Re: Coolkey applet into Gemalto TOP IM FIPS CY2 Codeshield

[Chandrasekar Kannan <ckannan@xxxxxxxxxx>]

On 09/04/2009 02:33 AM, Toomas Nurmoja wrote:
> Hello,
>
> we decided in our company to implement PKI. The Dogtag project with 
> Fedora 10 was the choise.  A part of this PKI implementation is to use 
> smart card as a repository for digital signing key. The Redhat 
> certificate system documentation 
> (http://www.redhat.com/docs/manuals/cert-system/8.0/install/html/BeforeInstalling.html#supported-smart-cards) 
> states that supported is "Gemalto TOP IM FIPS CY2 64K token, both as a 
> smart card and GemPCKey USB form factor key" and "The only card 
> manager applet supported with Certificate System is the CoolKey applet 
> which ships with Red Hat Enterprise Linux 5.3."
>
> So now I have at my desk some cards named "TOP IM FIPS CY2 Codeshield 
> (Old name = Cyberflex 64K v2)". It follows the  JC2.1 / GP2.0.1 
> standards (http://www.gemalto.com/products/top_javacard/).
>
> I downloaded the  coolkey applet (CardEdge.1.3.473df442.ijc) from the 
> page http://directory.fedoraproject.org/wiki/AppletInformation. And 
> gpshell toolkit (ver 1.4.2 for WindowsXP) from 
> http://sourceforge.net/projects/globalplatform/.

Not sure about gpshell. Have never played with it.
But have you tried with our esc client and pki-tps server
to perform like a "format" operation of the token ?


> I get access to card and I am able to load the applet, but then 
> something failed.
>
> Here is the GPSHELL script:
> ----
> mode_201
> enable_trace
> establish_context
> card_connect
> select -AID a000000003000000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
> 404142434445464748494a4b4c4d4e4f -enc_key 
> 404142434445464748494a4b4c4d4e4f
> delete -AID a627601FF000000
> delete -AID a627601FF0000
> install_for_load -pkgAID a627601FF0000  -nvCodeLimit 18000 -sdAID 
> A000000003000000
> load -file CardEdge.1.3.473df442.ijc
> install_for_install -instParam 00 -priv 02 -AID a627601FF000000 
> -pkgAID a627601FF0000 -instAID a627601FF000000 -nvDataLimit 18000
> card_disconnect
> release_context
> ----
> and here is the debug:
> ----
> mode_201
> establish_context
> card_connect
> * reader name OMNIKEY AG Smart Card Reader USB 0
> select -AID a000000003000000
> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
> 404142434445464748494a4b4c4d4e4
> f -enc_key 404142434445464748494a4b4c4d4e4f
> delete -AID a627601FF000000
> delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
> delete -AID a627601FF0000
> install_for_load -pkgAID a627601FF0000  -nvCodeLimit 18000 -sdAID 
> A0000000030000
> 00
> load -file CardEdge.1.3.473df442.ijc
> file name CardEdge.1.3.473df442.ijc
> install_for_install -instParam 00 -priv 02 -AID a627601FF000000 
> -pkgAID a627601F
> F0000 -instAID a627601FF000000 -nvDataLimit 18000
> ......
> <lot of Command and response data deleted>
> ......
> Command --> 
> 80E8803E5FB4400B6820368202100568203005682020083426820007326830100660
> 0261023307326820F00343B00343A00333400444420444410644B44104B44307336820F0066810A1 
>
> 024303443006B44441034310044431034B200544B4400544B41000
> Wrapped command --> 
> 84E8803E67B4400B68203682021005682030056820200834268200073268
> 301006600261023307326820F00343B00343A00333400444420444410644B44104B44307336820F0 
>
> 066810A1024303443006B44441034310044431034B200544B4400544B4102D1CA1E68416F37B00 
>
> Response <-- 009000
> install_for_install -instParam 00 -priv 02 -AID a627601FF000000 
> -pkgAID a627601F
> F0000 -instAID a627601FF000000 -nvDataLimit 18000
> Command --> 
> 80E60C002707A627601FF0000008A627601FF000000008A627601FF0000000010209
> C90100EF04C80246500000
> Wrapped command --> 
> 84E60C002F07A627601FF0000008A627601FF000000008A627601FF00000
> 00010209C90100EF04C80246500065D701A84786043800
> Response <-- 6A80
> install_for_install_and_make_selectable() returns 0x80206A80 (6A80: 
> Wrong data /
> Incorrect values in command data.)
> ----
> Can anyone suggest what to try next ?
>
> Or what is wrong here ? Any ideas ?
>
> To compile coolkey applet form source ? I do not have gemalto SKD, and 
> the first look at the source tells me that I need that SDK, or at 
> least some files from there.
>
> regards
> Toomas Nurmoja
>
> _______________________________________________
> Coolkey-devel mailing list
> Coolkey-devel@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/coolkey-devel

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel