Portaal Portaal Pingviini veeb foorumi pealeht
  Viki  |  IRC  |  Otsing  |  Küsimused ja vastused  |  Profiil  |  Privaatsõnumite vaatamiseks logi sisse  | Logi sisse või Registreeru
<empty>
Vaata järgmist teemat
Vaata eelmist teemat

Postita uus teemaVasta teemale
Autor Sõnum
juhan_k
Pingviini aktivist
Pingviini aktivist



Liitunud: 29.03.2010
Postitused: 127

Distributsioon: Kubuntu 12.10
estonia.gif
postituspostitatud: 31.03.2011, 22:57  postituse pealkiri:  Omnikey 1021 id kaardi lugejat ei tunne opensc-tool ära  

Mure on selline, et OmnyKey 1021 lugejat ei tunne opensc-tool ära. Masinasse on installitud ja konfitud opensc, pcsc teenus töötab kasutades openSuse 11.3le mõeldud pakke, opensc pakk on võetud openesteid repost.




Viimati muutis juhan_k 09.04.2011, 22:39; muudetud 1 kord
akbgf
Vana Pingviin
Vana Pingviin



Liitunud: 07.10.2009
Postitused: 763
Asukoht: Tõravere
Distributsioon: OpenSUSE, Ubuntu
estonia.gif
postituspostitatud: 01.04.2011, 08:18  postituse pealkiri:  Re: Omnykey 1021 id kaardi lugejat ei tunne opensc-tool ära  

juhan_k kirjutas:
Mure on selline, et OmnyKey 1021 lugejat ei tunne opensc-tool ära. Masinasse on installitud ja konfitud opensc, pcsc teenus töötab kasutades openSuse 11.3le mõeldud pakke, opensc pakk on võetud openesteid repost.

Kas opensc.conf-is on vajalikud read olemas?

reader_drivers = pcsc;
try_emulation_first = yes;
lock_login = false;

opensc.conf on kas /etc/-s või /etc/opensc/-s.

Mõnikord ei tunne kaardilugejat, kui 'reader_drivers' muutujas on teisi draivereid ka kirjas, kuigi õige on olemas.


juhan_k
Pingviini aktivist
Pingviini aktivist



Liitunud: 29.03.2010
Postitused: 127

Distributsioon: Kubuntu 12.10
estonia.gif
postituspostitatud: 01.04.2011, 17:39  postituse pealkiri:  (teema puudub)  

Mul on see /etc/opensc.conf'is. Vastavad read on omaarust olemas, ent igaks juhuks panen siia oma konfifaili sisu.


Kood:
# Configuration file for OpenSC
# Example configuration file

# NOTE: All key-value pairs must be terminated by a semicolon.

# Default values for any application
# These can be overridden by an application
# specific configuration block.
reader_drivers=pcsc;
app default {
   # Amount of debug info to print
   #
   # A greater value means more debug info.
   # Default: 0
   #
   debug = 0;

   # The file to which debug output will be written
   #
   # Special values 'stdout' and 'stderr' are recognized.
   # Default: stderr
   #
   # debug_file = /tmp/opensc-debug.log;
   # debug_file = "C:\Documents and Settings\All Users\Documents\opensc-debug.log";

   # PKCS#15 initialization / personalization
   # profiles directory for pkcs15-init.
   # Default: /usr/share/opensc
   #
   # profile_dir = /usr/share/opensc;

   # CT-API module configuration.
   reader_driver ctapi {
      # module /usr/local/towitoko/lib/libtowitoko.so {
         # CT-API ports:
         # 0..3      COM1..4
         # 4      Printer
         # 5      Modem
         # 6..7      LPT1..2
         # ports = 0;
      # }
   }

   # The following section shows definitions for PC/SC readers.
   reader_driver pcsc {
      # This sets the maximum send and receive sizes.
      # Some reader drivers have limitations, so you need
      # to set these values. For usb devices check the
      # properties with lsusb -vv for dwMaxIFSD
      #
      # These values will be used for APDU communication
      # and are used for maximum Lc/Le calculation
      # (will not include CLA, INS, P1, P2 or SW1, SW2).
      #
      # Default: send: 255, recv: 256
      # max_send_size = 255;
      # max_recv_size = 256;
      
      # Connect to reader in exclusive mode.
      # Default: false
      # connect_exclusive = true;
      #
      # Reset the card after disconnect.
      # Default: true
      # connect_reset = false;
      #
      # Reset the card after each transaction.
      # Default: false
      # transaction_reset = true;
      #
      # Enable pinpad if detected (PC/SC v2.0.2 Part 10)
      # Default: true
      # enable_pinpad = false;
      #
      # Use specific pcsc provider.
      # Default: libpcsclite.so.1
      # provider_library = libpcsclite.so.1
   }

