Help, i'm new in this domain of developement what i should have and do to use fortify ?

[ELARCHA]

Help, i'm new in this domain of developement what i should have and do to use fortify ? i install it this repository but it does not work for me maybe i should some config?

[microshine]

What OS do you use?

Fortify must auto launch after installation or OS starting. If Fortify is running there must be tray icon. Do you have it?

[ELARCHA]

i have windows and linux

[microshine]

Fortify creates SSL certificate and adds it to trusted certificate storage. Than you can use connection to local Fortify service.

You can test it via Tools in tray menu or https://peculiarventures.github.io/fortify-examples/

Does it work for you?

[ELARCHA]

Thank you , it works ,but when i want to generate a certifcate in smartcard by the example 1(Certificate request generation) it doesn't give me the choice to store it in a smart card rather than store it in windows.

And it is possible to install fortify on remote server not just in local ?

[microshine]

it doesn't give me the choice to store it in a smart card rather than store it in windows

It's possible that Fortify doesn't support your PKCS#11 device. You can check it by Fortify log.

It creates records for each smart card remove/insert event

Can you check this log?

And it is possible to install fortify on remote server not just in local ?

Fortify is UI app. It shows prompt dialogs for User. You cannot use it on remote server. But you can use Fortify core for it. This is webcrypto-local

This is example of script for server side. You just need to implement 2key and pin notifications.

[ELARCHA]

I just chekout the log and it detect the reader. but it doesn't give me the possibility to store the certificate in my card rather than windows.

{"level":"info","message":"PCSCWatcher: New reader detected BIT4ID miniLector-S 0","timestamp":"2018-05-15T12:04:23.482Z"}
{"level":"info","message":"PCSCWatcher: _`New reader detected BIT4ID miniLector-S 0`_
New reader detected BIT4ID miniLector-S 0","timestamp":"2018-05-15T12:04:23.486Z"}
{"level":"info","message":"PCSCWatcher:Insert reader:'BIT4ID miniLector-S 0' ATR:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-15T12:04:23.494Z"}
{"level":"info","message":"PCSCWatcher:Insert reader:'BIT4ID miniLector-S 0' ATR:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-15T12:04:23.502Z"}
{"level":"info","message":"Provider:Token:Insert reader:'BIT4ID miniLector-S 0' name:'SCard Windows API' atr:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-15T12:04:24.510Z"}
{"level":"info","message":"Provider:Token:Insert Looking for BIT4ID miniLector-S 0 into 2 slot(s)","timestamp":"2018-05-15T12:04:27.769Z"}

[microshine]

~/.fortify/cards.json keeps information about PKCS#11 libraries. You can try to add your token there and restart Fortify.

Fortify uses Windows CNG API for unsupported SmartCards.

Can you share ws.info() on token insert event?

[ELARCHA]

Can you clarify i don't understand what you mean.

2018-05-15 15:21 GMT+00:00 Miroshin Stepan notifications@github.com:

~/.fortify/cards.json keeps information about PKCS#11 libraries. You can try to add your token here and restart Fortify.

Fortify uses Windows CNG API for unsupported SmartCards.

Can you share ws.info() on token insert event?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify-examples/issues/2#issuecomment-389206976, or mute the thread https://github.com/notifications/unsubscribe-auth/AQki0Hfybo9WT_plpIeqUOCA-RfWS19-ks5tyvKGgaJpZM4T_O8D .

