Add support for '3bdf18008131fe7d006b020c0182011101434e53103180fc' token

licarigianluca commented 5 years ago

Reader name: ACS ACR38U-CCID 00 00 ATR: 3BDF18008131FE7D006B020C0182011101434E53103180FC

{
    "cards": [{
        "atr": "3BDF18008131FE7D006B020C0182011101434E53103180FC",
        "name": "Italian healtcare card (TS) National Service Card (CNS) (HealthCare)",
        "driver": "993988460d8f49a2ac519a2935f11533"
    }]
}

Smart card ATR parsing 3BDF18008131FE7D006B020C0182011101434E53103180FC

licarigianluca commented 5 years ago

other info

PC/SC device scanner V 1.4.27 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr Compiled with PC/SC lite version: 1.8.17 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR38U-CCID 00 00

Wed Feb 6 10:55:37 2019 Reader 0: ACS ACR38U-CCID 00 00 Card state: Card inserted, Shared Mode, ATR: 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC

ATR: 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC

TS = 3B --> Direct Convention
T0 = DF, Y(1): 1101, K: 15 (historical bytes) TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s TC(1) = 00 --> Extra guard time: 0 TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1

TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1

TA(3) = FE --> IFSC: 254 TB(3) = 7D --> Block Waiting Integer: 7 - Character Waiting Integer: 13
Historical bytes: 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 Category indicator byte: 00 (compact TLV data object) Tag: 6, len: B (pre-issuing data) Data: 02 0C 01 82 01 11 01 43 4E 53 Mandatory status indicator (3 last bytes) LCS (life card cycle): 10 (Proprietary) SW: 3180 (Error not defined by ISO 7816)
TCK = FC (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC Italian healtcare card (TS) National Service Card (CNS) (HealthCare)

rmhrisk commented 5 years ago

Thank you for this bug.

Can you provide the path in which we might be able to find the PKCS#11 libraries for this card?

We need the following:

    "file": {
        "windows": "path/to/pkcs11.dll",
        "osx": "path/to/pkcs11.dylib"
    }

licarigianluca commented 5 years ago

I'm using Debian Linux and the module is in this path: '/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'

rmhrisk commented 5 years ago

@microshine I have updated the JSON based on the provided detail in the bug above, please publish a new card.json when you have the time.

licarigianluca commented 5 years ago

Thanks. Can you paste the modified part of the card.json so I try on my machine meanwhile microshine publishing your patch?

Thank you again

rmhrisk commented 5 years ago

It is possible to do that, I forget where in the install it is located but you can just add that definition and it should work.

@microshine can clarify on location when he is free.

licarigianluca commented 5 years ago

can you paste the definition please?

licarigianluca commented 5 years ago

I added this code to the card.json file and now the message "card unsupported" vanished. But when I try to use this card after I enter the pin something strange happened.

