Difference between revisions of "IDream ID-SMID01 SmartCard reader"
m (→Exploring) |
m (→Exploring) |
||
Line 67: | Line 67: | ||
openssl x509 -in my_auth.crt -text |
openssl x509 -in my_auth.crt -text |
||
pkcs15-tool --read-ssh-key 2 |
pkcs15-tool --read-ssh-key 2 |
||
+ | ===SSH=== |
||
+ | Inspired from http://simi.be/?page_id=9 |
||
+ | |||
+ | Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1 |
||
+ | <br>I recompile ssh with smartcard support. |
||
+ | apt-get source openssh-client |
||
+ | cd openssh-4.7p1 |
||
+ | patch -p1 < ../mypatch |
||
+ | dpkg-buildpackage -uc -us -rfakeroot |
||
+ | Sending my public key to the ssh server: |
||
+ | pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys' |
||
+ | Then logging, being prompted for my PIN: |
||
+ | ssh -I 0 user@host.com |
||
+ | ===TODO=== |
||
+ | http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic |
Revision as of 01:52, 5 February 2008
10€ at Carrefour
- Official page
- You can get the driver for pcsc-lite: linux driver_STD200_THRC.zip
I tried both to get the binary running with my pcsclite 1.4.4 and the old pcsclite 0.9.1 given in the zip, without any success
I tried to install openct and opensc, there is communication with the reader with the standard CCID, I can get communication with a VISA card but with the Belgian eID I get error at protocol selection
# openct-tool atr Detected CCID Compatible Card present, status changed ATR: 3b 98 13 40 0a a5 03 01 01 01 ad 13 11 Jan 8 01:09:28 mercure ifdhandler[1045]: CCID Compatible: Bad PTS response Jan 8 01:09:28 mercure ifdhandler[1045]: Protocol selection failed
VISA card replies correct ATR & protocol selection:
# cardos-info 3b:67:00:00:00:00:00:00:00:90:00 Received (SW1=0x6D, SW2=0x00)
Installing beidgui and dependencies:
libopenct1 libpcsclite1 libbeidlibopensc2 libbeid2 beid-tools beidgui libccid pcscd
less /usr/share/doc/libbeidlibopensc2/README.Debian
Update
Yeah I could finally get it working, not with openct which gave broken results but with libccid:
apt-get install libccid
Then edit /etc/libccid_Info.plist and add the vendor/product ID to the list, e.g.:
--- libccid_Info.plist.old 2008-02-04 23:54:26.000000000 +0100 +++ libccid_Info.plist 2008-02-04 23:55:23.000000000 +0100 @@ -180,6 +180,7 @@ <string>0x09C3</string> <string>0x0783</string> <string>0x0C4B</string> + <string>0x062D</string> </array> <key>ifdProductID</key> @@ -268,6 +269,7 @@ <string>0x0008</string> <string>0x0003</string> <string>0x0300</string> + <string>0x0001</string> </array> <key>ifdFriendlyName</key> @@ -356,6 +358,7 @@ <string>ActivCard USB Reader 2.0</string> <string>C3PO LTC31</string> <string>Reiner-SCT cyberJack pinpad(a)</string> + <string>iDream ID-SMID01</string> </array> <key>Copyright</key>
Now a simple call to beidgui works :-)
Firefox security module
To add the security module to Firefox:
apt-get install libbeid2-dev libbeidlibopensc2-dev
Visit file:///usr/share/beid/beid-pkcs11-register.html
Exploring
pkcs15-tool --dump pkcs15-tool --read-certificate 02 > my_auth.crt pkcs15-tool --read-certificate 03 > my_sign.crt pkcs15-tool --read-certificate 04 > belgium.crt pkcs15-tool --read-certificate 06 >> belgium.crt openssl x509 -in my_auth.crt -text pkcs15-tool --read-ssh-key 2
SSH
Inspired from http://simi.be/?page_id=9
Getting the patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355274 and porting it to v4.7p1
I recompile ssh with smartcard support.
apt-get source openssh-client cd openssh-4.7p1 patch -p1 < ../mypatch dpkg-buildpackage -uc -us -rfakeroot
Sending my public key to the ssh server:
pkcs15-tool --read-ssh-key 2 |tail -n1|ssh user@host 'cat - >> ~/.ssh/authorized_keys'
Then logging, being prompted for my PIN:
ssh -I 0 user@host.com
TODO
http://blog.eikke.com/index.php/ikke/2007/10/29/using_your_belgian_eid_for_ssl_authentic