Open alexandersumer opened 5 years ago
Do you know the name of this token and where it’s PKCS11 can be found on your computer?
The token is "Safenet eToken 5110 CC", Card Type "ID Prime MD" I'm not sure about the path. The token is on a USB flash drive.
I can find the path if you give me so more information about what sort of path you are looking for. Also thank you very much for looking into this. The older version of fortify still works but we hope to get our token supported on the newest version.
Strange that the older version works But not the newer one.
Maybe it was falling through to CryptoAPI previously. Are you sure? Or is this a newer version of the token?
By path, I mean when you use this token in applications you must specify what PKCS11 DLL to use, where is that file found and what is its name?
Since it is a safenet we can guess that it’s the safenet middleware; we can add it easy enough if so.
Hello,
The SafeNet version that we use is the following: SafeNet Authentication Client 10.3 (10.3.25.0).
Regards, Alexander
@microshine I think we need to add this ATR and map it to the SAC client.
My guess is here this was falling back to CAPI; I do wonder why that isn’t happening now though. Ideas?
(I work with Alex)
Our implementation only looks at providers with isRemovable=true, so my assumption would be that this is not falling back to the Windows Crypto API. If this is an invalid assumption please let me know.
Not sure of the relevancy of any of this however we did have some issues when we moved from using 5110 tokens to the 5110 CC token. Ultimately this was solved by us upgrading our SafeNet client to a later version (10.3) however we did note through this process that there were some differences between the non-CC and CC versions. Link. One notable difference is that the smart card platform is IDPrime MD 840 compared to Gemalto IDCore 3.
Wayne, thanks for the additional information.
I think a Fortify log would help us. Can you clear the log and provide it?
It would also be useful to see the file name and path for your SAC client.
We also would love to hear what youve done with Fortify BTW.
Log:
{"message":"Application started at Wed Mar 20 2019 16:20:46 GMT+1100 (Australian Eastern Daylight Time)","level":"info"} {"message":"OS win32 x64 ","level":"info"} {"message":"Fortify v1.0.18","level":"info"} {"message":"System locale is 'en-US'","level":"info"} {"message":"Locale: Set language to 'en'","level":"info"} {"message":"Fortify: Create window index","level":"info"} {"message":"Update: Check for new update","level":"info"} {"message":"Update: New version wasn't found","level":"info"} {"message":"SSL certificate is loaded","level":"info"} {"message":"Comparing current version of card.json file with remote","level":"info"} {"message":"card.json has the latest version","level":"info"} {"message":"Server: Started at 127.0.0.1:31337","level":"info"} {"message":"Provider: Add crypto 'Windows CryptoAPI' 09c1444660d78e3c9681c59013c63cf291ffa267","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'C:\\Program Files\\Fortify\\pvpkcs11.dll' 'C:\\Program Files\\Fortify\\pvpkcs11.dll'","level":"info"} {"message":"Provider: Add crypto 'Software Security Device' 01e7012a2277cc81b1c75dcc6af90edc9e243cc4","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'softokn3.dll' 'softokn3.dll'","level":"info"} {"message":"Provider:Opened","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 0","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 1","level":"info"} {"message":"PCSCWatcher: New reader detected AKS VR 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 1","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 0","level":"info"} {"message":"PCSCWatcher: New reader detected AKS ifdh 1","level":"info"} {"message":"PCSCWatcher: New reader detected AKS VR 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 0","level":"info"} {"message":"PCSCWatcher: New reader detected Rainbow Technologies iKeyVirtualReader 1","level":"info"} {"message":"PCSCWatcher:Insert reader:'AKS ifdh 0' ATR:3bff9600008131804380318065b0850300ef120ffe82900066","level":"info"} {"message":"PCSCWatcher:Insert reader:'AKS ifdh 0' ATR:3bff9600008131804380318065b0850300ef120ffe82900066","level":"info"} {"message":"New token was found reader: 'AKS ifdh 0' ATR: 3bff9600008131804380318065b0850300ef120ffe82900066","level":"info"} {"message":"Fortify: Create window message","level":"info"} {"message":"Server: New session connect https://tools.fortifyapp.com","level":"info"} {"message":"Server: Push session to stack","level":"info"} {"message":"Server: Cannot parse MessageSignedProtocol","level":"info"} {"message":"Server: Initialize secure session origin:https://tools.fortifyapp.com id:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be authorized:true","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be server/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/info","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/getCrypto","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/getCrypto","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be provider/action/getCrypto","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/isLoggedIn","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/keyStorage/keys","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/keys","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"} {"message":"Server: session:1272c89b2614b4bf7aebd12ee31b58dea22572b4ba34e44ed5a0e82ae9d803be crypto/certificateStorage/getItem","level":"info"}
Yes if this token worked before it was falling through to CryptoAPI based support. We will investigate, we will also add this to the ATR map so it will use SAC.
Thanks Ryan, appreciate the response.
In regards to how we are using Fortify, part of the system (web application) we are building requires documents (essentially XML objects) to be digitally signed by end users (XMLDsig) and submitted to a registry, who in turn, can validate these signatures. Generally our users use hard-tokens, and we use Fortify to facilitate the interaction between our web application and the hard-token. Fortify was recommended to us by someone who we have worked with at DigiCert.
Happy to talk more over email if you'd like any more information.
That’s great. Would love to hear more. Ryan@peculiarventures.com
Have you seen our xmldsig library? https://xadesjs.com
@alexanderj2357 Can you try to update your local ~/.fortify/card.json
file and check that token works?
Steps to update card.json
Hi @microshine, sorry for the delay on this, I've been on leave. Updating the card.json works.
@wayne-davidson-tickle cool; we will add this to the JSON file and it should just start working for others once that happens.
Hi @rmhrisk, @microshine just checking in on when the fix will be added to the JSON file?
@NickHarrington1 We hope to get a new release out in the next month we have been finishing up another project that has taken up our time.
/cc @microshine
@NickHarrington1 We hope to get a new release out in the next month we have been finishing up another project that has taken up our time.
/cc @microshine
Thanks @rmhrisk for the update. I'll touch base early next month to see how the release is tracking
Hi @rmhrisk , @microshine ,
Just following up to see whether the JSON update was released with Fortify v1.0.20. I have this version installed at the moment, but it's not working for the hard tokens mentioned at the start of this chain. Thanks -Kent
Reader name: AKS ifdh 0 ATR: 3BFF9600008131804380318065B0850300EF120FFE82900066
Smart card ATR parsing 3BFF9600008131804380318065B0850300EF120FFE82900066