Add support for '3bff9600008131804380318065b0850300ef120ffe82900066' token

alexandersumer commented 5 years ago

Reader name: AKS ifdh 0 ATR: 3BFF9600008131804380318065B0850300EF120FFE82900066

{
    "cards": [{
        "atr": "3BFF9600008131804380318065B0850300EF120FFE82900066",
        "name": "IDPrime MD 8840, 3840, 3810, 840 and 830",
        "driver": "39b3d7a3662c4b48bb120d008dd18648"
    }]
}

Smart card ATR parsing 3BFF9600008131804380318065B0850300EF120FFE82900066

rmhrisk commented 5 years ago

Do you know the name of this token and where it’s PKCS11 can be found on your computer?

alexandersumer commented 5 years ago

The token is "Safenet eToken 5110 CC", Card Type "ID Prime MD" I'm not sure about the path. The token is on a USB flash drive.

alexandersumer commented 5 years ago

I can find the path if you give me so more information about what sort of path you are looking for. Also thank you very much for looking into this. The older version of fortify still works but we hope to get our token supported on the newest version.

rmhrisk commented 5 years ago

Strange that the older version works But not the newer one.

Maybe it was falling through to CryptoAPI previously. Are you sure? Or is this a newer version of the token?

By path, I mean when you use this token in applications you must specify what PKCS11 DLL to use, where is that file found and what is its name?

Since it is a safenet we can guess that it’s the safenet middleware; we can add it easy enough if so.

alexandersumer commented 5 years ago

Hello,

The SafeNet version that we use is the following: SafeNet Authentication Client 10.3 (10.3.25.0).

Regards, Alexander

rmhrisk commented 5 years ago

@microshine I think we need to add this ATR and map it to the SAC client.

My guess is here this was falling back to CAPI; I do wonder why that isn’t happening now though. Ideas?

wayne-davidson-tickle commented 5 years ago

(I work with Alex)

Our implementation only looks at providers with isRemovable=true, so my assumption would be that this is not falling back to the Windows Crypto API. If this is an invalid assumption please let me know.

Not sure of the relevancy of any of this however we did have some issues when we moved from using 5110 tokens to the 5110 CC token. Ultimately this was solved by us upgrading our SafeNet client to a later version (10.3) however we did note through this process that there were some differences between the non-CC and CC versions. Link. One notable difference is that the smart card platform is IDPrime MD 840 compared to Gemalto IDCore 3.

rmhrisk commented 5 years ago

Wayne, thanks for the additional information.

I think a Fortify log would help us. Can you clear the log and provide it?

It would also be useful to see the file name and path for your SAC client.

rmhrisk commented 5 years ago

We also would love to hear what youve done with Fortify BTW.

wayne-davidson-tickle commented 5 years ago

Log:

{"message":"Application started at Wed Mar 20 2019 16:20:46 GMT+1100 (Australian Eastern Daylight Time)","level":"info"} {"message":"OS win32 x64 ","level":"info"} {"message":"Fortify v1.0.18","level":"info"} {"message":"System locale is 'en-US'","level":"info"} {"message":"Locale: Set language to 'en'","level":"info"} {"message":"Fortify: Create window index","level":"info"} {"message":"Update: Check for new update","level":"info"} {"message":"Update: New version wasn't found","level":"info"} {"message":"SSL certificate is loaded","level":"info"} {"message":"Comparing current version of card.json file with remote","level":"info"} {"message":"card.json has the latest version","level":"info"} {"message":"Server: Started at 127.0.0.1:31337","level":"info"} {"message":"Provider: Add crypto 'Windows CryptoAPI' 09c1444660d78e3c9681c59013c63cf291ffa267","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'C:\\Program Files\\Fortify\\pvpkcs11.dll' 'C:\\Program Files\\Fortify\\pvpkcs11.dll'","level":"info"} {"message":"Provider: Add crypto 'Software Security Device' 01e7012a2277cc81b1c75dcc6af90edc9e243cc4","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'softokn3.dll' 'softokn3.dll'","level":"info"} {"message":"Provider:Opened","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 0","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 1","level":"info"} {"message":"PCSCWatcher: New reader detected AKS VR 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 1","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 0","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 1","level":"info"} {"message":"PCSCWatcher: New reader detected AKS VR 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 1","level":"info"} {"message":"PCSCWatcher:Insert reader:'AKS ifdh 0' ATR:3bff9600008131804380318065b0850300ef120ffe82900066","level":"info"} {"message":"PCSCWatcher:Insert reader:'AKS ifdh 0' ATR:3bff9600008131804380318065b0850300ef120ffe82900066","level":"info"} {"message":"New token was found reader: 'AKS ifdh 0' ATR: 3bff9600008131804380318065b0850300ef120ffe82900066","level":"info"} {"message":"Fortify: Create window message","level":"info"} {"message":"Server: New session connect https://tools.fortifyapp.com","level":"info"} {"message":"Server: Push session to stack","level":"info"} {"message":"Server: Cannot parse MessageSignedProtocol","level":"info"} {"message":"Server: Initialize secure session origin:https://tools.fortifyapp.com id:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be authorized:true","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be server/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/info","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/getCrypto","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/getCrypto","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/getCrypto","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/keyStorage/keys","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/keys","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"}

rmhrisk commented 5 years ago

Yes if this token worked before it was falling through to CryptoAPI based support. We will investigate, we will also add this to the ATR map so it will use SAC.

wayne-davidson-tickle commented 5 years ago

Thanks Ryan, appreciate the response.

In regards to how we are using Fortify, part of the system (web application) we are building requires documents (essentially XML objects) to be digitally signed by end users (XMLDsig) and submitted to a registry, who in turn, can validate these signatures. Generally our users use hard-tokens, and we use Fortify to facilitate the interaction between our web application and the hard-token. Fortify was recommended to us by someone who we have worked with at DigiCert.

Happy to talk more over email if you'd like any more information.

rmhrisk commented 5 years ago

That’s great. Would love to hear more. Ryan@peculiarventures.com

Have you seen our xmldsig library? https://xadesjs.com

microshine commented 5 years ago

@alexanderj2357 Can you try to update your local ~/.fortify/card.json file and check that token works?

microshine commented 5 years ago

Steps to update card.json

Open file ~/.fortify/card.json
Add your card to "cards" array
Update "driver" field in card You can use existing id from "drivers", or add new driver to "drivers"
Restart Fortify

wayne-davidson-tickle commented 5 years ago

Hi @microshine, sorry for the delay on this, I've been on leave. Updating the card.json works.

rmhrisk commented 5 years ago

@wayne-davidson-tickle cool; we will add this to the JSON file and it should just start working for others once that happens.

NickHarrington1 commented 5 years ago

Hi @rmhrisk, @microshine just checking in on when the fix will be added to the JSON file?

rmhrisk commented 5 years ago

@NickHarrington1 We hope to get a new release out in the next month we have been finishing up another project that has taken up our time.

/cc @microshine

NickHarrington1 commented 5 years ago

@NickHarrington1 We hope to get a new release out in the next month we have been finishing up another project that has taken up our time.

/cc @microshine

Thanks @rmhrisk for the update. I'll touch base early next month to see how the release is tracking

KLAM-Sympli commented 4 years ago

Hi @rmhrisk , @microshine ,

Just following up to see whether the JSON update was released with Fortify v1.0.20. I have this version installed at the moment, but it's not working for the hard tokens mentioned at the start of this chain. Thanks -Kent

PeculiarVentures / fortify

Add support for '3bff9600008131804380318065b0850300ef120ffe82900066' token #140