the browser hangs this are the logs

{"message":"Application started at Wed Feb 06 2019 16:47:17 GMT+0100 (CET)","level":"info"} {"message":"OS linux x64 ","level":"info"} {"message":"Fortify v1.0.17","level":"info"} {"message":"System locale is 'en-US'","level":"info"} {"message":"Locale: Set language to 'en'","level":"info"} {"message":"Update: Check for new update","level":"info"} {"message":"Update: New version wasn't found","level":"info"} {"message":"SSL certificate is loaded","level":"info"} {"message":"Comparing current version of card.json file with remote","level":"info"} {"message":"card.json has the latest version","level":"info"} {"message":"PCSCWatcher: New reader detected ACS ACR38U-CCID 00 00","level":"info"} {"message":"PCSCWatcher:Insert reader:'ACS ACR38U-CCID 00 00' ATR:3bdf18008131fe7d006b020c0182011101434e53103180fc","level":"info"} {"message":"Server: Started at 127.0.0.1:31337","level":"info"} {"message":"WebCryptoLocalError: Provider:Open Cannot find pvpkcs11 by path /opt/fortify/resources/app.asar/pvpkcs11.so\n at new WebCryptoLocalError (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:83:23)\n at LocalProvider.open (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:2503:36)\n at ProviderService.open (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:3702:21)\n at Server.server.on (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:3801:27)\n at emitOne (events.js:115:13)\n at Server.emit (events.js:210:7)\n at Server.emit (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:637:22)\n at /opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:671:22\n at ","level":"error"} {"message":"Provider: Add crypto 'NSS Certificate DB' 8bbae6f98340d7a92006c21da65c1acd345ba946","level":"info"} {"message":"Provider:AddCrypto PKCS#11 '/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so' '/usr/lib/x86_64-linux-gnu/nss/libsoftokn3.so'","level":"info"} {"message":"Provider:Opened","level":"info"} {"message":"PCSCWatcher: New reader detected ACS ACR38U-CCID 00 00","level":"info"} {"message":"PCSCWatcher:Insert reader:'ACS ACR38U-CCID 00 00' ATR:3bdf18008131fe7d006b020c0182011101434e53103180fc","level":"info"} {"message":"Provider:Token:Insert reader:'ACS ACR38U-CCID 00 00' name:'Italian healtcare card' atr:3bdf18008131fe7d006b020c0182011101434e53103180fc","level":"info"} {"message":"Provider:Token:Insert Looking for ACS ACR38U-CCID 00 00 into 1 slot(s)","level":"info"} {"message":"Provider: Add crypto 'GIANLUCA LICARI (PIN CNS0)' 53636e676f13c8b9288597ab090fa12e2a3e5fb6493a71f83934ac5da30a1563","level":"info"} {"message":"Provider:AddCrypto PKCS#11 '/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so' 'Italian healtcare card'","level":"info"} {"message":"Provider:Token Amount of tokens was changed (+1/-0)","level":"info"} {"message":"Server: New session connect 127.0.0.1","level":"info"} {"message":"Server: Push session to stack","level":"info"} {"message":"Cannot parse MessageSignedProtocol","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 server/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/info","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/keyStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/export","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/login","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/keyStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/export","level":"info"} {"message":"Server: New session connect 127.0.0.1","level":"info"} {"message":"Server: Push session to stack","level":"info"} {"message":"Cannot parse MessageSignedProtocol","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 server/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/info","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/keyStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/export","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 provider/action/getCrypto","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/isLoggedIn","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/keyStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/keys","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:00e7c0c41c1d11133cd26ff109d82ea216aebe9e7f384e7b6c9175d0c7eebd09 crypto/certificateStorage/export","level":"info"}

rmhrisk commented 5 years ago

For the purpose of your test update the linux path for the driver "993988460d8f49a2ac519a2935f11533" to point at "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"

licarigianluca commented 5 years ago

I have done before I wrote back

rmhrisk commented 5 years ago

Does this smart card have certificates on it? If so how have you verified that?

microshine commented 5 years ago

@licarigianluca try https://peculiarventures.github.io/fortify-examples/example4.html this page it must show all certificates and keys for you token

microshine commented 5 years ago

@licarigianluca I sent updated card.json to your email from github account. Can you try it and confirm that it works for you?

I checked Fortify code, looks like it doesn't support multi paths for card.json file. We need to fix it in the next release https://github.com/PeculiarVentures/webcrypto-local/issues/217

licarigianluca commented 5 years ago

This is what i got in that page

rmhrisk commented 5 years ago

It seems we are able to see the certificate on your card with the test page, with that same configuration do you see the certificate when you visit https://tools.fortifyapp.com/ and select that smart card?

licarigianluca commented 5 years ago

No the page hangs and cpu go to 100%(one core of course)

rmhrisk commented 5 years ago

Hmmm.... I think were going to need to find a local reproduction to figure this one out. @microshine Any ideas?

microshine commented 5 years ago

@licarigianluca Is your fortify.log the same which you sent before?

licarigianluca commented 5 years ago

this fortify.log

microshine commented 5 years ago

Looks like Fortify app returns 1 certificate to tools.fortifyapp.com Maybe this is Web page error

It can be error on certificate showing

Can you check your browser console log?
Can you share your certificate?

licarigianluca commented 5 years ago

yes I can
Yes but I don't know how to export

microshine commented 5 years ago

You can export by using https://peculiarventures.github.io/fortify-examples/example4.html from console

// Get crypto
var macCrypto = await ws.getCrypto("01506f36c6ffe4062ed8d12e3acea5ef568cfcca")
// Get cert
var cert = await macCrypto.certStorage.getItem("x509-00c9cd0100600000-6a48d923a1982058202a2e516106cb35d9ca1936", {name:"RSASSA-PKCS1-v1_5", hash: "SHa-256"}, ["verify"])
// Export cert
await macCrypto.certStorage.exportCert("pem", cert);

microshine commented 5 years ago

Thank you! I need some time for tests

licarigianluca commented 5 years ago

can we delete the comment in which i wrote the certificate? I think that it's not a safe thing pate all theese info in a public area.

microshine commented 5 years ago

@licarigianluca Can you try updated version of https://tools.fortifyapp.com

Thanks to @donskov for finding and fixing UI error

licarigianluca commented 5 years ago

I have to start fortify on my pc?

microshine commented 5 years ago

yes And open link I shared. It must show your certificate in list

licarigianluca commented 5 years ago

ok Works!

licarigianluca commented 5 years ago

@microshine and @rmhrisk I say Thank you! Where I can find some docs to begin to coding my own app that uses fortify?

thanks again

microshine commented 5 years ago

I'll add 3BDF18008131FE7D006B020C0182011101434E53103180FC later. I need to update webcrypto-local implementation and publish new Fortify version to support multi paths for card.json

microshine commented 5 years ago

You can use https://github.com/PeculiarVentures/fortify-examples for starting and webcrypto-socket.d.ts file

licarigianluca commented 5 years ago

Can You advice me when the new version will be available please?

thanks

microshine commented 5 years ago

About 4-5 days

licarigianluca commented 5 years ago

It's possible to sign PDFs with fortify? And, if the answar is yes, how?

thx

rmhrisk commented 5 years ago

It is.

Check out https://hancock.ink it’s integrated Fortify.

licarigianluca commented 5 years ago

Sorry but I don't understand. Hancock does sign PDFs because is made on Fortify?

rmhrisk commented 5 years ago

Hancock can sign PDFs and can do so with smart cards because it used Fortify.

licarigianluca commented 5 years ago

Is the release ready (with the changes needed for this card to work) ?

microshine commented 5 years ago

@licarigianluca I updated node-webcrypto-p11 library, which is used by Fortify. It took a bit more time. I'm updating Fortify now.

microshine commented 5 years ago

@licarigianluca Can you try this new version?

https://github.com/PeculiarVentures/fortify-web/releases/tag/v1.0.18

card.json example

{
  "id": "993988460d8f49a2ac519a2935f11533",
  "name": "OpenSC driver",
  "file": {
    "osx": "/Library/OpenSC/lib/pkcs11/opensc-pkcs11.so",
    "linux": [
      "/usr/lib/opensc-pkcs11.so",
      "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
    ],
    "windows": "%WINDIR/System32/opensc-pkcs11.dll"
  }
},

licarigianluca commented 5 years ago

Hi, I'm trying to use fortify with another project CAdes.js but how i can use both starting with example file provided with fortify? Where is the correct way to import it for use?

thankyou

rmhrisk commented 5 years ago

This is really an issue for CAdES repository; Fortify just looks like a webcrypto implementation. I think your question is how do I use CAdES? If so please file a bug in that repository. We would love to hear about what you're trying to do also, it would help us give more targeted advice.

rmhrisk commented 5 years ago

@licarigianluca is this resolved for you?

donskov commented 3 years ago

Resolved

PeculiarVentures / fortify

Add support for '3bdf18008131fe7d006b020c0182011101434e53103180fc' token #130

T0 = DF, Y(1): 1101, K: 15 (historical bytes) TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s TC(1) = 00 --> Extra guard time: 0 TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1

TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1

card.json example