   # Options for OpenCT support
   reader_driver openct {
      # Virtual readers to allocate.
      # Default: 2
      # readers = 5;

      # This sets the maximum send and receive sizes.
      # Some reader drivers have limitations, so you need
      # to set these values. For usb devices check the
      # properties with lsusb -vv for dwMaxIFSD
      #
      # max_send_size = 255;
      # max_recv_size = 256;
   };

   # What card drivers to load at start-up
   #
   # A special value of 'internal' will load all
   # statically linked drivers. If an unknown (ie. not
   # internal) driver is supplied, a separate configuration
   # configuration block has to be written for the driver.
   # Default: internal
   # NOTE: When "internal" keyword is used, must be last entry
   #
   # card_drivers = customcos, internal;

   # Card driver configuration blocks.

   # For card drivers loaded from an external shared library/DLL,
   # you need to specify the path name of the module
   #
   # card_driver customcos {
      # The location of the driver library
      # module = /usr/lib/opensc/drivers/card_customcos.so;
   # }

   # Force using specific card driver
   #
   # If this option is present, OpenSC will use the supplied
   # driver with all inserted cards.
   #
   # Default: autodetect
   #
   # force_card_driver = customcos;

   # In addition to the built-in list of known cards in the
   # card driver, you can configure a new card for the driver
   # using the card_atr block. The goal is to centralize
   # everything related to a certain card to card_atr.
   #
   # The supported internal card driver names can be retrieved
   # from the output of:
   # $ opensc-tool --list-drivers

   # Generic format: card_atr <hex encoded ATR (case-sensitive!)>

   # New card entry for the flex card driver
   # card_atr 3b:f0:0d:ca:fe {
      # All parameters for the context are
      # optional unless specified otherwise.

      # Context: global, card driver
      #
      # ATR mask value
      #
      # The mask is logically AND'd with an
      # card ATR prior to comparison with the
      # ATR reference value above. Using mask
      # allows identifying and configuring
      # multiple ATRs as the same card model.
      # atrmask = "ff:ff:ff:ff:ff";

      # Context: card driver
      #
      # Specify used card driver (REQUIRED).
      #
      # When enabled, overrides all possible
      # settings from the card drivers built-in
      # card configuration list.
      # driver = "flex";

      # Set card name for card drivers that allows it.
      # name = "My CryptoFlex card";

      # Card type as an integer value.
      #
      # Depending on card driver, this allows
      # tuning the behaviour of the card driver
      # for your card.
      # type = "2002";

      # Card flags as an hex value.
      # Multiple values are OR'd together.
      #
      # Depending on card driver, this allows
      # fine-tuning the capabilities in
      # the card driver for your card.
      #
      # Optionally, some known parameters
      # can be specified as strings:
      #
      # keygen - On-board key generation capability
      # rng - On-board random number source
      #
      # flags = "keygen", "rng", "0x80000000";

      #
      # Context: PKCS#15 emulation layer
      #
      # When using PKCS#15 emulation, force
      # the emulation driver for specific cards.
      #
      # Required for external drivers, but can
      # be used with built-in drivers, too.
      # pkcs15emu = "custom";

      #
      # Context: reader driver
      #
      # Force protocol selection for specific cards.
      # Known parameters: t0, t1, raw
      # force_protocol = "t0";
   # }

   # PIV cards need an entry similar to this one:
   # card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
      # name = "PIV-II";
       # driver = "piv";
   # }

   # Estonian ID card and Micardo driver currently play together with T=0
   # only. In theory only the 'cold' ATR should be specified, as T=0 will
   # be the preferred protocol once you boot it up with T=0, but be
   # paranoid.
   card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
      force_protocol = t0;
   }
   card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
      force_protocol = t0;
   }

   # D-Trust cards are also based on micardo and need T=0 for some reason
   card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
      force_protocol = t0;
   }
   card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
      force_protocol = t0;
   }

