[root@localhost t]# pwd
/home/midnighter/dev/pcsc-perl-1.4.8/t
[root@localhost t]# ./test.t
1..2
ok 1 - new Chipcard::PCSC()
ok 2 - $hContext->ListReaders ()
[root@localhost t]# По поводу coolkey, хочется чтобы разработчики обратили внимание на поддержку данной библиотеки в будущем. Спасибо за помощь.
]]>В чём отличия с доступом по PKCS #11 к libpcsclite скажем между opensc (драйвер pcsc) и coolkey:
https://www.redhat.com/mailman/private/ … 00006.html (список рассылки, нужна авторизация)
The original Muscle author gave us permission to release it under gpl 2.
We make several changes to the APDU's, most notably adding several
APDU's that run under Global Platform Secure channel to manage the
token. We also added a nonce to many unprivileged APDU's so that we can
support authentication in a true multi-user environment (Login gives the
user a nonce, which must be supplied on subsequent APDU calls. This
allows multiple applications to access the token, but requiring each
application to get it's own login state).
In general the guts are the same, but the APDU interface is not longer
the same.
CoolKey входит в стандартный комплект поставки Red Hat Enterprise Linux и соответственно имеет поддержку от Red Hat, что позволит получить ещё одно преимущество при работе с корпоративным сегментом. Также существует порт данной библиотеки и под системы Windows.
К сожалению у меня нет знаний и навыков чтобы решить эту проблему в одиночку, поэтому обращаюсь к вам помощью, обрисовывая преимущества работы данной конфигурации. Если вас это не заинтересует, чтож, буду довольствоваться однопользовательским доступом через perl -> (PKCS #11 интерфейс) -> pcsc-lite -> ccid -> usb-lib. Если заинтересует, готов к сотрудничеству по тестам и предоставлению логов
]]>У вас должен быть запущен /etc/init.d/pcscd, а /etc/init.d/openct, наоборот, остановлен.
Проверить, что токен определяется через libpcsclite можно утилитой pcsc_scan.
[root@localhost midnighter]# service openct stop
Останавливаются терминалы смарт-карт OpenCT: 0 processes killed. [ OK ]
[root@localhost midnighter]# service pcscd start
Запускается демон смарт-карт PC/SC (pcscd): [ OK ]
[root@localhost midnighter]# pcsc_scan
PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.6.4
Scanning present readers...
0: Aktiv Rutoken ECP 00 00
Sat Dec 11 15:56:57 2010
Reader 0: Aktiv Rutoken ECP 00 00
Card state: Card inserted,
ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1
ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1
+ TS = 3B --> Direct Convention
+ T0 = 8B, Y(1): 1000, K: 11 (historical bytes)
TD(1) = 01 --> Y(i+1) = 0000, Protocol T = 1
-----
+ Historical bytes: 52 75 74 6F 6B 65 6E 20 44 53 20
Category indicator byte: 52 (proprietary format)
+ TCK = C1 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
NONE
Your card is not present in the database.
You can get the latest version of the database from
http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt
or use: wget http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt --output-document=/root/.smartcard_list.txt
If your ATR is still not in the latest version then please send a mail
to <ludovic.rousseau@free.fr> containing:
- your ATR
- a card description (in english)Потом я сделал
[root@localhost midnighter]# wget http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt --output-document=/root/.smartcard_list.txt
--2010-12-11 16:03:38-- http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt
Распознаётся ludovic.rousseau.free.fr... 212.27.63.136
Устанавливается соединение с ludovic.rousseau.free.fr|212.27.63.136|:80... соединение установлено.
Запрос HTTP послан, ожидается ответ... 200 OK
Длина: 110807 (108K) [text/plain]
Saving to: «/root/.smartcard_list.txt»
100%[===================================================================================================================>] 110 807 49,8K/s в 2,2s
2010-12-11 16:03:41 (49,8 KB/s) - «/root/.smartcard_list.txt» saved [110807/110807]И стало
[root@localhost midnighter]# pcsc_scan
PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.6.4
Scanning present readers...
0: Aktiv Rutoken ECP 00 00
Sat Dec 11 16:03:44 2010
Reader 0: Aktiv Rutoken ECP 00 00
Card state: Card inserted,
ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1
ATR: 3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1
+ TS = 3B --> Direct Convention
+ T0 = 8B, Y(1): 1000, K: 11 (historical bytes)
TD(1) = 01 --> Y(i+1) = 0000, Protocol T = 1
-----
+ Historical bytes: 52 75 74 6F 6B 65 6E 20 44 53 20
Category indicator byte: 52 (proprietary format)
+ TCK = C1 (correct checksum)
Possibly identified card (using /root/.smartcard_list.txt):
3B 8B 01 52 75 74 6F 6B 65 6E 20 44 53 20 C1
Rutoken ECP (DS)Похоже заработало! ура! спасибо за помощь
[root@localhost midnighter]# opensc-tool -i
opensc 0.11.13 [gcc 4.5.1 20100924 (Red Hat 4.5.1-4)]
Enabled features: zlib readline iconv openssl openct pcsc(libpcsclite.so.1) nsplugin
[opensc-tool] ctx.c:735:sc_context_create: ===================================
[opensc-tool] ctx.c:736:sc_context_create: opensc version: 0.11.13
[opensc-tool] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[opensc-tool] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[opensc-tool] reader-pcsc.c:951:pcsc_detect_readers: Found new pcsc reader 'Aktiv Rutoken ECP 00 00'
[opensc-tool] ctx.c:765:sc_release_context: calledP.S. Да, может будет кому будет интересно, рутокен ЭЦП прекрасно заработал в Fedora 14 с WM Keeper light через opensc-pkcs11.so (в конфиге /etc/opensc.conf указан reader_drivers = pcsc) Если нужен готовый пакет opensc с уже наложенными патчами к токену с обновлённой микропрограммой, обращайтесь, поделюсь.
]]>У вас должен быть запущен /etc/init.d/pcscd, а /etc/init.d/openct, наоборот, остановлен.
Проверить, что токен определяется через libpcsclite можно утилитой pcsc_scan.
Я та ки сделал
[root@localhost etc]# service openct stop
Останавливаются терминалы смарт-карт OpenCT: 1 process killed. [ OK ]
[root@localhost etc]# service pcscd start
Запускается демон смарт-карт PC/SC (pcscd): [ OK ]По поводу определения утилитой pcsc_scan выясню немного позднее.
]]>Инициализировать Рутокен ЭЦП нужно так:
$ pkcs15-init --erase-card
$ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
$ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize
При запросе пин-кода - ввести "12345678".
Плюс, посмотрите, пожалуйста на этот патч: http://www.opensc-project.org/opensc/ch … 15-rtecp.c
Возможно, в вашем случае, его тоже нужно применить.
Вау! класс! Я применил оба патча на OpenSC, не уверен правда что правильно сделал бэкпорт последнего, дело в том что последней строки замены из diff-а по ссылке нет в версии opensc-0.11.13 и я её проигнорировал. Проинициализировал токен как вы написали, всё прошло без ошибок через "reader_drivers = openct" в /etc/opensc.conf. И мне похоже удалось подключить токен через nss -> opensc-pkcs11 -> usb-lib
[root@localhost etc]# modutil -list -dbdir /etc/pki/nssdb/
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. OpenSC PKCS #11 Module
library name: /usr/lib64/pkcs11/opensc-pkcs11.so
slots: 16 slots attached
status: loaded
slot: CCID Compatible
token: Rutoken ECP (User PIN)
slot: CCID Compatible
token: [root@localhost etc]# modutil -list "OpenSC PKCS #11 Module" -dbdir /etc/pki/nssdb/
-----------------------------------------------------------
Name: OpenSC PKCS #11 Module
Library file: /usr/lib64/pkcs11/opensc-pkcs11.so
Manufacturer: OpenSC (www.opensc-project.org)
Description: smart card PKCS#11 API
PKCS #11 Version 2.20
Library Version: 0.0
Cipher Enable Flags: None
Default Mechanism Flags: RSA
Slot: CCID Compatible
Slot Mechanism Flags: RSA
Manufacturer: OpenSC (www.opensc-project.org)
Type: Hardware
Version Number: 0.0
Firmware Version: 0.0
Status: Enabled
Token Name: Rutoken ECP (User PIN)
Token Manufacturer: Aktiv Co.
Token Model: PKCS#15
Token Serial Number: 0000000029416CE7
Token Version: 0.0
Token Firmware Version: 0.0
Access: NOT Write Protected
Login Type: Login required
User Pin: Initialized
Slot: CCID Compatible
Slot Mechanism Flags: RSA
Manufacturer: OpenSC (www.opensc-project.org)
Type: Hardware
Version Number: 0.0
Firmware Version: 0.0
Status: Enabled
ERROR: Unable to get information about token "".[root@localhost etc]# modutil -dbdir /etc/pki/nssdb/ -changepw "Rutoken ECP (User PIN)"
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:
Enter old password:
Enter new password:
Re-enter new password:
Token "Rutoken ECP (User PIN)" password changed successfully.
[root@localhost etc]# Это уже радует! Скажите пожалуйста, как настроить работу токена через pcsc-lite? Меня в частности интересует работа с токеном через libpcsclite. "reader_drivers = pcsc" в /etc/opensc.conf
[root@localhost etc]# service openct stop
Останавливаются терминалы смарт-карт OpenCT: 1 process killed. [ OK ]
[root@localhost etc]# service pcscd start
Запускается демон смарт-карт PC/SC (pcscd): [ OK ]
[root@localhost etc]# opensc-tool -a
[opensc-tool] ctx.c:735:sc_context_create: ===================================
[opensc-tool] ctx.c:736:sc_context_create: opensc version: 0.11.13
[opensc-tool] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[opensc-tool] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[opensc-tool] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
No smart card readers found.
[opensc-tool] ctx.c:765:sc_release_context: called
[root@localhost etc]# [root@localhost etc]# opensc-tool -i
opensc 0.11.13 [gcc 4.5.1 20100924 (Red Hat 4.5.1-4)]
Enabled features: zlib readline iconv openssl openct pcsc(libpcsclite.so.1) nsplugin
[opensc-tool] ctx.c:735:sc_context_create: ===================================
[opensc-tool] ctx.c:736:sc_context_create: opensc version: 0.11.13
[opensc-tool] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[opensc-tool] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[opensc-tool] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
[opensc-tool] ctx.c:765:sc_release_context: called
[root@localhost etc]# [root@localhost ~]# opensc-explorer
OpenSC Explorer version 0.11.13
Using reader with a card: CCID Compatible
OpenSC [3F00]> ls
FileID Type Size
2F00 wEF 128
[1000] DF 0
[5000] DF 0
OpenSC [3F00]> info 2F00
Elementary File ID 2F00
File path: 3F00/2F00
File size: 128 bytes
EF structure: Transparent
ACL for READ: NONE
ACL for UPDATE: CHV1
ACL for DELETE: CHV1
ACL for WRITE: CHV1
ACL for REHABILITATE: N/A
ACL for INVALIDATE: N/A
ACL for LIST_FILES: N/A
ACL for CRYPTO: N/A
Security attributes: 43 00 01 00 00 00 00 01 00 00 00 00 00 00 00
OpenSC [3F00]> Так и должно быть? Это говорит о том что всё в порядке?
]]>Можно форматировать и в Windows, через панель управления.
Для pcscd в этом случае никакой разницы не будет.
OpenSC форматирование необходимо только в случае, если Вы собираетесь использовать OpenSC объекты и интерфейсы.
Не, в Windows не наш метод :)
В общем пропатчил я OpenSC и похоже форматирование получилось успешным. По крайней мере токен при нём начал мигать.
[root@localhost etc]# pkcs15-init --erase-card
[pkcs15-init] ctx.c:735:sc_context_create: ===================================
[pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.13
[pkcs15-init] reader-openct.c:79:openct_reader_init: called
[pkcs15-init] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[pkcs15-init] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[pkcs15-init] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Using reader with a card: CCID Compatible
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:218:openct_reader_connect: called
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card-piv.c:1761:piv_match_card: called
[pkcs15-init] card-piv.c:493:piv_find_aid: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208
[pkcs15-init] card-entersafe.c:101:entersafe_match_card: called
[pkcs15-init] card-rutoken.c:120:rutoken_match_card: called
[pkcs15-init] card-rutoken.c:126:rutoken_match_card: returning with: 0
[pkcs15-init] card-rtecp.c:53:rtecp_match_card: returning with: 1
[pkcs15-init] card.c:221:sc_connect_card: card info: Rutoken ECP card, 0, 0x0
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] pkcs15.c:700:sc_pkcs15_bind: called
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f002f00
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005031
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201
[pkcs15-init] pkcs15.c:593:sc_pkcs15_bind_internal: EF(ODF) not found in '3f005031'
[pkcs15-init] pkcs15-syn.c:107:sc_pkcs15_bind_synthetic: called
[pkcs15-init] pkcs15-syn.c:148:sc_pkcs15_bind_synthetic: no emulator list in config file, trying all builtin emulators
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying westcos
[pkcs15-init] p15emu-westcos.c:244:sc_pkcs15emu_westcos_init_ex: sc_pkcs15_init_func_ex westcos
[pkcs15-init] p15emu-westcos.c:231:westcos_detect_card: westcos_detect_card (Rutoken ECP card)
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying openpgp
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying infocamere
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying starcert
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying tcos
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying esteid
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying postecert
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying PIV-II
[pkcs15-init] pkcs15-piv.c:521:sc_pkcs15emu_piv_init_ex: called
[pkcs15-init] pkcs15-piv.c:100:piv_detect_card: called
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying gemsafeGPK
[pkcs15-init] pkcs15-gemsafeGPK.c:515:sc_pkcs15emu_gemsafeGPK_init_ex: Entering sc_pkcs15emu_gemsafeGPK_init_ex
[pkcs15-init] pkcs15-gemsafeGPK.c:163:gemsafe_detect_card: called
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying gemsafeV1
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying actalis
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying atrust-acos
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying tccardos
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying entersafe
[pkcs15-init] pkcs15-esinit.c:77:sc_pkcs15emu_entersafe_init_ex: called
[pkcs15-init] pkcs15-esinit.c:33:entersafe_detect_card: called
[pkcs15-init] pkcs15-syn.c:159:sc_pkcs15_bind_synthetic: searching for 'emulate foo { ... }' blocks
[pkcs15-init] pkcs15.c:799:sc_pkcs15_bind: returning with: -1413
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card.c:236:sc_disconnect_card: called
[pkcs15-init] reader-openct.c:265:openct_reader_disconnect: called
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0
[pkcs15-init] ctx.c:765:sc_release_context: called
[pkcs15-init] reader-openct.c:168:openct_reader_release: called
[pkcs15-init] reader-openct.c:168:openct_reader_release: called
[pkcs15-init] reader-openct.c:154:openct_reader_finish: called
[root@localhost etc]#
Но тут нарисовалась новая проблема, ошибка при создании сертификата
<span class="codeStyle">[root@localhost etc]# pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
[pkcs15-init] ctx.c:735:sc_context_create: ===================================
[pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.13
[pkcs15-init] reader-openct.c:79:openct_reader_init: called
[pkcs15-init] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[pkcs15-init] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[pkcs15-init] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Using reader with a card: CCID Compatible
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:218:openct_reader_connect: called
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card-piv.c:1761:piv_match_card: called
[pkcs15-init] card-piv.c:493:piv_find_aid: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208
[pkcs15-init] card-entersafe.c:101:entersafe_match_card: called
[pkcs15-init] card-rutoken.c:120:rutoken_match_card: called
[pkcs15-init] card-rutoken.c:126:rutoken_match_card: returning with: 0
[pkcs15-init] card-rtecp.c:53:rtecp_match_card: returning with: 1
[pkcs15-init] card.c:221:sc_connect_card: card info: Rutoken ECP card, 0, 0x0
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f002f00, size=128
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f00
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f001000, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f001000
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f0010001000, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006001, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006002, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006003, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006004, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006005, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f00
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f005000, size=5000
[pkcs15-init] card.c:367:sc_create_file: returning with: 0
[pkcs15-init] pkcs15-rtecp.c:171:rtecp_create_pin: called
[pkcs15-init] card.c:362:sc_create_file: called; type=0, path=, size=8
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Incorrect parameters in the data field
[pkcs15-init] card-rtecp.c:564:rtecp_create_file: returning with: Incorrect parameters in APDU
[pkcs15-init] card.c:367:sc_create_file: returning with: Incorrect parameters in APDU
[pkcs15-init] pkcs15-rtecp.c:209:rtecp_create_pin: returning with: Incorrect parameters in APDU
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card.c:236:sc_disconnect_card: called
[pkcs15-init] reader-openct.c:265:openct_reader_disconnect: called
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0
[pkcs15-init] ctx.c:765:sc_release_context: called
[pkcs15-init] reader-openct.c:168:openct_reader_release: called
[pkcs15-init] reader-openct.c:168:openct_reader_release: called
[pkcs15-init] reader-openct.c:154:openct_reader_finish: called
[root@localhost etc]#</span>
]]>К сожалению, это пока единственный выход.
Если будут проблемы с компиляцией - обращайтесь.
Ничего страшного, меня такой вариант тоже устраивает. Я так понимаю OpenSC это единственная возможность отформатировать токен, собственно для этого мне OpenSC и нужен, а там уже дальше работать через связку perl -> pcscd -> ccid - usb-lib. (http://search.cpan.org/~whom/pcsc-perl/PCSC.pod) В идеале конечно же хотелось через nss -> coolkey -> pcsc-lib. Последний вариант предоставляет больше возможностей, но не знаю получится ли он при таком раскладе.. В общем пока на вечер opensc. За помощь спасибо.
