Тема от MidNight^er (2010-12-05 16:25:37 отредактировано MidNight^er)

  • MidNight^er
  • Посетитель
  • Неактивен

Проблема с рутокен ЭЦП и Fedora 14

<p style="margin-bottom: 0cm;">Здравствуйте, нужна помощь по установке rutoken ЭЦП под Fedora 14. Имеется следующие версии ПО:

[root@localhost midnighter]# rpm -qva | grep opensc
opensc-0.11.13-3.fc14.x86_64
[root@localhost midnighter]# rpm -qva | grep openssl
openssl-devel-1.0.0b-1.fc14.x86_64 openssl-1.0.0b-1.fc14.x86_64
[root@localhost midnighter]# rpm -qva | grep openct
openct-0.6.19-3.fc14.x86_64
[root@localhost midnighter]# rpm -qva | grep pcsc-lite
pcsc-lite-devel-1.6.4-1.fc14.x86_64
pcsc-lite-1.6.4-1.fc14.x86_64
pcsc-lite-libs-1.6.4-1.fc14.x86_64
[root@localhost midnighter]# rpm -qva | grep ccid
ccid-1.4.0-1.fc14.x86_64

       
Отключаем сервисы

[root@localhost midnighter]# service pcscd stop
Останавливается демон
смарт-карт PC/SC (pcscd): [  OK  ]
[root@localhost midnighter]# service openct stop
Останавливаются терминалы смарт-карт OpenCT:  0 processes killed. [OK  ]

    
Подключаем rutoken ЭЦП
dmesg: 

[11312.094344] usb 4-1: new full speed
USB device using uhci_hcd and address 10
[11312.244167] usb 4-1: New USB device
found, idVendor=0a89, idProduct=0030
[11312.244178] usb 4-1: New USB device
strings: Mfr=1, Product=2, SerialNumber=0
[11312.244187] usb 4-1: Product:
Rutoken ECP
[11312.244192] usb 4-1: Manufacturer:
Aktiv

  
Запускаем сервис openct

[root@localhost midnighter]# service openct start
Инициализируются терминалы смарт-карт OpenCT:  Debug:
ifd_spawn_handler: driver=ccid, devtype=usb:/dev/bus/usb/004/010,index=-1 [  OK  ]

 
Смотрим результат

[root@localhost midnighter]# openct-tool read
Detected CCID Compatible
Card present, status changed
failed to read memory card: Operation not supported

 
Запускаем сервис pcscd

[root@localhost midnighter]# service pcscd start
Запускается демон смарт-карт PC/SC (pcscd):                [  OK  ]

 
Результат на openct-tool read не меняется, но в /var/log/messages следующая информация:

Dec  5 15:50:04 localhost pcscd: ccid_usb.c:492:OpenUSBByName() Can't claim interface 4/10: -6
Dec  5 15:50:04 localhost pcscd: ifdhandler.c:105:IFDHCreateChannelByName() failed
Dec  5 15:50:04 localhost pcscd: readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed
(usb:0a89/0030:libhal:/org/freedesktop/Hal/devices/usb_device_a89_30_noserial_if0)
Dec  5 15:50:04 localhost pcscd: readerfactory.c:257:RFAddReader() Aktiv Rutoken ECP init failed.
Dec  5 15:51:32 localhost pcscd: ccid_usb.c:492:OpenUSBByName() Can't claim interface 4/10: -6
Dec  5 15:51:32 localhost pcscd: ifdhandler.c:105:IFDHCreateChannelByName() failed
Dec  5 15:51:32 localhost pcscd: readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed
(usb:0a89/0030:libhal:/org/freedesktop/Hal/devices/usb_device_a89_30_noserial_if0)
Dec  5 15:51:32 localhost pcscd: readerfactory.c:257:RFAddReader() Aktiv Rutoken ECP init failed.

 
Куда рыть дальше?
<p style="margin-bottom: 0cm;">

Ответ от MidNight^er

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Дополнительная информация:
Пробуем узнать подробнее

[root@localhost midnighter]# service
pcscd stop
Останавливается демон
смарт-карт PC/SC (pcscd):            [  OK ]

В соседней консоли
запускаем

[root@localhost midnighter]# pcscd -afd

И получаем

00000000
debuglog.c:277:DebugLogSetLevel() debug level=debug
00000644
configfile.l:242:DBGetReaderListDir() Parsing conf directory:
/etc/reader.conf.d
00000053
configfile.l:284:DBGetReaderList() Parsing conf file:
/etc/reader.conf.d/libccidtwin
00000143 pcscdaemon.c:533:main()
pcsc-lite 1.6.4 daemon ready.
00290822
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0A89,
PID: 0x0030
00000022
hotplug_libhal.c:368:HPAddDevice() Adding USB device:
usb_device_a89_30_noserial_if0
01001643
readerfactory.c:959:RFInitializeReader() Attempting startup of Aktiv
Rutoken ECP 00 00 using
/usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
00000507
readerfactory.c:849:RFBindFunctions() Loading IFD Handler 3.0
00000077
ifdhandler.c:1739:init_driver() Driver version: 1.4.0
00000825
ifdhandler.c:1752:init_driver() LogLevel: 0x0003
00000668
ifdhandler.c:1772:init_driver() DriverOptions: 0x0000
00000025
ifdhandler.c:83:IFDHCreateChannelByName() lun: 0, device:
usb:0a89/0030:libhal:/org/freedesktop/Hal/devices/usb_device_a89_30_noserial_if0
00000700 ccid_usb.c:252:OpenUSBByName()
Manufacturer: Ludovic Rousseau (ludovic.rousseau@free.fr)
00000660 ccid_usb.c:262:OpenUSBByName()
ProductString: Generic CCID driver
00000702 ccid_usb.c:268:OpenUSBByName()
Copyright: This driver is protected by terms of the GNU Lesser
General Public License version 2.1, or (at your option) any later
version.
00113666 ccid_usb.c:492:OpenUSBByName()
Can't claim interface 4/10: -6
00017280
ifdhandler.c:105:IFDHCreateChannelByName() failed
00000023
readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed
(usb:0a89/0030:libhal:/org/freedesktop/Hal/devices/usb_device_a89_30_noserial_if0)
00000008
readerfactory.c:886:RFUnloadReader() Unloading reader driver.
00000059
readerfactory.c:257:RFAddReader() Aktiv Rutoken ECP init failed.
00029220
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0002
00001470
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0001
00001513
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0001
00001466
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0001
00003126
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0002
00001435
hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0001

Ответ от Кирилл Мещеряков

  • Кирилл Мещеряков
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Здравствуйте.
Судя по приведенным логам Рутокен ЭЦП работает в вашей системе корректно.
Рутокены как и любые другие устройства поддерживают функциональность opensc и openct, не полностью, а лишь частично.
Команда $openct-tool read не работает на Рутокенах.
Подскажите, пожалуйста, для каких целей Вы хотите использовать Рутокен ЭЦП на linux-машине?
Некоторую информацию о том, как использовать OpenSC можно найти здесь:
http://www.opensc-project.org/opensc/wiki/QuickStart
http://www.opensc-project.org/opensc/wi … RutokenECP

Ответ от MidNight^er (2010-12-06 14:35:46 отредактировано MidNight^er)

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Кирилл Мещеряков пишет:

Здравствуйте.
Судя по приведенным логам Рутокен ЭЦП работает в вашей системе корректно.
Рутокены как и любые другие устройства поддерживают функциональность opensc и openct, не полностью, а лишь частично.
Команда $openct-tool read не работает на Рутокенах.
Подскажите, пожалуйста, для каких целей Вы хотите использовать Рутокен ЭЦП на linux-машине?
Некоторую информацию о том, как использовать OpenSC можно найти здесь:
http://www.opensc-project.org/opensc/wiki/QuickStart
http://www.opensc-project.org/opensc/wi … RutokenECP

Рутокен ЭЦП мне необходим для работы с XML интерфейсами, в частности для подписи запроса по XML
https://wiki.webmoney.ru/wiki/show/XML-интерфейсы
То что токен работает хорошо, с функциональностью opensc и openct тоже понятно, мне тогда непонятно почему при форматировании токена возникает ошибка. (дебаг включен)

[root@localhost midnighter]# openct-tool atr
Detected CCID Compatible
Card present, status changed
ATR: 3b 8b 01 52 75 74 6f 6b 65 6e 20 44 53 20 c1
[root@localhost midnighter]# pkcs15-init --erase-card
[pkcs15-init] ctx.c:735:sc_context_create: ===================================
[pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.13
[pkcs15-init] reader-openct.c:79:openct_reader_init: called
[pkcs15-init] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[pkcs15-init] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[pkcs15-init] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Using reader with a card: CCID Compatible
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:218:openct_reader_connect: called
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card-piv.c:1761:piv_match_card: called
[pkcs15-init] card-piv.c:493:piv_find_aid: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported
[pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208
[pkcs15-init] card-entersafe.c:101:entersafe_match_card: called
[pkcs15-init] card-rutoken.c:120:rutoken_match_card: called
[pkcs15-init] card-rutoken.c:126:rutoken_match_card: returning with: 0
[pkcs15-init] card-rtecp.c:51:rtecp_match_card: returning with: 0
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card.c:221:sc_connect_card: card info: Unidentified card, -1, 0x0                                                                              
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0                                                                                                  
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported                                                                                              
[pkcs15-init] pkcs15-lib.c:242:find_library: unable to locate pkcs15init driver for 'default'                                                                
[pkcs15-init] pkcs15-lib.c:322:sc_pkcs15init_bind: Unsupported card driver default                                                                           
Couldn't bind to the card: Not supported
[root@localhost midnighter]#

   
 При этом cat /var/logmessages

Dec  6 14:10:46 localhost kernel: [  510.202372] TCP lp registered
Dec  6 14:20:19 localhost kernel: [ 1082.698118] usb 4-2: new full speed USB device using uhci_hcd and address 2
Dec  6 14:20:19 localhost kernel: [ 1082.850153] usb 4-2: New USB device found, idVendor=0a89, idProduct=0030
Dec  6 14:20:19 localhost kernel: [ 1082.850159] usb 4-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Dec  6 14:20:19 localhost kernel: [ 1082.850163] usb 4-2: Product: Rutoken ECP
Dec  6 14:20:19 localhost kernel: [ 1082.850165] usb 4-2: Manufacturer: Aktiv
Dec  6 14:23:16 localhost pcscd: ccid_usb.c:492:OpenUSBByName() Can't claim interface 4/2: -6
Dec  6 14:23:16 localhost pcscd: ifdhandler.c:105:IFDHCreateChannelByName() failed
Dec  6 14:23:16 localhost pcscd: readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed (usb:0a89/0030:libhal:/org/freedesktop/Hal/devices/usb_device_a89_30_noserial_if0)
Dec  6 14:23:16 localhost pcscd: readerfactory.c:257:RFAddReader() Aktiv Rutoken ECP init failed.

Ответ от Кирилл Мещеряков

  • Кирилл Мещеряков
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Здравствуйте.
К сожалению у Вас Рутокен ЭЦП с самой новой версией микропрограммы, у которой была изменена ATR-строка.
Изменения в коде OpenSC были сделаны, однако новая версия, включающая их, еще не выходила.
Для того чтобы Ваш Рутокен ЭЦП нормально работал с OpenSC, Вам следует его пропатчить и пересобрать. 
http://www.opensc-project.org/opensc/ch … rd-rtecp.c

Ответ от MidNight^er

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Кирилл Мещеряков пишет:

Здравствуйте.
К сожалению у Вас Рутокен ЭЦП с самой новой версией микропрограммы, у которой была изменена ATR-строка.
Изменения в коде OpenSC были сделаны, однако новая версия, включающая их, еще не выходила.
Для того чтобы Ваш Рутокен ЭЦП нормально работал с OpenSC, Вам следует его пропатчить и пересобрать. 
http://www.opensc-project.org/opensc/ch … rd-rtecp.c

О как! Пасибо, сегодня вечером постараюсь попробывать. А то я с тем токеном неделю уже и так, и эдак и со словами и без слов.. ))

Ответ от Кирилл Мещеряков

  • Кирилл Мещеряков
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

К сожалению, это пока единственный выход.
Если будут проблемы с компиляцией - обращайтесь.

Ответ от MidNight^er (2010-12-06 16:24:00 отредактировано MidNight^er)

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Кирилл Мещеряков пишет:

К сожалению, это пока единственный выход.
Если будут проблемы с компиляцией - обращайтесь.

Ничего страшного, меня такой вариант тоже устраивает. Я так понимаю OpenSC это единственная возможность отформатировать токен, собственно для этого мне OpenSC и нужен, а там уже дальше работать через связку perl -> pcscd -> ccid - usb-lib. (http://search.cpan.org/~whom/pcsc-perl/PCSC.pod) В идеале конечно же хотелось через nss -> coolkey -> pcsc-lib. Последний вариант предоставляет больше возможностей, но не знаю получится ли он при таком раскладе.. В общем пока на вечер opensc. За помощь спасибо.