-- Cordialement ELARCHA Radouane +212 678017199

[microshine]

Get list of providers

code

.on("listening", async (e) => {
  const info = await ws.info();
  console.log(info.providers.map(provider => {
    return {
      name: provider.name,
      id: provider.id,
    };
  }));
})

out

[
  {
    "name": "MacOS Crypto",
    "id": "d164a0cf5e4273dde25286dea907a57937b20069"
  },
  {
    "name": "My slot 2",
    "id": "981891ae7c940d3b01b47f998d084cc03a48589c"
  },
  {
    "name": "NSS#1",
    "id": "8bbae6f98340d7a92006c21da65c1acd345ba946"
  },
  {
    "name": "SafeNet eToken 5110",
    "id": "05c7ae371448408eab487339fdc88a0f0c031639d6cce36f2459ed9eb16eec64"
  }
]

Get list of providers from token event

code

.on("token", (info) => {
  if (info.added.length) {
    const res = info.added.map(provider => {
      return {
        name: provider.name,
        id: provider.id,
      };
    })
    console.log(res);
  }
})

out

[
  {
    "name": "SafeNet eToken 5110",
    "id": "05c7ae371448408eab487339fdc88a0f0c031639d6cce36f2459ed9eb16eec64"
  }
]

[microshine]

Get crypto by provider ID

code

const crypto = await ws.getCrypto(provider.id);
const hash = await crypto.subtle.digest("SHA-256", new Uint8Array([1, 0, 1]));
console.log("SHA-256:", pvtsutils.Convert.ToHex(hash));

out

SHA-256: 85f90dfea1d8027e1463e5ca971a250110a20df0119d204a74220bc63516d15b

[ELARCHA]

.on("listening", async (e) => {
  const info = await ws.info();
  console.log(info.providers.map(provider => {
    return {
      name: provider.name,
      id: provider.id,
    };
  }));
})

out

{
name: "Windows CryptoAPI", 
id: "495d9e2bcf92561aad559a8b94f20302645a63be"
}

and for:

.on("token", (info) => {
  if (info.added.length) {
    const res = info.added.map(provider => {
      return {
        name: provider.name,
        id: provider.id,
      };
    })
    console.log(res);
  }
})

no out.

[microshine]

I forgot SCard Windows API doesn't emit token event

try this

ws.cardReader.on("insert", async (info) => {
  const info = await ws.info();
  console.log(info.providers.map(provider => {
    return {
      name: provider.name,
      id: provider.id,
    };
  }));
});

[ELARCHA]

it doesn't work for me !!!!!

[microshine]

I use node-static for local server starting

> npm i node-static -g
> static . -p 3000

open http://localhost:3000/index.html fortify.html source code

[microshine]

I added challenge and login to gist

[ELARCHA]

where i must create this to access to it by http://localhost:3000/

[ELARCHA]

i added now i'm testing the script

[ELARCHA]

I get this result

SHA-256: 85f90dfea1d8027e1463e5ca971a250110a20df0119d204a74220bc63516d15b
example1.html:70 SCARD:REMOVE CardReaderRemoveEventProto {raw: ArrayBuffer(71), _action: "cardReader/remove", _version: 1, _actionId: "", _reader: "BIT4ID miniLector-S 0", …}
example1.html:61 Token ProviderTokenEventProto {raw: ArrayBuffer(24), _action: "provider/event/token", _version: 1, _actionId: "", _added: Array(0), …}
example1.html:67 SCARD:INSERT CardReaderInsertEventProto {raw: ArrayBuffer(71), _action: "cardReader/insert", _version: 1, _actionId: "", _reader: "BIT4ID miniLector-S 0", …}

but i still not access to my smart card to generate a certificate on it by using the (example1.html) of fortify lib !!!!!!!!!!!!!!!!!!!!!!!!!

[microshine]

I updated https://peculiarventures.github.io/fortify-examples/example1.html

Can you try it? It's listening for insert/remove

[ELARCHA]

Thanks ,it works but i want to generate certificate on my card (add certificate to my card) , now it allows me to generate it on windows.

2018-05-15 19:00 GMT+00:00 Miroshin Stepan notifications@github.com:

I update https://peculiarventures.github.io/fortify-examples/example1.html

Can you try it? It's listening for insert/remove

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify-examples/issues/2#issuecomment-389277097, or mute the thread https://github.com/notifications/unsubscribe-auth/AQki0B0aau0Oy7la73w6oRFFdofEezuxks5tyyXGgaJpZM4T_O8D .

-- Cordialement ELARCHA Radouane +212 678017199

[microshine]

I updated other examples Try this https://peculiarventures.github.io/fortify-examples/example3.html example for self-signed certificate generation

[ELARCHA]

Thanks, but i still have the same result it allows me to generate it only on windows. like this

[microshine]

Do you have only Windows CryptoAPI provider in list?

[ELARCHA]

yes

[microshine]

I need time to reproduce this case locally. I'll do it today

Lets try another way to add your token to Fortify. We can update cards.json file. I need path to PKCS#11 dll for your token.

[ELARCHA]

where i can find cards.json to add the driver to my token.

[microshine]

C:/Users/<user name>/.fortify

ATR for your token is 3bff1800ff8131fe55006b42495434494420312e3000900091

[ELARCHA]

thanks but i don't find any token with this ATR 3bff1800ff8131fe55006b42495434494420312e3000900091 in C:/Users//.fortify

[microshine]

You need to add this ATR 3bff1800ff8131fe55006b42495434494420312e3000900091 to card.json

{
  "atr": "3bff1800ff8131fe55006b42495434494420312e3000900091",
  "name": "<name>",
  "readOnly": false,
  "driver": "<existing driver id from card.json  OR new>"
}

If there is not driver for your token, you need to add new driver too

[ELARCHA]

Thank you.

{
  "atr": "3bff1800ff8131fe55006b42495434494420312e3000900091",
  "name": "bit 4 id",
  "readOnly": false,
  "driver": "<existing driver id from card.json  OR new>"
}

{
  "id": "",
  "name": "bit for id",
  "file": {
    "windows": "C:/Windows/System32/bit4ipki.dll",
  }
},

and for the id of driver what can i do.

[microshine]

this is random value

[ELARCHA]

{
  "atr": "3bff1800ff8131fe55006b42495434494420312e3000900091",
  "name": "Bit 4 ID pki",
  "readOnly": false,
  "driver": "9d3a55d2d8294174a53d5845d6d11888"
},

for the driver:

{
  "id": "9d3a55d2d8294174a53d5845d6d11888",
  "name": "Bit 4 ID pki",
  "file": {
    "windows": "%WINDIR/System32/bit4ipki.dll",
  }
},

i added this in card.json and i still have the same result !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[microshine]

What is fortify log for key insertion/removing?

[ELARCHA]

-This my fortify log

{"level":"info","message":"Provider:Token:Remove reader:'BIT4ID miniLector-S 0' name:'SCard Windows API' atr:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-16T15:17:18.928Z"} {"level":"error","message":"WebCryptoLocalError: TOKEN_REMOVE_NO_SLOTS_FOUND\n at new WebCryptoLocalError (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:83:23)\n at LocalProvider.onTokenRemove (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:2698:36)\n at emitOne (events.js:115:13)\n at CardWatcher.emit (events.js:210:7)\n at PCSCWatcher.CardWatcher.watcher.on.on.on.on (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:1237:26)\n at emitOne (events.js:115:13)\n at PCSCWatcher.emit (events.js:210:7)\n at CardReader.reader.on (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:1057:30)\n at emitNone (events.js:105:13)\n at CardReader.emit (events.js:207:7)","timestamp":"2018-05-16T15:17:18.946Z"} {"level":"info","message":"Server: Close session Socket Error: read ECONNRESET (code: 1006)","timestamp":"2018-05-16T15:17:19.017Z"} {"level":"info","message":"PCSCWatcher: New reader detected BIT4ID miniLector-S 0","timestamp":"2018-05-16T15:17:23.063Z"} {"level":"info","message":"PCSCWatcher: New reader detected BIT4ID miniLector-S 0","timestamp":"2018-05-16T15:17:23.064Z"} {"level":"info","message":"PCSCWatcher:Insert reader:'BIT4ID miniLector-S 0' ATR:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-16T15:17:23.095Z"} {"level":"info","message":"PCSCWatcher:Insert reader:'BIT4ID miniLector-S 0' ATR:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-16T15:17:23.118Z"} {"level":"info","message":"Provider:Token:Insert reader:'BIT4ID miniLector-S 0' name:'SCard Windows API' atr:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-16T15:17:24.126Z"} {"level":"info","message":"Provider:Token:Insert Looking for BIT4ID miniLector-S 0 into 2 slot(s)","timestamp":"2018-05-16T15:17:26.554Z"}

[microshine]

Did you restart Fortify after card.json was edited?