   # Below are the framework specific configuration blocks.

   # PKCS #15
   framework pkcs15 {
      # Whether to use the cache files in the user's
      # home directory.
      #
      # At the moment you have to 'teach' the card
      # to the system by running command: pkcs15-tool -L
      #
      # WARNING: Caching shouldn't be used in setuid root
      # applications.
      # Default: false
      # use_file_caching = true;
      #
      # Use PIN caching?
      # Default: true
      # use_pin_caching = false;
      #
      # How many times to use a PIN from cache before re-authenticating it?
      # Default: 10
      # pin_cache_counter = 3;
      #
      # Enable pkcs15 emulation.
      # Default: yes
      # enable_pkcs15_emulation = no;
      #
      # Prefer pkcs15 emulation code before
      # the normal pkcs15 processing.
      # Some cards (like esteid and pteid) work in emu-only mode,
      # and do not depend on this option.
      #
      # Default: no
       try_emulation_first = yes;
      
      # Enable builtin emulators.
      # Default: yes
      # enable_builtin_emulation = no;
      #
      # List of the builtin pkcs15 emulators to test
      # Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
      # builtin_emulators = openpgp;

      # additional settings per driver
      #
      # For pkcs15 emulators loaded from an external shared
      # library/DLL, you need to specify the path name of the module
      # and customize the card_atr example above correctly.
      #
      # emulate custom {
         # The location of the driver library
         # module = /usr/lib/opensc/drivers/p15emu_custom.so;
      # }
      
      # workaround: fix keyReference and pinReference values
      # OpenSC 0.11.4 and older have a bug: integers were not
      # properly encoded in asn.1 structures. So far only
      # starcos cards were found to have a problem with this,
      # and only these two values were found to be filled with
      # the wrong value.
            #
      # Fortunatly those values (if present) need to be positive.
      # Thus we can check if these are available and negative,
      # and if so fix them by adding 256 to get the correct value.
      #
      # To be on the safe side, this workaround/fix can be turned
      # off.
      #
      # Default: yes
      # enable_fix_asn1_integers = no;
   }
}

# Parameters for the OpenSC PKCS11 module
app opensc-pkcs11 {
   pkcs11 {
      # Should the module support hotplug of readers as per PKCS#11 v2.20?
      # This affects slot changes and PC/SC PnP, as v2.11 applications
      # are not allowed to change the length of the slot list.
      # Default: true
      # plug_and_play = false;

      # Maximum Number of virtual slots.
      # If there are more slots than defined here,
      # the remaining slots will be hidden from PKCS#11.
      # Default: 16
      # max_virtual_slots = 32;

      # Maximum number of slots per smart card.
      # If the card has fewer keys than defined here,
      # the remaining number of slots will be empty.
      # Default: 4
      # slots_per_card = 2;

      # (max_virtual_slots/slots_per_card) limits the number of readers
      # that can be used on the system. Default is then 16/4=4 readers.

      # Normally, the pkcs11 module will create
      # the full number of slots defined above by
      # num_slots. If there are fewer pins/keys on
      # the card, the remaining keys will be empty
      # (and you will be able to create new objects
      # within them).
      # Default: true
      # hide_empty_tokens = false;

       # By default, the OpenSC PKCS#11 module will not lock your card
      # once you authenticate to the card via C_Login.
      #
       # Thus the other users or other applications is not prevented
       # from connecting to the card and perform crypto operations
       # (which may be possible because you have already authenticated
       # with the card). This setting is not very secure.
      #
      # Also, if your card is not locked, you can enconter problems
      # due to limitation of the OpenSC framework, that still is not
      # thoroughly tested in the multi threads environment.
       #
      # Your settings will be more secure if you choose to lock your
      # card. Nevertheless this behavior is a known violation of PKCS#11
      # specification. Now once one application has started using your
      # card with C_Login, no other application can use it, until
      # the first is done and calls C_Logout or C_Finalize. In the case
      # of many PKCS#11 application this does not happen until you exit
      # the application. 
       # Thus it is impossible to use several smart card aware applications
      # at the same time, e.g. you cannot run both Firefox and Thunderbird at
      # the same time, if both are configured to use your smart card.
       #
      # Default: false
       lock_login = false;

      # User PIN unblock style
      #    none:  PIN unblock is not possible with PKCS#11 API;
      #    set_pin_in_unlogged_session:  C_SetPIN() in unlogged session:
      #       PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
      #    set_pin_in_specific_context:  C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session:
      #       PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
      #    init_pin_in_so_session:  C_InitPIN() in CKU_SO logged session:
      #       User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
      #       # Actually this style works only for the PKCS15 contents without SOPIN.
      #       # For those with SOPIN, this mode will be usefull for the cards without
      #       #   modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
      #
      # Default: none
      # user_pin_unblock_style = set_pin_in_unlogged_session;

