Closed vessokolev closed 6 months ago
The token you are referring to has a build-in secure element, but does not contain the SmartCard-HSM applet software. It is just a plain JCOP 2.4.1 secure element from NXP, which we used 10 years ago as platform for the SmartCard-HSM product. We currently use a uTrust Token Standard with a JCOP 4.0 SIM inserted.
You could get a SIM card reader and a SmartCard-HSM SIM version to build your own, but the uTrust Token Pro does not get you anywhere, if you are looking for a SmartCard-HSM.
"Excellent" news, which puts a huge stain on the seller. Having this one:
https://www.smartcard-hsm.com/2015/11/20/Building-a-SmartCard-HSM-Cluster.html
on-line without specifying that is outdated and the hardware used is no more supported, shows that you do not care about the content correctness, which is quite disrespectful to your customers. You just lost a loyal customer.
From what information in the above blog do you derive, that a plain card reader is automatically a SmartCard-HSM ?
As the name implies, a SmartCard-HSM is a smart card, not a card reader. And a SmartCard-HSM token is nothing more that a smart card in SIM format stick into a SIM card reader. There happen to be readers with embedded smart card chip, but that alone does not make them a SmartCard-HSM.
I guess you just picked the wrong article in the webshop. You should have chosen the SmartCard-HSM instead.
"To find out how well cryptographic processing scales in a cluster, we equipped a myUTN-80 with 8 SmartCard-HSM EA+ token." And the tokens are listed:
Port VID PID Manufacturer Product
.--- ------ ------ ----------------------------- -----------------------------
1 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
2 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
3 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
4 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
5 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
6 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
7 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
8 0x04e6 0x5817 Identiv uTrust 3522 embd SE Token
and they correspond to uTrust Token Pro.
I've taken the opportunity and fixed the misleading blog post.
Thanks. I hope that fix will stop any further confusion. Note that the blog post in its original form was not offending, it was misleading.
I got this token:
https://www.cardomatic.de/en/p/utrust-token-pro
in fact, four of it. The token (with idVendor=04e6 and idProduct=5817) is recognized by the PCSC Lite properly. As suggested, I also applied the script:
https://github.com/CardContact/sc-hsm-embedded/blob/master/etc/add-sc-hsm-usb-id.sh
to upgrade the PCSC Lite drivers' database to the most recent one that supports the token, but it appears that database was already up-to-date (pcsc-lite-1.9.4-1.el9.x86_64 package, officially bundled and packaged by Red Hat for Red Hat Enterprise Linux 9). The OpenSC package (opensc-0.23.0) cannot recognize the token:
I compiled OpenSC 0.24.0 and tried with that version. The result displayed by running pkcs15-tool and pkcs11-tool repeats what is shown above. No improvement.
The Smart Card Shell (latest) cannot recognize that token either:
The PKI-as-a-service portal at https://www.pki-as-a-service.net also cannot recognize the token:
"The card in your reader or the attached USB-Token is not a valid SmartCard-HSM."
Note that at the same time all tools and platforms mentioned perfectly recognize and work with Identiv uTrust 3512 SAM slot Token [CCID Interface] (idVendor=04e6, idProduct=5816).
So the question is how can one utilize Identive SCT3522CC [CCID Interface] tokens on Linux?