Open U-siro opened 5 months ago
If you want to try it with minidriver:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\JPKI-2]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
"80000001"="C:\\Program Files\\OpenSC Project\\OpenSC\\minidriver\\opensc-minidriver.dll"
"ATR"=hex:3b da 13 ff 81 31 fb 46 80 12 39 2f 31 c1 73 c6 01 c0 3b
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"InstalledBy"="OpenSC"
Then for 32 bit with regedit cd to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Calais\SmartCards and do the same as above. Note: the 8000001 path has "C:\Program Files (x86)\"
@dengert Yeah, I changed to it then works! C:\Program Files\OpenSC Project\OpenSC\tools>certutil -scinfo Microsoft 스마트 카드 리소스 관리자가 실행 중입니다. 현재 판독기/카드 상태: 판독기: 1 0: Hewlett Packard MFP Smart Card Reader 0 --- 판독기: Hewlett Packard MFP Smart Card Reader 0 --- 상태: SCARD_STATE_PRESENT | SCARD_STATE_INUSE --- 상태: 다른 프로세스가 카드를 공유하고 있습니다. --- 카드: JPKI-2 --- ATR: 3b da 13 ff 81 31 fb 46 80 12 39 2f 31 c1 73 c6 ;....1.F..9/1.s. 01 c0 3b ..;
======================================================= 판독기에서 카드 분석 중: Hewlett Packard MFP Smart Card Reader 0
--------------===========================-------------- ================ 인증서 0 ================ --- 판독기: Hewlett Packard MFP Smart Card Reader 0 --- 카드: JPKI-2 Provider = Microsoft Base Smart Card Crypto Provider 키 컨테이너 = (null) [기본 컨테이너]
일련 번호: 0705d990 발급자: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP NotBefore: 2024/01/22 1:37 NotAfter: 2024/12/25 23:59 주체: CN=8439XXXXXXXXXXXXXXXX, C=JP 루트가 아닌 인증서 인증서 해시(sha1): 1cee37bf42c26ba4a9XXXXXXXXXXXXXXXXXXX
AT_SIGNATURE 공개 키 일치 검사를 수행 중... 공개 키 일치 확인 테스트 성공 키 컨테이너 = c5a0a252-9d2dXXXXXXXXXXXXXXXXXXX Provider = Microsoft Base Smart Card Crypto Provider ProviderType = 1 Flags = 1 0x1 (1) KeySpec = 2 -- AT_SIGNATURE 개인 키 확인
인증서 체인 검증 수행 중... CertGetCertificateChain(dwErrorStatus) = 0x1010040 스마트 카드의 체인이 유효하지 않음 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) ChainContext.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000) SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) SimpleChain.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
CertContext[0][0]: dwInfoStatus=1 dwErrorStatus=1000040 Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP NotBefore: 2024/01/22 1:37 NotAfter: 2024/12/25 23:59 Subject: CN=843944E81LXXXXXXXXXXXXXXXXXXXX, C=JP Serial: 0705d990 Cert: 1cee37bf42c26ba4XXXXXXXXXXXXXXXXXXXXXXXX Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1) Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) Issuance[0] = 1.2.392.200149.8.5.1.3.30 Application[0] = 1.3.6.1.5.5.7.3.2 클라이언트 인증
완료되지 않은 인증서 체인 인증서를 찾을 수 없습니다. OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP 다음 판독기를 위해 AT_SIGNATURE 인증서를 표시했습니다. Hewlett Packard MFP Smart Card Reader 0 다음 판독기에 AT_KEYEXCHANGE 키가 없습니다. Hewlett Packard MFP Smart Card Reader 0
--------------===========================-------------- ================ 인증서 0 ================ --- 판독기: Hewlett Packard MFP Smart Card Reader 0 --- 카드: JPKI-2 Provider = Microsoft Smart Card Key Storage Provider 키 컨테이너 = c5a0a252-9d2d-eb60-fec0-41b4fbd722a2
일련 번호: 0705d990 발급자: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP NotBefore: 2024/01/22 1:37 NotAfter: 2024/12/25 23:59 주체: CN=843944EXXXXXXXXXXXXXA, C=JP 루트가 아닌 인증서 인증서 해시(sha1): 1cee37bf42c26XXXXXXXXXXXXXXXXXXXXXXXXXX
공개 키 일치 검사를 수행 중... 공개 키 일치 확인 테스트 성공 키 컨테이너 = c5a0a252-9d2d-ebXXXXXXXXXXXXXXX Provider = Microsoft Smart Card Key Storage Provider ProviderType = 0 Flags = 1 0x1 (1) KeySpec = 0 -- XCN_AT_NONE 개인 키 확인 Microsoft Smart Card Key Storage Provider: KeySpec=0 AES256+RSAES_OAEP(RSA:CNG) 테스트 건너뜀
인증서 체인 검증 수행 중... CertGetCertificateChain(dwErrorStatus) = 0x1010040 스마트 카드의 체인이 유효하지 않음 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) ChainContext.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000) SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) SimpleChain.dwErrorStatus = CERT_TRUST_IS_PARTIAL_CHAIN (0x10000)
CertContext[0][0]: dwInfoStatus=1 dwErrorStatus=1000040 Issuer: OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP NotBefore: 2024/01/22 1:37 NotAfter: 2024/12/25 23:59 Subject: CN=843944E81XXXXXXXXXXXXXXXXXXX, C=JP Serial: 0705d990 Cert: 1cee37bf42c26ba4XXXXXXXXXXXXXXXXXXXXXXXX Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1) Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) Issuance[0] = 1.2.392.200149.8.5.1.3.30 Application[0] = 1.3.6.1.5.5.7.3.2 클라이언트 인증
완료되지 않은 인증서 체인 인증서를 찾을 수 없습니다. OU=Japan Agency for Local Authority Information Systems, OU=JPKI for user authentication, O=JPKI, C=JP 다음 판독기를 위해 인증서를 표시했습니다. Hewlett Packard MFP Smart Card Reader 0
--------------===========================--------------
완료. CertUtil: -SCInfo 명령이 성공적으로 완료되었습니다.
I think we can add this ATR to customactions.cpp and card-jpki.c
@hamano ?
During driver development, I didn't understand ATR well then, and I still don't understand it well now. What exactly is ATR? Even with the same card, changing the reader will get in a different ATR prefix. Therefore, it's not possible to detect card types based on ATR. In card-jpki.c, we're checking the responce of SELECT FILE, so the code for _sc_match_atr() can be removed. It might take some time to recall the workings of Windows.
Does the result of opensc-tool -n
respond "jpki"?
The ATR is an old feature to detect the type of a smart card and Windows still uses this as primary method to select the correct smart card driver (hence, the need for modifying the registry). In you driver everything works fine (has fallback to AID selection), but since the ATR seems to be bijective, you may use this as short cut in the match card callback.
Thank you for your explanation. I had been considering the possibility of using ATR as a shortcut. I have five JPKI cards and two readers, so I will list them. Since ATR relies more on the reader than the card, I still don't think it can be utilized for detecting card types.
# card 1 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:0d:1d:23:f3:00:00:05:e0:b3:81:a1:eb
jpki
# card 2 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:44:50:20:8a:00:4b:51:ff:00:81:d1:56
jpki
# card 3 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:01:2e:ac:d3:00:00:41:e0:b3:81:a1:3f
jpki
# card 4 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:00:e2:96:c9:00:00:05:e0:b3:81:a1:96
jpki
# card 5 with reader 1
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR122 0
3b:8c:80:01:50:a4:d1:f2:98:00:00:05:e0:b3:81:a1:34
jpki
# card 1 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:05:e0:b3:81:a1:00:7f
jpki
# card 2 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:4b:51:ff:00:81:d1:00:bc
jpki
# card 3 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:41:e0:b3:81:a1:00:3b
jpki
# card 4 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:05:e0:b3:81:a1:00:7f
jpki
# card 5 with reader 2
# opensc-tool.exe -a -n
Using reader with a card: ACS ACR1255U-J1 PICC Reader 0
3b:88:80:01:00:00:05:e0:b3:81:a1:00:7f
jpki
The first reader is a contact reader and the ATR comes from the card. The second reader is using NFC, and in that protocol the ATR from the card is not available, so software constructs ATR. The first part of ATR has voltage, timing and protocol values which are only used with a contact reader.
The historical bytes are usually the same. in both cases. But it could be the card be different https://cardwerk.com/smart-card-standard-iso7816-4-section-8-historical-bytes/ "The information carried by the historical bytes may also be found in an ATR file (default EF identifier=’2F01′)."
https://www.acs.com.hk/en/products/403/acr1255u-j1-acs-secure-bluetooth%C2%AE-nfc-reader/
https://smartcard-atr.apdu.fr/ can be used to parse an ATR.
Thank you for providing the reference. The ACS ACR122 and ACS ACR1255U-J1 are both contact-less readers. I unearthed an old contact-full reader in the garage and when I read five cards, it responded with two types of ATR:
Nowadays, I believe there are few users of contact-full readers, but since these two are likely jpki card-specific identifiers, I agree to add them. I tried to select ATR file(2F01) but not found it.
Problem Description
I got MyNumber Card recently but this was unable to detect my card. It has ATR starting with 3b:da:13:ff:81:31:fb:46:80:12:39. Windows recongizing this card as unknown smart card.![image](https://github.com/OpenSC/OpenSC/assets/3070987/29c67024-00b8-4208-9c0b-37336e16cc9b)
Proposed Resolution
Steps to reproduce
Logs