Ответ от Кирилл Мещеряков

  • Кирилл Мещеряков
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Можно форматировать и в Windows, через панель управления.
Для pcscd в этом случае никакой разницы не будет. 
OpenSC форматирование необходимо только в случае, если Вы собираетесь использовать OpenSC объекты и интерфейсы.

Ответ от MidNight^er

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Кирилл Мещеряков пишет:

Можно форматировать и в Windows, через панель управления.
Для pcscd в этом случае никакой разницы не будет. 
OpenSC форматирование необходимо только в случае, если Вы собираетесь использовать OpenSC объекты и интерфейсы.

Не, в Windows не наш метод :)
В общем пропатчил я OpenSC и похоже форматирование получилось успешным. По крайней мере токен при нём начал мигать.

[root@localhost etc]# pkcs15-init --erase-card
[pkcs15-init] ctx.c:735:sc_context_create: ===================================
[pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.13                                                                                           
[pkcs15-init] reader-openct.c:79:openct_reader_init: called                                                                                                  
[pkcs15-init] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers                                                                                    
[pkcs15-init] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[pkcs15-init] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found                                                                       
[pkcs15-init] sc.c:196:sc_detect_card_presence: called                                                                                                       
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called                                                                                 
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1                                                                                            
Using reader with a card: CCID Compatible                                                                                                                    
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called                                                                                 
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1                                                                                            
[pkcs15-init] card.c:110:sc_connect_card: called                                                                                                             
[pkcs15-init] reader-openct.c:218:openct_reader_connect: called                                                                                              
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called                                                                                                
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] card-piv.c:1761:piv_match_card: called                                                                                                         
[pkcs15-init] card-piv.c:493:piv_find_aid: called                                                                                                            
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported                                                                                          
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported                                                                                          
[pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208                                                                                             
[pkcs15-init] card-entersafe.c:101:entersafe_match_card: called                                                                                              
[pkcs15-init] card-rutoken.c:120:rutoken_match_card: called                                                                                                  
[pkcs15-init] card-rutoken.c:126:rutoken_match_card: returning with: 0                                                                                       
[pkcs15-init] card-rtecp.c:53:rtecp_match_card: returning with: 1                                                                                            
[pkcs15-init] card.c:221:sc_connect_card: card info: Rutoken ECP card, 0, 0x0                                                                                
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0                                                                                                  
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported                                                                                              
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946                                                                                   
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found                                                                                                  
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found                                                                                           
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201                                                                                               
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.                                                                    
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] pkcs15.c:700:sc_pkcs15_bind: called
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f002f00                                                                                       
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found                                                                                                  
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found                                                                                           
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201                                                                                               
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015                                                                                       
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found                                                                                                  
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201                                                                                               
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005031                                                                                       
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found                                                                                                  
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found                                                                                           
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201                                                                                               
[pkcs15-init] pkcs15.c:593:sc_pkcs15_bind_internal: EF(ODF) not found in '3f005031'                                                                          
[pkcs15-init] pkcs15-syn.c:107:sc_pkcs15_bind_synthetic: called                                                                                              
[pkcs15-init] pkcs15-syn.c:148:sc_pkcs15_bind_synthetic: no emulator list in config file, trying all builtin emulators                                       
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying westcos                                                                                      
[pkcs15-init] p15emu-westcos.c:244:sc_pkcs15emu_westcos_init_ex: sc_pkcs15_init_func_ex westcos                                                              
[pkcs15-init] p15emu-westcos.c:231:westcos_detect_card: westcos_detect_card (Rutoken ECP card)                                                               
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying openpgp
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying infocamere                                                                                   
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying starcert                                                                                     
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying tcos                                                                                         
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying esteid                                                                                       
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying postecert                                                                                    
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying PIV-II                                                                                       
[pkcs15-init] pkcs15-piv.c:521:sc_pkcs15emu_piv_init_ex: called                                                                                              
[pkcs15-init] pkcs15-piv.c:100:piv_detect_card: called                                                                                                       
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying gemsafeGPK                                                                                   
[pkcs15-init] pkcs15-gemsafeGPK.c:515:sc_pkcs15emu_gemsafeGPK_init_ex: Entering sc_pkcs15emu_gemsafeGPK_init_ex                                              
[pkcs15-init] pkcs15-gemsafeGPK.c:163:gemsafe_detect_card: called
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying gemsafeV1                                                                                    
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying actalis                                                                                      
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying atrust-acos                                                                                  
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying tccardos                                                                                     
[pkcs15-init] pkcs15-syn.c:150:sc_pkcs15_bind_synthetic: trying entersafe                                                                                    
[pkcs15-init] pkcs15-esinit.c:77:sc_pkcs15emu_entersafe_init_ex: called                                                                                      
[pkcs15-init] pkcs15-esinit.c:33:entersafe_detect_card: called                                                                                               
[pkcs15-init] pkcs15-syn.c:159:sc_pkcs15_bind_synthetic: searching for 'emulate foo { ... }' blocks                                                          
[pkcs15-init] pkcs15.c:799:sc_pkcs15_bind: returning with: -1413                                                                                             
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] card.c:236:sc_disconnect_card: called                                                                                                          
[pkcs15-init] reader-openct.c:265:openct_reader_disconnect: called                                                                                           
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0                                                                                               
[pkcs15-init] ctx.c:765:sc_release_context: called                                                                                                           
[pkcs15-init] reader-openct.c:168:openct_reader_release: called                                                                                              
[pkcs15-init] reader-openct.c:168:openct_reader_release: called                                                                                              
[pkcs15-init] reader-openct.c:154:openct_reader_finish: called                                                                                               
[root@localhost etc]#

 

Но тут нарисовалась новая проблема, ошибка при создании сертификата

  

<span class="codeStyle">[root@localhost etc]# pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
[pkcs15-init] ctx.c:735:sc_context_create: ===================================
[pkcs15-init] ctx.c:736:sc_context_create: opensc version: 0.11.13
[pkcs15-init] reader-openct.c:79:openct_reader_init: called
[pkcs15-init] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers
[pkcs15-init] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[pkcs15-init] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[pkcs15-init] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Using reader with a card: CCID Compatible
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:194:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:218:openct_reader_connect: called
[pkcs15-init] card-gemsafeV1.c:120:gemsafe_match_card: called
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] card-piv.c:1761:piv_match_card: called                                                                                                         
[pkcs15-init] card-piv.c:493:piv_find_aid: called                                                                                                            
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported                                                                                          
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called                                                                                               
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Function not supported                                                                                          
[pkcs15-init] card-piv.c:576:piv_find_aid: returning with: -1208                                                                                             
[pkcs15-init] card-entersafe.c:101:entersafe_match_card: called                                                                                              
[pkcs15-init] card-rutoken.c:120:rutoken_match_card: called                                                                                                  
[pkcs15-init] card-rutoken.c:126:rutoken_match_card: returning with: 0                                                                                       
[pkcs15-init] card-rtecp.c:53:rtecp_match_card: returning with: 1                                                                                            
[pkcs15-init] card.c:221:sc_connect_card: card info: Rutoken ECP card, 0, 0x0                                                                                
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0                                                                                                  
[pkcs15-init] reader-openct.c:410:openct_reader_lock: called                                                                                                 
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported                                                                                              
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946                                                                                   
[pkcs15-init] iso7816.c:99:iso7816_check_sw: File not found                                                                                                  
[pkcs15-init] card-rtecp.c:306:rtecp_select_file: : File not found                                                                                           
[pkcs15-init] card.c:554:sc_select_file: returning with: -1201                                                                                               
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.                                                                    
[pkcs15-init] profile.c:306:sc_profile_load: Using profile directory '/usr/share/opensc'.
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00, size=0
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f002f00, size=128                                                                             
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f00                                                                                           
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f001000, size=0                                                                               
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f001000                                                                                       
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f0010001000, size=0                                                                           
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000                                                                                   
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006001, size=0                                                                       
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000                                                                                   
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006002, size=0                                                                       
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000                                                                                   
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006003, size=0                                                                       
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000                                                                                   
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006004, size=0                                                                       
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0010001000                                                                                   
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f00100010006005, size=0                                                                       
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f00                                                                                           
[pkcs15-init] card.c:554:sc_select_file: returning with: 0                                                                                                   
[pkcs15-init] card.c:362:sc_create_file: called; type=2, path=3f005000, size=5000                                                                            
[pkcs15-init] card.c:367:sc_create_file: returning with: 0                                                                                                   
[pkcs15-init] pkcs15-rtecp.c:171:rtecp_create_pin: called                                                                                                    
[pkcs15-init] card.c:362:sc_create_file: called; type=0, path=, size=8                                                                                       
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Incorrect parameters in the data field                                                                          
[pkcs15-init] card-rtecp.c:564:rtecp_create_file: returning with: Incorrect parameters in APDU                                                               
[pkcs15-init] card.c:367:sc_create_file: returning with: Incorrect parameters in APDU                                                                        
[pkcs15-init] pkcs15-rtecp.c:209:rtecp_create_pin: returning with: Incorrect parameters in APDU                                                              
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU                                                                                       
[pkcs15-init] reader-openct.c:437:openct_reader_unlock: called
[pkcs15-init] card.c:236:sc_disconnect_card: called                                                                                                          
[pkcs15-init] reader-openct.c:265:openct_reader_disconnect: called                                                                                           
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0                                                                                               
[pkcs15-init] ctx.c:765:sc_release_context: called                                                                                                           
[pkcs15-init] reader-openct.c:168:openct_reader_release: called                                                                                              
[pkcs15-init] reader-openct.c:168:openct_reader_release: called                                                                                              
[pkcs15-init] reader-openct.c:154:openct_reader_finish: called                                                                                               
[root@localhost etc]#

   </span>

Ответ от MidNight^er

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Хотя за ошибку я похоже погорячился..

[root@localhost ~]# opensc-explorer 
OpenSC Explorer version 0.11.13
Using reader with a card: CCID Compatible
OpenSC [3F00]> ls
FileID  Type  Size
 2F00    wEF   128
[1000]    DF     0
[5000]    DF     0
OpenSC [3F00]> info 2F00

Elementary File  ID 2F00

File path:     3F00/2F00
File size:     128 bytes
EF structure:  Transparent
ACL for READ:            NONE
ACL for UPDATE:          CHV1
ACL for DELETE:          CHV1
ACL for WRITE:           CHV1
ACL for REHABILITATE:    N/A
ACL for INVALIDATE:      N/A
ACL for LIST_FILES:      N/A
ACL for CRYPTO:          N/A
Security attributes:     43 00 01 00 00 00 00 01 00 00 00 00 00 00 00 

OpenSC [3F00]>

Так и должно быть? Это говорит о том что всё в порядке?

Ответ от Кирилл Мещеряков

  • Кирилл Мещеряков
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Инициализировать Рутокен ЭЦП нужно так:
$ pkcs15-init --erase-card
$ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
$ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize
При запросе пин-кода - ввести "12345678".
Плюс, посмотрите, пожалуйста на этот патч: http://www.opensc-project.org/opensc/ch … 15-rtecp.c
Возможно, в вашем случае, его тоже нужно применить.

Ответ от MidNight^er (2010-12-10 00:40:41 отредактировано MidNight^er)

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Кирилл Мещеряков пишет:

Инициализировать Рутокен ЭЦП нужно так:
$ pkcs15-init --erase-card
$ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk ""
$ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize
При запросе пин-кода - ввести "12345678".
Плюс, посмотрите, пожалуйста на этот патч: http://www.opensc-project.org/opensc/ch … 15-rtecp.c
Возможно, в вашем случае, его тоже нужно применить.

Вау! класс! Я применил оба патча на OpenSC, не уверен правда что правильно сделал бэкпорт последнего, дело в том что последней строки замены из diff-а по ссылке нет в версии opensc-0.11.13 и я её проигнорировал. Проинициализировал токен как вы написали, всё прошло без ошибок через "reader_drivers = openct" в /etc/opensc.conf. И мне похоже удалось подключить токен через nss -> opensc-pkcs11 -> usb-lib

[root@localhost etc]# modutil -list -dbdir /etc/pki/nssdb/

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
         slots: 2 slots attached
        status: loaded

         slot: NSS Internal Cryptographic Services
        token: NSS Generic Crypto Services

         slot: NSS User Private Key and Certificate Services
        token: NSS Certificate DB

  2. OpenSC PKCS #11 Module
        library name: /usr/lib64/pkcs11/opensc-pkcs11.so
         slots: 16 slots attached
        status: loaded

         slot: CCID Compatible
        token: Rutoken ECP (User PIN)

         slot: CCID Compatible
        token: 
[root@localhost etc]# modutil -list "OpenSC PKCS #11 Module" -dbdir /etc/pki/nssdb/

-----------------------------------------------------------
Name: OpenSC PKCS #11 Module
Library file: /usr/lib64/pkcs11/opensc-pkcs11.so
Manufacturer: OpenSC (www.opensc-project.org) 
Description: smart card PKCS#11 API          
PKCS #11 Version 2.20
Library Version: 0.0
Cipher Enable Flags: None
Default Mechanism Flags: RSA

  Slot: CCID Compatible
  Slot Mechanism Flags: RSA
  Manufacturer: OpenSC (www.opensc-project.org) 
  Type: Hardware
  Version Number: 0.0
  Firmware Version: 0.0
  Status: Enabled
  Token Name: Rutoken ECP (User PIN)          
  Token Manufacturer: Aktiv Co.                       
  Token Model: PKCS#15         
  Token Serial Number: 0000000029416CE7
  Token Version: 0.0
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

  Slot: CCID Compatible
  Slot Mechanism Flags: RSA
  Manufacturer: OpenSC (www.opensc-project.org) 
  Type: Hardware
  Version Number: 0.0
  Firmware Version: 0.0
  Status: Enabled
ERROR: Unable to get information about token "".
[root@localhost etc]# modutil -dbdir /etc/pki/nssdb/ -changepw "Rutoken ECP (User PIN)"

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 

Enter old password: 
Enter new password: 
Re-enter new password: 
Token "Rutoken ECP (User PIN)" password changed successfully.
[root@localhost etc]#

Это уже радует! Скажите пожалуйста, как настроить работу токена через pcsc-lite? Меня в частности интересует работа с токеном через libpcsclite. "reader_drivers = pcsc" в /etc/opensc.conf

[root@localhost etc]# service openct stop
Останавливаются терминалы смарт-карт OpenCT:  1 process killed. [  OK  ]
[root@localhost etc]# service pcscd start
Запускается демон смарт-карт PC/SC (pcscd): [  OK  ]
[root@localhost etc]# opensc-tool -a
[opensc-tool] ctx.c:735:sc_context_create: ===================================
[opensc-tool] ctx.c:736:sc_context_create: opensc version: 0.11.13                                                                                           
[opensc-tool] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers                                                                                    
[opensc-tool] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[opensc-tool] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found                                                                       
No smart card readers found.                                                                                                                                 
[opensc-tool] ctx.c:765:sc_release_context: called
[root@localhost etc]#                                
[root@localhost etc]# opensc-tool -i
opensc 0.11.13 [gcc  4.5.1 20100924 (Red Hat 4.5.1-4)]
Enabled features: zlib readline iconv openssl openct pcsc(libpcsclite.so.1) nsplugin
[opensc-tool] ctx.c:735:sc_context_create: ===================================
[opensc-tool] ctx.c:736:sc_context_create: opensc version: 0.11.13                                                                                           
[opensc-tool] reader-pcsc.c:879:pcsc_detect_readers: Probing pcsc readers                                                                                    
[opensc-tool] reader-pcsc.c:901:pcsc_detect_readers: Establish pcsc context
[opensc-tool] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders failed: 0x8010002e
[opensc-tool] reader-pcsc.c:1015:pcsc_detect_readers: returning with: No readers found                                                                       
[opensc-tool] ctx.c:765:sc_release_context: called                                                                                                           
[root@localhost etc]#

Ответ от Кирилл Мещеряков

  • Кирилл Мещеряков
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

У вас должен быть запущен /etc/init.d/pcscd, а /etc/init.d/openct, наоборот, остановлен.
Проверить, что токен определяется через libpcsclite можно утилитой pcsc_scan.

Ответ от MidNight^er

  • MidNight^er
  • Посетитель
  • Неактивен

Re: Проблема с рутокен ЭЦП и Fedora 14

Кирилл Мещеряков пишет:

У вас должен быть запущен /etc/init.d/pcscd, а /etc/init.d/openct, наоборот, остановлен.
Проверить, что токен определяется через libpcsclite можно утилитой pcsc_scan.

Я та ки сделал

[root@localhost etc]# service openct stop
Останавливаются терминалы смарт-карт OpenCT:  1 process killed. [  OK  ]
[root@localhost etc]# service pcscd start
Запускается демон смарт-карт PC/SC (pcscd): [  OK  ]

По поводу определения утилитой  pcsc_scan выясню немного позднее.