{"id":895,"date":"2012-10-21T12:46:25","date_gmt":"2012-10-21T09:46:25","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=895"},"modified":"2012-10-21T12:53:27","modified_gmt":"2012-10-21T09:53:27","slug":"opensc-tool-for-smart-cards","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=895","title":{"rendered":"OpenSC, Tool for Smart Cards"},"content":{"rendered":"<p>At <a href=\"http:\/\/www.opensc-project.org\/opensc\">OpenSC<\/a> page:<\/p>\n<blockquote>\n<p>OpenSC provides a set of libraries and <u>utilities<\/u> to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as <u>authentication<\/u>, <u>mail encryption<\/u> and <u>digital signatures<\/u>.<\/p>\n<p>OpenSC implements the <u>PKCS#11<\/u> API.<\/p>\n<p>On the card OpenSC implements the <u>PKCS#15<\/u> standard (file structure).<\/p>\n<\/blockquote>\n<p><strong>Good:<\/strong><\/p>\n<ul>\n<li>Support many smart cards<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>National ID Cards<\/li>\n<li>Generic smart cards<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Cryptoflex, MyEID, STARCOS<\/li>\n<\/ul>\n<\/li>\n<li>USB Tokens<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>To improve:<\/strong><\/p>\n<ul>\n<li>Man pages are out of date<\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>Use build-in help pages<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong><a href=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/10\/opensc.png\"><img loading=\"lazy\" alt=\"OpenSC\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/10\/opensc-small.png\" width=\"450\" height=\"262\" \/><\/a><\/strong><\/p>\n<p><strong>Opensc command examples<\/strong><\/p>\n<blockquote>\n<pre>\n<font size=\"-1\">C:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;opensc-tool --list-readers\n# Detected readers (pcsc)\nNr.  Card  Features  Name\n0    Yes             Generic Smart Card Reader Interface 0\n\nC:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;opensc-tool --reader 0 --atr\n3b:f5:18:00:00:81:31:fe:45:4d:79:45:49:44:9a\n<\/font>\n<\/pre>\n<\/blockquote>\n<p>Logging is available via -v parameter<\/p>\n<blockquote>\n<pre>\n<font size=\"-1\">C:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;opensc-tool --reader 0 --name -v\nConnecting to card in reader Generic Smart Card Reader Interface 0...\nUsing c         ard driver MyEID cards with PKCS#15 applet.\nCard name: MyEID cards with PKCS#15 applet\n<\/font>\n<\/pre>\n<\/blockquote>\n<p><strong>PKCS11 examples<\/strong><\/p>\n<p>Retrieving information<\/p>\n<blockquote>\n<pre>\n<font size=\"-1\">C:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;pkcs11-tool --module \"C:\\Program Files\\Fujitsu Services\\ActiveSecurity MyClient\\Crypt\noki.dll\" --show-info\nCryptoki version 2.11\nManufacturer     Fujitsu Services Oy\nLibrary          mPollux DigiSign Client (ver 0.1)\nUsing slot 0 with a present token (0x2021880)\n\n\nC:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;pkcs11-tool --module \"C:\\Program Files\\Fujitsu Services\\ActiveSecurity MyClient\\Crypt\noki.dll\" --list-mechanisms\nUsing slot 0 with a present token (0x1fdfa70)\nSupported mechanisms:\n  MD5, digest\n  SHA-1, digest\n  RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify\n  MD5-RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify\n  SHA1-RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify\n  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,4096}, hw, generate_key_pair\n\n\nC:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;pkcs11-tool --module \"C:\\Program Files\\Fujitsu Services\\ActiveSecurity MyClient\\Crypt\noki.dll\" --list-objects\nUsing slot 0 with a present token (0x20afab0)\nPrivate Key Object; RSA\n  label:      