There must be log like this for supported PKCS#11 libs

{"level":"info","message":"PCSCWatcher:Insert reader:'SafeNet eToken 5100' ATR:3bd5180081313a7d8073c8211030","timestamp":"2018-05-15T19:28:32.871Z"}
{"level":"info","message":"Provider:Token:Insert reader:'SafeNet eToken 5100' name:'SafeNet eToken 5110' atr:3bd5180081313a7d8073c8211030","timestamp":"2018-05-15T19:28:33.871Z"}
{"level":"info","message":"Provider:Token:Insert Looking for SafeNet eToken 5100 into 1 slot(s)","timestamp":"2018-05-15T19:28:33.872Z"}
{"level":"info","message":"Provider: Add crypto 'SafeNet eToken 5110' 05c7ae371448408eab487339fdc88a0f0c031639d6cce36f2459ed9eb16eec64","timestamp":"2018-05-15T19:28:33.890Z"}
{"level":"info","message":"Provider:AddCrypto PKCS#11 '/usr/local/lib/libeTPkcs11.dylib' 'SafeNet eToken 5110'","timestamp":"2018-05-15T19:28:33.890Z"}
{"level":"info","message":"Provider:Token Amount of tokens was changed (+1/-0)","timestamp":"2018-05-15T19:28:33.890Z"}

[ELARCHA]

I had again this result with this error

{"level":"info","message":"Provider:Token:Insert reader:'BIT4ID miniLector-S 0' name:'SCard Windows API' ### atr:3bff1800ff8131fe55006b42495434494420312e3000900091","timestamp":"2018-05-16T15:31:18.908Z"}

{"level":"info","message":"Provider:Token:Insert Looking for BIT4ID miniLector-S 0 into 2 slot(s)","timestamp":"2018-05-16T15:31:18.939Z"} _{"level":"error","message":"Error: CKR_FUNCTION_NOT_SUPPORTED:84\n at Error (native) PKCS11::C_OpenSession:329\n at Slot.open (C:\Program Files\Fortify\resources\app.asar\node_modules\graphene-pk11\build\slot.js:43:33)\n at Pkcs11Crypto.open (C:\Program Files\Fortify\resources\app.asar\node_modules\node-webcrypto-p11\built\webcrypto.js:59:34)\n at Pkcs11Crypto.WebCrypto (C:\Program Files\Fortify\resources\app.asar\node_modules\node-webcrypto-p11\built\webcrypto.js:43:14)\n at Pkcs11Crypto (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:2410:9)\n at slotIndexes.forEach (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:2628:43)\n at Array.forEach ()\n at LocalProvider.onTokenInsert (C:\Program Files\Fortify\resources\app.asar\node_modules\webcrypto-local\dist\webcrypto-local.js:2626:29)\n at emitOne (events.js:115:13)\n at CardWatcher.emit (events.js:210:7)\n at PCSCWatcher.CardWatcher.watcher.on.on.on (C:\Program Files\Fortify\resources\app.asar\nodemodules\webcrypto-local\dist\webcrypto-local.js:1209:26)","timestamp":"2018-05-16T15:31:18.954Z"}

[microshine]

Thank you

Fortify tries use PKCS#11 lib but has error on it. This is why it switches to SCard Windows API

@ELARCHA I'll check this case locally. It'll take time

[rmhrisk]

@ELARCHA is bit4ipki.dll a PKCS#11 library?

[ELARCHA]

@rmhrisk yes it is.

[rmhrisk]

@ELARCHA do you still have this issue?

[jenkin90]

I've the same issue