rmhrisk
commented
5 years ago That’s great.
What is the path to the PKCS11 on your system, and other supported platforms if your aware?
Open xanrag opened 5 years ago
rmhrisk
commented
5 years ago That’s great.
What is the path to the PKCS11 on your system, and other supported platforms if your aware?
xanrag
commented
5 years ago There is no file named that, but they do have some technical specifications on their website ( https://service.secmaker.com/developer/pkcs11.aspx ) which would point towards: %PROGRAMFILES%\Net iD\iidp11.dll
rmhrisk
commented
5 years ago Yes, based on that link and this one it does sound like it would be:
rmhrisk
commented
5 years ago I have updated the above json to represent what "should" work for the card. Can you try it?
If you're on a Mac the steps to update the card mapping are:
xanrag
commented
5 years ago I tried with iid.dll but it said it didn't work. Then I switched to iidp11.dll and Fortify crashes instead. Mostly silently but once I got:
Unhandled exception at 0x00007FF942231CD0 (ntdll.dll) in fortify.exe: 0xC0000374: A heap has been corrupted (parameters: 0x00007FF94226ED40). occurred
The last lines in the log is inserting the card:
{"message":"PCSCWatcher: New reader detected OMNIKEY CardMan 3x21 0","level":"info"} {"message":"PCSCWatcher: New reader detected OMNIKEY CardMan 3x21 0","level":"info"} {"message":"PCSCWatcher:Insert reader:'OMNIKEY CardMan 3x21 0' ATR:3b7d96000080318065b0a31100c883009000","level":"info"} {"message":"PCSCWatcher:Insert reader:'OMNIKEY CardMan 3x21 0' ATR:3b7d96000080318065b0a31100c883009000","level":"info"} {"message":"Provider:Token:Insert: reader:'OMNIKEY CardMan 3x21 0' name:'Swedish SITHS ID Card' atr:3b7d96000080318065b0a31100c883009000","level":"info"}
Hmm.. might it be that my card is a combination SITHS/ID card. I tried with a pure SITHS card and it wanted the opensc-pkcs11.dll middleware instead.
{"message":"Provider:Token:Insert: reader:'OMNIKEY CardMan 3x21 0' name:'Telia EID IP5a (eID)' atr:3b7d96000080318065b0a31101f383009000","level":"info"} {"message":"Provider:Token:Insert: Loading PKCS#11 library from C:\Windows\System32\opensc-pkcs11.dll","level":"info"}
Strange.. although since they are cooperating with Telia for the cards that isn't so strange I guess.. I tried installing the opensc package but it did not install into system32 where Fortify expected it. Changing that path did make it load a pure SITHS card though. ( "windows": "%PROGRAMFILES/OpenSC Project/OpenSC/pkcs11/opensc-pkcs11.dll" )
{"message":"Provider:Token:Insert: reader:'OMNIKEY CardMan 3x21 0' name:'Telia EID IP5a (eID)' atr:3b7d96000080318065b0a31101f383009000","level":"info"} {"message":"Provider:Token:Insert: Loading PKCS#11 library from C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll","level":"info"} {"message":"Provider:Token:Insert: Looking for OMNIKEY CardMan 3x21 0 into 2 slot(s)","level":"info"} {"message":"Provider: Add crypto 'Telia EID IP5a (eID)' f474cc196247173f476119233da6ff35171701e49fefae7fe3076f22c96ec6fa","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll' 'Telia EID IP5a (eID)'","level":"info"} {"message":"Provider: Add crypto 'Telia EID IP5a (eID)' 1b8fbcd9a2b01870efeeb383823e332416da52e7f0a699f96c283b6b10430354","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll' 'Telia EID IP5a (eID)'","level":"info"} {"message":"Provider:Token Amount of tokens was changed (+2/-0)","level":"info"}
Hmm.. switching my new driver id to use the opensc driver instead it seems to load correctly.
{"message":"Provider:Token:Insert: reader:'OMNIKEY CardMan 3x21 0' name:'Swedish SITHS ID Card' atr:3b7d96000080318065b0a31100c883009000","level":"info"} {"message":"Provider:Token:Insert: Loading PKCS#11 library from C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll","level":"info"} {"message":"Provider:Token:Insert: Looking for OMNIKEY CardMan 3x21 0 into 2 slot(s)","level":"info"} {"message":"Provider: Add crypto 'Swedish SITHS ID Card' 2075ab711f9e655670993c7583910a0ea20dcdfc9a4d8afc668a12c691fdf192","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll' 'Swedish SITHS ID Card'","level":"info"} {"message":"Provider: Add crypto 'Swedish SITHS ID Card' 762c2c99530da47071b9e807fc3860b83f0ab0456b1f03f17da8473033d5ae8f","level":"info"} {"message":"Provider:AddCrypto: PKCS#11 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll' 'Swedish SITHS ID Card'","level":"info"} {"message":"Provider:Token Amount of tokens was changed (+2/-0)","level":"info"}
So, I guess no real need for the Secumaker NetID middleware.. Or.. what.. when I try example5.html and press Sign the Net iD dialog pops up and not something generic. I am very confused.
Edit: Hmm.. further testing seems it is a bit unstable, it only works if I started NetID, insert the card then start Fortify.. then I can sign. otherwise nothing happens when I press the sign button. So we can make it work in test but it isn't very stable, might have to get the NetID middleware to work.
Reader name: OMNIKEY CardMan 3x21 0 ATR: 3B7D96000080318065B0A31100C883009000
Smart card ATR parsing 3B7D96000080318065B0A31100C883009000
This is the Swedish SITHS card using the SecMaker NetID application. I can provide more information if I know what is needed.