Encryption key [kx00]\n  ID:         45\n  Usage:      decrypt, sign, unwrap\nPublic Key Object; RSA 1024 bits\n  label:      Encryption key [kx00]\n  ID:         45\n  Usage:      none\nCertificate Object, type = X.509 cert\n  label:      Encryption certificate for key (69) [kxc00]\n  ID:         45\n<\/font>\n<\/pre>\n<\/blockquote>\n<p><strong>PKCS15 examples<\/strong><\/p>\n<p>Erasing the MyEID card<\/p>\n<blockquote>\n<pre>\n<font size=\"-1\">C:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;pkcs15-init -E -T\nUsing reader with a card: Generic Smart Card Reader Interface 0\nPIN [Security Officer PIN] required.\nPlease enter PIN [Security Officer PIN]:\n<\/font>\n<\/pre>\n<\/blockquote>\n<p>To browse PKCS15 file structure, after card was initiated with vendor tool (MyEID)<\/p>\n<blockquote>\n<pre>\n<font size=\"-1\">C:\\Program Files\\OpenSC Project\\OpenSC\\tools&gt;opensc-explorer\nOpenSC Explorer version 0.12.2-rc1\nUsing reader with a card: Generic Smart Card Reader Interface 0\nOpenSC [3F00]&gt; ls\nFileID  Type  Size\n[5015]    DF 32767      Name: \\xA0\\x00\\x00\\x00cPKCS-15\nOpenSC [3F00]&gt; info 5015\n\nDedicated File  ID 5015\n\nFile path:     3F00\/5015\nFile size:     32767 bytes\nDF name:       \\xA0\\x00\\x00\\x00cPKCS-15\nACL for SELECT:       N\/A\nACL for LOCK:         N\/A\nACL for DELETE:       NEVR\nACL for CREATE:       CHV3\nACL for REHABILITATE: N\/A\nACL for INVALIDATE:   N\/A\nACL for LIST FILES:   N\/A\nACL for CRYPTO:       N\/A\nACL for DELETE SELF:  N\/A\nProprietary attributes:  00 02\nSecurity attributes:     33 FF FF\n\nOpenSC [3F00]&gt; cd ..\nunable to go up, already in MF.\nOpenSC [3F00]&gt; cd 5015\nOpenSC [3F00\/5015]&gt; ls\nFileID  Type  Size\nOpenSC [3F00\/5015]&gt;\n<\/font>\n<\/pre>\n<\/blockquote>\n<p><strong>Other commands<\/strong><\/p>\n<p>opensc-tool &#8211;reader 0 &#8211;list-drivers<br \/>\nopensc-tool &#8211;reader 0 &#8211;serial<br \/>\nopensc-tool &#8211;list-algorithms<br \/>\npkcs15-tool &#8211;list-keys<br \/>\npkcs15-tool &#8211;list-certificates<br \/>\npkcs15-tool &#8211;list-pins<br \/>\npkcs15-tool &#8211;dump<\/p>\n<p><strong>Frequently asked questions<\/strong><\/p>\n<ul>\n<li>PKCS#11 is a software API for accessing cryptographic hardware like smart cards or HSMs<\/li>\n<li>PKCS#15 is a format of on-card structures that defines a &#8220;filesystem layout&#8221; for smart cards.<\/li>\n<\/ul>\n<p><strong>Links<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.opensc-project.org\/opensc\/wiki\/SecurityConsiderations\">Security Considerations<\/a><\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>including opensc.conf settings<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"http:\/\/www.opensc-project.org\/opensc\/wiki\/UsingOpensc\">Degugging<\/a><\/li>\n<li><a href=\"http:\/\/www.gooze.eu\/howto\/using-putty-and-winscp-with-smart-cards-under-windows\/installing-opensc-and-initializing-the\">Installing OpenSC and initializing the smartcard<\/a><\/li>\n<li style=\"LIST-STYLE-TYPE: none\">\n<ul>\n<li>with steps and environment variable setting, erase and initialize command and warning of loosing private key, if stored only on smart card<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>At OpenSC page: OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=895\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17,6],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/895"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=895"}],"version-history":[{"count":1,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions"}],"predecessor-version":[{"id":896,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions\/896"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}