Re: Coolkey applet into Gemalto TOP IM FIPS CY2 Codeshield

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Toomas Nurmoja wrote: 
On Friday 04 September 2009 17:04:41 you wrote:
  
On 09/04/2009 02:33 AM, Toomas Nurmoja wrote:
    
Hello,

we decided in our company to implement PKI. The Dogtag project with
Fedora 10 was the choise.  A part of this PKI implementation is to use
smart card as a repository for digital signing key. The Redhat
certificate system documentation
(http://www.redhat.com/docs/manuals/cert-system/8.0/install/html/BeforeIn
stalling.html#supported-smart-cards) states that supported is "Gemalto TOP
IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor
key" and "The only card
manager applet supported with Certificate System is the CoolKey applet
which ships with Red Hat Enterprise Linux 5.3."

So now I have at my desk some cards named "TOP IM FIPS CY2 Codeshield
(Old name = Cyberflex 64K v2)". It follows the  JC2.1 / GP2.0.1
standards (http://www.gemalto.com/products/top_javacard/).

I downloaded the  coolkey applet (CardEdge.1.3.473df442.ijc) from the
page http://directory.fedoraproject.org/wiki/AppletInformation. And
gpshell toolkit (ver 1.4.2 for WindowsXP) from
http://sourceforge.net/projects/globalplatform/.
      
Not sure about gpshell. Have never played with it.
But have you tried with our esc client and pki-tps server
to perform like a "format" operation of the token ?
    

Yes I have tried. Without proper applet (coolkey) inside the smartcard the esc 
and pki-tps will not recognize the card. My problem is that I am not able to 
load this applet into the card. 

 I have tried esc only with Fedora 10 system. My next step is to try RHEL5 
with RedHat Certificate System 8.0. May-be in RHEL5 has different coolkey 
applet...
The probable reason for not being able to load an applet is TPS doesn't know the key set for the card. When installed by default, TPS (the part of RHCS that knows about card) has the developer key set for the old GemAlto egate tokens, so loading should work with developer cards. Otherwise you will need the key sets for the tokens loaded into TPS (usually there is a master key that the key sets are derived from and TPS is given that master key).

bob

(NOTE: if you try to load an applet too many times with the wrong key set, you may lock the keyset in the card with no way to recover;().

bob
Toomas

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
  

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux