OpenSC icon indicating copy to clipboard operation
OpenSC copied to clipboard

Published 20 hours ago verified publisher icon OpenSC

Help with new Brazilian card

Open fcrespo82 opened this issue 3 years ago • 7 comments

Problem Description

Can't use my new Brazilian card from Imprensa Oficial with opensc

Proposed Resolution

Looking for help to make a PR.

For reference https://smartcard-atr.apdu.fr/parse?ATR=3B7F96000080318065B084413DF612004C829000

Steps to reproduce

% pkcs11-tool --test  

error: PKCS11 function C_GetSlotInfo failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54)
Aborting.

Logs

Log of pkcs15-tool --dump --short -vvv https://gist.github.com/fcrespo82/564b2e9c6c7b891684b1f96234664010

fcrespo82 avatar Mar 07 '21 04:03 fcrespo82

Is this the card or the token?

The logs show OpenSC could not identify the device, and did not show the ATR. to show the ATR please run opensc-tool -c default -a

Then try OPENSC_DRIVER="default" pkcs15-tool --dump --short

https://certificadodigital.imprensaoficial.com.br/certificado-digital/compatibilidade translated to English says: "Type A1 digital certificates, as they are saved in a file, can be used in other operating systems or types of devices, such as tablets or smartphones, however the issuance of certificates must occur in a Microsoft Windows 7, 8 or 10 operating system. For more information on how to use your A1 certificate on your tablet, smartphone or other operating system other than those listed above, consult the technical support of the system or device manufacturer."

So it would be possible to load certificate on some other OS, or on some other card or token supported by OpenSC, but this would fail to work correctly in a bank or store that does not support the non-official card.

The card or token may be more like a credit card. Search for "EMV smartcard". For example: https://pypi.org/project/emv/

dengert avatar Mar 07 '21 12:03 dengert

Sorry about the confusion, its physical format is like a card. But is a A3 token certificate.

Here is the output of the two commands you asked.

$ opensc-tool -c default -a             
Using reader with a card: Gemalto PC Twin Reader
3b:7f:96:00:00:80:31:80:65:b0:84:41:3d:f6:12:00:4c:82:90:00

$ OPENSC_DRIVER="default" pkcs15-tool --dump --short
Using reader with a card: Gemalto PC Twin Reader
Failed to connect to card: Card is invalid or cannot be handled

I will try the "EMV Smartcard". Thanks for the feedback.

fcrespo82 avatar Mar 07 '21 17:03 fcrespo82

Do you have some "official" middleware?

frankmorgner avatar Mar 09 '21 10:03 frankmorgner

Since I'm asking I probably don't, but can you clarify what is the middleware.

I have the "tokenadmin.app" with witch I can change PIN, PUK, erase the card, install digital IDs and install certificates to that token. Will that suffice?

fcrespo82 avatar Mar 09 '21 13:03 fcrespo82

how are you using your certificates to, for example, authenticate in a web browser, to open an VPN or to login to your computer?

frankmorgner avatar Mar 09 '21 15:03 frankmorgner

Basically it is used for signing documents with an in house developed signer application. I am a developer for said organization and have access to its source code.

fcrespo82 avatar Mar 09 '21 16:03 fcrespo82

with access to the source code, it's fairly easy to get the missing pieces for OpenSC. Unfortunately, we don't have a lot of information for writing new card drivers. please use https://github.com/OpenSC/OpenSC/wiki/Adding-a-new-card-driver as starting point and have a look at the other card drivers for adding more complex stuff...

frankmorgner avatar Mar 09 '21 21:03 frankmorgner

Closing this issue due to inactivity. Please re-open the ticket if more input is available.

frankmorgner avatar Jan 19 '23 16:01 frankmorgner