Closed licarigianluca closed 3 years ago
other info
PC/SC device scanner V 1.4.27 (c) 2001-2011, Ludovic Rousseau ludovic.rousseau@free.fr Compiled with PC/SC lite version: 1.8.17 Using reader plug'n play mechanism Scanning present readers... 0: ACS ACR38U-CCID 00 00
Wed Feb 6 10:55:37 2019 Reader 0: ACS ACR38U-CCID 00 00 Card state: Card inserted, Shared Mode, ATR: 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC
ATR: 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC
TA(3) = FE --> IFSC: 254 TB(3) = 7D --> Block Waiting Integer: 7 - Character Waiting Integer: 13
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): 3B DF 18 00 81 31 FE 7D 00 6B 02 0C 01 82 01 11 01 43 4E 53 10 31 80 FC Italian healtcare card (TS) National Service Card (CNS) (HealthCare)
Thank you for this bug.
Can you provide the path in which we might be able to find the PKCS#11 libraries for this card?
We need the following:
"file": {
"windows": "path/to/pkcs11.dll",
"osx": "path/to/pkcs11.dylib"
}
I'm using Debian Linux and the module is in this path: '/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'
@microshine I have updated the JSON based on the provided detail in the bug above, please publish a new card.json when you have the time.
Thanks. Can you paste the modified part of the card.json so I try on my machine meanwhile microshine publishing your patch?
Thank you again
It is possible to do that, I forget where in the install it is located but you can just add that definition and it should work.
@microshine can clarify on location when he is free.
can you paste the definition please?
I added this code to the card.json file and now the message "card unsupported" vanished. But when I try to use this card after I enter the pin something strange happened.
the browser hangs this are the logs
{"message":"Application started at Wed Feb 06 2019 16:47:17 GMT+0100 (CET)","level":"info"}
{"message":"OS linux x64 ","level":"info"}
{"message":"Fortify v1.0.17","level":"info"}
{"message":"System locale is 'en-US'","level":"info"}
{"message":"Locale: Set language to 'en'","level":"info"}
{"message":"Update: Check for new update","level":"info"}
{"message":"Update: New version wasn't found","level":"info"}
{"message":"SSL certificate is loaded","level":"info"}
{"message":"Comparing current version of card.json file with remote","level":"info"}
{"message":"card.json has the latest version","level":"info"}
{"message":"PCSCWatcher: New reader detected ACS ACR38U-CCID 00 00","level":"info"}
{"message":"PCSCWatcher:Insert reader:'ACS ACR38U-CCID 00 00' ATR:3bdf18008131fe7d006b020c0182011101434e53103180fc","level":"info"}
{"message":"Server: Started at 127.0.0.1:31337","level":"info"}
{"message":"WebCryptoLocalError: Provider:Open Cannot find pvpkcs11 by path /opt/fortify/resources/app.asar/pvpkcs11.so\n at new WebCryptoLocalError (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:83:23)\n at LocalProvider.open (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:2503:36)\n at ProviderService.open (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:3702:21)\n at Server.server.on (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:3801:27)\n at emitOne (events.js:115:13)\n at Server.emit (events.js:210:7)\n at Server.emit (/opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:637:22)\n at /opt/fortify/resources/app.asar/node_modules/webcrypto-local/dist/webcrypto-local.js:671:22\n at
For the purpose of your test update the linux path for the driver "993988460d8f49a2ac519a2935f11533" to point at "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
I have done before I wrote back
Does this smart card have certificates on it? If so how have you verified that?
@licarigianluca try https://peculiarventures.github.io/fortify-examples/example4.html this page it must show all certificates and keys for you token
@licarigianluca I sent updated card.json
to your email from github account. Can you try it and confirm that it works for you?
I checked Fortify code, looks like it doesn't support multi paths for card.json
file. We need to fix it in the next release
https://github.com/PeculiarVentures/webcrypto-local/issues/217
This is what i got in that page
It seems we are able to see the certificate on your card with the test page, with that same configuration do you see the certificate when you visit https://tools.fortifyapp.com/ and select that smart card?
No the page hangs and cpu go to 100%(one core of course)
Hmmm.... I think were going to need to find a local reproduction to figure this one out. @microshine Any ideas?
@licarigianluca Is your fortify.log the same which you sent before?
this fortify.log
Looks like Fortify app returns 1 certificate to tools.fortifyapp.com Maybe this is Web page error
It can be error on certificate showing
You can export by using https://peculiarventures.github.io/fortify-examples/example4.html from console
// Get crypto
var macCrypto = await ws.getCrypto("01506f36c6ffe4062ed8d12e3acea5ef568cfcca")
// Get cert
var cert = await macCrypto.certStorage.getItem("x509-00c9cd0100600000-6a48d923a1982058202a2e516106cb35d9ca1936", {name:"RSASSA-PKCS1-v1_5", hash: "SHa-256"}, ["verify"])
// Export cert
await macCrypto.certStorage.exportCert("pem", cert);
Thank you! I need some time for tests
can we delete the comment in which i wrote the certificate? I think that it's not a safe thing pate all theese info in a public area.
@licarigianluca Can you try updated version of https://tools.fortifyapp.com
Thanks to @donskov for finding and fixing UI error
I have to start fortify on my pc?
yes And open link I shared. It must show your certificate in list
ok Works!
@microshine and @rmhrisk I say Thank you! Where I can find some docs to begin to coding my own app that uses fortify?
thanks again
I'll add 3BDF18008131FE7D006B020C0182011101434E53103180FC
later. I need to update webcrypto-local implementation and publish new Fortify version to support multi paths for card.json
You can use https://github.com/PeculiarVentures/fortify-examples for starting and webcrypto-socket.d.ts file
Can You advice me when the new version will be available please?
thanks
About 4-5 days
It's possible to sign PDFs with fortify? And, if the answar is yes, how?
thx
It is.
Check out https://hancock.ink it’s integrated Fortify.
Sorry but I don't understand. Hancock does sign PDFs because is made on Fortify?
Hancock can sign PDFs and can do so with smart cards because it used Fortify.
Is the release ready (with the changes needed for this card to work) ?
@licarigianluca I updated node-webcrypto-p11
library, which is used by Fortify. It took a bit more time. I'm updating Fortify now.
@licarigianluca Can you try this new version?
https://github.com/PeculiarVentures/fortify-web/releases/tag/v1.0.18
{
"id": "993988460d8f49a2ac519a2935f11533",
"name": "OpenSC driver",
"file": {
"osx": "/Library/OpenSC/lib/pkcs11/opensc-pkcs11.so",
"linux": [
"/usr/lib/opensc-pkcs11.so",
"/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
],
"windows": "%WINDIR/System32/opensc-pkcs11.dll"
}
},
Hi, I'm trying to use fortify with another project CAdes.js but how i can use both starting with example file provided with fortify? Where is the correct way to import it for use?
thankyou
This is really an issue for CAdES repository; Fortify just looks like a webcrypto implementation. I think your question is how do I use CAdES? If so please file a bug in that repository. We would love to hear about what you're trying to do also, it would help us give more targeted advice.
@licarigianluca is this resolved for you?
Resolved
Reader name: ACS ACR38U-CCID 00 00 ATR: 3BDF18008131FE7D006B020C0182011101434E53103180FC
Smart card ATR parsing 3BDF18008131FE7D006B020C0182011101434E53103180FC