      # Create slot for unblocking PIN with PUK
      # This way PKCS#11 API can be used to login with PUK and
      # change a PIN.
      # Warning: causes problems with some applications like
      # firefox and thunderbird. Thus turned off by default
      #
      # Default: false
      # create_puk_slot = true;

      # Report as 'zero' the CKA_ID attribute of CA certificate
      # For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
      # card reports as '0' the CKA_ID of CA cartificates.
      # Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
      #
      # Default: false
      # zero_ckaid_for_ca_certs = true;

      # List of readers to ignore
      # If any of the strings listed below is matched (case sensitive) in a reader name,
      # the reader is ignored by the PKCS#11 module.
      #
      # Default: empty
      # ignored_readers = "CardMan 1021", "SPR 532";
   }
}

# Used by OpenSC.tokend on Mac OS X only.
app tokend {
   # The file to which debug log will be written
   # Default: /tmp/opensc-tokend.log
   #
   # debug_file = /Library/Logs/OpenSC.tokend.log

   framework tokend {
      # Score for OpenSC.tokend
      # The tokend with the lowest score shall be used
      # Default: 50
      #
      # score = 10;
   }
}

app cardmod {
   #allow only cardmodule pcsc reader for minidriver (mandatory)
   # FIXME cardmod pcsc hack is now broken.

   reader_driver cardmod {
      # Enable pinpad if detected (PC/SC v2.0.2 Part 10)
      # Default: true
      # enable_pinpad = false;
   }
}


akbgf
Vana Pingviin
Vana Pingviin



Liitunud: 07.10.2009
Postitused: 763
Asukoht: Tõravere
Distributsioon: OpenSUSE, Ubuntu
estonia.gif
postituspostitatud: 02.04.2011, 15:24  postituse pealkiri:  (teema puudub)  

juhan_k kirjutas:
Mul on see /etc/opensc.conf'is. Vastavad read on omaarust olemas,

Olen praegu openSUSE-11.2-s, kaardilugaja Omnikey-1021.
Külgeühendamisel tekivad /var/log/messages lõppu read

usb 6-1: new full speed USB device using uhci_hcd and address 3
usb 6-1: New USB device found, idVendor=076b, idProduct=1021
usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 6-1: Product: Smart Card Reader USB
usb 6-1: Manufacturer: OMNIKEY
usb 6-1: configuration #1 chosen from 1 choice

opensc.conf-i väljakommenteerimata read on
Kood:

app default {
        debug = 0;
        reader_drivers = pcsc;
        reader_driver ctapi {
        }
        reader_driver pcsc {
        }
        reader_driver openct {
        };
        card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
                force_protocol = t0;
        }
        card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
                force_protocol = t0;
        }
        card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
                force_protocol = t0;
        }
        card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
                force_protocol = t0;
        }
        framework pkcs15 {
                try_emulation_first = yes;
        }
}
app opensc-pkcs11 {
        pkcs11 {
                lock_login = false;
        }
}
app tokend {
        framework tokend {
                score = 10;
        }
}

Missugune tuuma moodul kaardiga toimetab, ei oska arvata. Vast miski pcsc-ccid komplektist. Otsisõnaga 'card' välja tulev installeeritud pakkide loetelu on üsna lühike:
libopenct1, libopensc2, libpcsclite1, pcsc-ccid, pcsc-lite,
lisaks Google.com-i ID-kaardi komplekt.


juhan_k
Pingviini aktivist
Pingviini aktivist



Liitunud: 29.03.2010
Postitused: 127

Distributsioon: Kubuntu 12.10
estonia.gif
postituspostitatud: 02.04.2011, 20:50  postituse pealkiri:  (teema puudub)  

Veider, sama konfi peale lastes ütleb opensc-tool -l endiselt "No smart card readers found". PCSC teenus töötab, äkki peaks opensc OpenSuse 11.3 repodest peale laskma.

Täiendatud:

vahepeal läks mul süsteem hooletusest katki, ent uuesti installides sobisid openSuse 11.4 enda repo omad küll, ilmselt uuendustega on vastavad pakid korras. Probleem lahenes sellega, kui tõsta opensc.conf fail kataloogi /etc/opensc/opensc.conf. Pärast seda tunneb opensc kaardilugeja ära.

Veel täiendatud:

Paistab, et ATI omanduslik driver tekitab siiski probleeme..avatud lähtkoodiga draiveriga on OK.


Näita (aja järgi):      
Postita uus teemaVasta teemale


Vaata järgmist teemat
Vaata eelmist teemat
Powered by phpBB2 Plus based on phpBB © 2001/7 phpBB Group