]]>Здравствуйте.
К сожалению у Вас Рутокен ЭЦП с самой новой версией микропрограммы, у которой была изменена ATR-строка.
Изменения в коде OpenSC были сделаны, однако новая версия, включающая их, еще не выходила.
Для того чтобы Ваш Рутокен ЭЦП нормально работал с OpenSC, Вам следует его пропатчить и пересобрать.
http://www.opensc-project.org/opensc/ch … rd-rtecp.c
О как! Пасибо, сегодня вечером постараюсь попробывать. А то я с тем токеном неделю уже и так, и эдак и со словами и без слов.. ))
]]>Здравствуйте.
Судя по приведенным логам Рутокен ЭЦП работает в вашей системе корректно.
Рутокены как и любые другие устройства поддерживают функциональность opensc и openct, не полностью, а лишь частично.
Команда $openct-tool read не работает на Рутокенах.
Подскажите, пожалуйста, для каких целей Вы хотите использовать Рутокен ЭЦП на linux-машине?
Некоторую информацию о том, как использовать OpenSC можно найти здесь:
http://www.opensc-project.org/opensc/wiki/QuickStart
http://www.opensc-project.org/opensc/wi … RutokenECP
Рутокен ЭЦП мне необходим для работы с XML интерфейсами, в частности для подписи запроса по XML
https://wiki.webmoney.ru/wiki/show/XML-интерфейсы
То что токен работает хорошо, с функциональностью opensc и openct тоже понятно, мне тогда непонятно почему при форматировании токена возникает ошибка. (дебаг включен)
[root@localhost midnighter]# openct-tool atr
Detected CCID Compatible
Card present, status changed
ATR: 3b 8b 01 52 75 74 6f 6b 65 6e 20 44 53 20 c1
[root@localhost midnighter]# pkcs15-init --erase-card
[pkcs15-init] ctx.c:735:sc_context_create: ===================================
[pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.13
[pkcs15-init] reader-openct.c:79:openct_reader_init: called
[pkcs15-init] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[pkcs15-init] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[pkcs15-init] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Using reader with a card: CCID Compatible
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:218:openct_reader_connect: called
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card-piv.c:1761:piv_match_card: called
[pkcs15-init] card-piv.c:493:piv_find_aid: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208
[pkcs15-init] card-entersafe.c:101:entersafe_match_card: called
[pkcs15-init] card-rutoken.c:120:rutoken_match_card: called
[pkcs15-init] card-rutoken.c:126:rutoken_match_card: returning with: 0
[pkcs15-init] card-rtecp.c:51:rtecp_match_card: returning with: 0
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card.c:221:sc_connect_card: card info: Unidentified card, -1, 0x0
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported
[pkcs15-init] pkcs15-lib.c:242:find_library: unable to locate pkcs15init driver for 'default'
[pkcs15-init] pkcs15-lib.c:322:sc_pkcs15init_bind: Unsupported card driver default
Couldn't bind to the card: Not supported
[root@localhost midnighter]#
При этом cat /var/logmessages
Dec 6 14:10:46 localhost kernel: [ 510.202372] TCP lp registered
Dec 6 14:20:19 localhost kernel: [ 1082.698118] usb 4-2: new full speed USB device using uhci_hcd and address 2
Dec 6 14:20:19 localhost kernel: [ 1082.850153] usb 4-2: New USB device found, idVendor=0a89, idProduct=0030
Dec 6 14:20:19 localhost kernel: [ 1082.850159] usb 4-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Dec 6 14:20:19 localhost kernel: [ 1082.850163] usb 4-2: Product: Rutoken ECP
Dec 6 14:20:19 localhost kernel: [ 1082.850165] usb 4-2: Manufacturer: Aktiv
Dec 6 14:23:16 localhost pcscd: ccid_usb.c:492:OpenUSBByName() Can't claim interface 4/2: -6
Dec 6 14:23:16 localhost pcscd: ifdhandler.c:105:IFDHCreateChannelByName() failed
Dec 6 14:23:16 localhost pcscd: readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed (usb:0a89/0030:libhal:/org/freedesktop/Hal/devices/usb_device_a89_30_noserial_if0)
Dec 6 14:23:16 localhost pcscd: readerfactory.c:257:RFAddReader() Aktiv Rutoken ECP init failed.