Difference between revisions of "IDream ID-SMID01 SmartCard reader"

From YobiWiki
Jump to navigation Jump to search
Line 67: Line 67:
 
openssl x509 -in my_auth.crt -text
 
openssl x509 -in my_auth.crt -text
 
pkcs15-tool --read-ssh-key 2
 
pkcs15-tool --read-ssh-key 2
  +
===SSH===
  +
Inspired from http://simi.be/?page_id=9
  +
  +
Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1
  +
<br>I recompile ssh with smartcard support.
  +
apt-get source openssh-client
  +
cd openssh-4.7p1
  +
patch -p1 < ../mypatch
  +
dpkg-buildpackage -uc -us -rfakeroot
  +
Sending my public key to the ssh server:
  +
pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys'
  +
Then logging, being prompted for my PIN:
  +
ssh -I 0 user@host.com
  +
===TODO===
  +
http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic

Revision as of 01:52, 5 February 2008

10€ at Carrefour

I tried both to get the binary running with my pcsclite 1.4.4 and the old pcsclite 0.9.1 given in the zip, without any success

I tried to install openct and opensc, there is communication with the reader with the standard CCID, I can get communication with a VISA card but with the Belgian eID I get error at protocol selection

# openct-tool atr                                                                      
Detected CCID Compatible                                                             
Card present, status changed                                                         
ATR: 3b 98 13 40 0a a5 03 01 01 01 ad 13 11                                          
Jan  8 01:09:28 mercure ifdhandler[1045]: CCID Compatible: Bad PTS response          
Jan  8 01:09:28 mercure ifdhandler[1045]: Protocol selection failed                  
                                                                                    

VISA card replies correct ATR & protocol selection:

# cardos-info                                                                        
3b:67:00:00:00:00:00:00:00:90:00                                                     
Received (SW1=0x6D, SW2=0x00)                                                        


Installing beidgui and dependencies:
libopenct1 libpcsclite1 libbeidlibopensc2 libbeid2 beid-tools beidgui libccid pcscd

less /usr/share/doc/libbeidlibopensc2/README.Debian

Update

Yeah I could finally get it working, not with openct which gave broken results but with libccid:

apt-get install libccid

Then edit /etc/libccid_Info.plist and add the vendor/product ID to the list, e.g.:

--- libccid_Info.plist.old      2008-02-04 23:54:26.000000000 +0100
+++ libccid_Info.plist  2008-02-04 23:55:23.000000000 +0100
@@ -180,6 +180,7 @@
               <string>0x09C3</string>
               <string>0x0783</string>
               <string>0x0C4B</string>
+               <string>0x062D</string>
       </array>

       <key>ifdProductID</key>
@@ -268,6 +269,7 @@
               <string>0x0008</string>
               <string>0x0003</string>
               <string>0x0300</string>
+               <string>0x0001</string>
       </array>

       <key>ifdFriendlyName</key>
@@ -356,6 +358,7 @@
               <string>ActivCard USB Reader 2.0</string>
               <string>C3PO LTC31</string>
               <string>Reiner-SCT cyberJack pinpad(a)</string>
+               <string>iDream ID-SMID01</string>
       </array>

       <key>Copyright</key>

Now a simple call to beidgui works :-)

Firefox security module

To add the security module to Firefox:

apt-get install libbeid2-dev libbeidlibopensc2-dev

Visit file:///usr/share/beid/beid-pkcs11-register.html

Exploring

pkcs15-tool --dump
pkcs15-tool --read-certificate 02 > my_auth.crt
pkcs15-tool --read-certificate 03 > my_sign.crt
pkcs15-tool --read-certificate 04 > belgium.crt
pkcs15-tool --read-certificate 06 >> belgium.crt
openssl x509 -in my_auth.crt -text
pkcs15-tool --read-ssh-key 2

SSH

Inspired from http://simi.be/?page_id=9

Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1
I recompile ssh with smartcard support.

apt-get source openssh-client
cd openssh-4.7p1
patch -p1 < ../mypatch
dpkg-buildpackage -uc -us -rfakeroot

Sending my public key to the ssh server:

pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys'

Then logging, being prompted for my PIN:

ssh -I 0 user@host.com

TODO

http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic