26 Jan
2011
26 Jan
'11
8:14 a.m.
On Wed, Jan 26, 2011 at 08:16:17AM +0100, Alain Knaff wrote:
On 01/25/2011 11:28 PM, Lionel Elie Mamane wrote:
> Use of the cache is not enabled by default in SVN
version (some
> distros seem to have it enabled it by default in their packaged
> versions), and in all versions never silently populated. So:
> Enable it in /opensc/prefix/etc/opensc.conf and
run
> pkcs15-tool -L
> to populate it.
> Then, things should be *much* faster indeed.
Maybe, it would be a good idea to add that info (and
your patch to fix
the NULL label bug) to the wiki page?
Yes. Feel free to do it :)
>> Why does it say CKR_USER_NOT_LOGGED_IN? My pin
was correct;
> It aborts when you try to use the signature key,
which my driver is
> unable to use: the card requires the command to be cryptographically
> signed in some way I haven't cracked yet.
I see... I have a disassembler (decompiler)
"half-way" going. It doesn't
produce any compilable code yet, but it may be able to dig out some
data, such as keys. But due to the volume of code, I'd need some hints
about where to look...
Maybe we could sit down together some day in the next weeks and take a
look at it. An approach would be to use a debugger with a breakpoint
to the point where it sends data to pcscd, and then try to go up the
call stack / back the instruction stream and see "what it does" just
before. With a disassembler, it is manual work, but possibly doable?
And surely there are off-the-shelf free software disassemblers we can
use. (I mean a disassembler as opposed to a decompiler.) Sure, a
decompiler would make things easier, but we do with what we have.
But we need to find out not only the _key_, but also the algorithm :)
Possibly the key is "just" the PIN? Or maybe a true hardcoded (in the
driver) cryptographic key. I don't know.
Or is it that the "normal" commands are not
signed at all?
Normal commands are not signed at all. You give the PIN once in a
separate command, and then you can use any "other" PIN-protected
command, until the card is reset (either physically or through a
"reset" command).
--
Lionel