AID a000000003000000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key
404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f
delete -AID a627601FF000000
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID a627601FF0000
install_for_load -pkgAID a627601FF0000 -nvCodeLimit 18000 -sdAID
A0000000030000
00
load -file CardEdge.1.3.473df442.ijc
file name CardEdge.1.3.473df442.ijc
install_for_install -instParam 00 -priv 02 -AID a627601FF000000
-pkgAID a627601F
F0000 -instAID a627601FF000000 -nvDataLimit 18000
......
<lot of Command and response data deleted>
......
Command -->
80E8803E5FB4400B6820368202100568203005682020083426820007326830100660
0261023307326820F00343B00343A00333400444420444410644B44104B44307336820F0066810A1
024303443006B44441034310044431034B200544B4400544B41000
Wrapped command -->
84E8803E67B4400B68203682021005682030056820200834268200073268
301006600261023307326820F00343B00343A00333400444420444410644B44104B44307336820F0
066810A1024303443006B44441034310044431034B200544B4400544B4102D1CA1E68416F37B00
Response <-- 009000
install_for_install -instParam 00 -priv 02 -AID a627601FF000000
-pkgAID a627601F
F0000 -instAID a627601FF000000 -nvDataLimit 18000
Command -->
80E60C002707A627601FF0000008A627601FF000000008A627601FF0000000010209
C90100EF04C80246500000
Wrapped command -->
84E60C002F07A627601FF0000008A627601FF000000008A627601FF00000
00010209C90100EF04C80246500065D701A84786043800
Response <-- 6A80
install_for_install_and_make_selectable() returns 0x80206A80 (6A80:
Wrong data /
Incorrect values in command data.)
----
Can anyone suggest what to try next ?
Or what is wrong here ? Any ideas ?
To compile coolkey applet form source ? I do not have gemalto SKD, and
the first look at the source tells me that I need that SDK, or at
least some files from there.
regards
Toomas Nurmoja
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel