Add support for '3b7f96000080318065b084565110120ffe829000' token

[ramigabai]

Reader name: Gemalto PC Twin Reader ATR: 3B7F96000080318065B084565110120FFE829000

{
   "cards": [{
    "atr": "3B7F96000080318065B084565110120FFE829000",
    "name": "Token name",
    "driver": "D317930EF1D73CF5E17A87D6EC621CECAE545057"
   }],
   "drivers": [{
    "id": "D317930EF1D73CF5E17A87D6EC621CECAE545057",
    "name": "Driver name",
    "file": {
        "windows": "path/to/pkcs11.dll",
        "osx": "path/to/pkcs11.dylib"
    }
   }]
}

Smart card ATR parsing 3B7F96000080318065B084565110120FFE829000

[rmhrisk]

This appears to be a ID-Prime based card: https://www.iti.gov.br/images/repositorio/homologacao/homologados/Ato_Declaratorio_05_2017_proc_99990_001129_2017_43_GEMALTO_Cartao_Criptogr%C3%A1fico_ID_Prime_Java_Applet_4_3_5.pdf

If so I believe this will work:

{
   "cards": [{
    "atr": "3B7F96000080318065B084565110120FFE829000",
    "name": "Gemalto IDBridge CT30",
    "driver": "0ca280b5af17d6aa91af084f2d39d2a3"
   }]
}

• Open file ~/.fortify/card.json
• Add your card to "cards" array
• Restart Fortify

Let us know if this works and we can add it.

[ramigabai]

Hi,

That card is Gemalto IDBridge CT30.

Now this message appears (file /usr/local/lib/libidprimepkcs11.0.dylib doesn't exists).

Oh no, that did not work!

The inserted smart card is supported by Fortify but we were unable to find middleware for the card. Make sure (/usr/local/lib/libidprimepkcs11.0.dylib) exists, if not install the smart cards middleware and try again.

On Tue, Mar 10, 2020 at 7:48 PM Ryan Hurst notifications@github.com wrote:

This appears to be a ID-Prime based card: https://www.iti.gov.br/images/repositorio/homologacao/homologados/Ato_Declaratorio_05_2017_proc_99990_001129_2017_43_GEMALTO_Cartao_Criptogr%C3%A1fico_ID_Prime_Java_Applet_4_3_5.pdf

If so I believe this will work:

{ "cards": [{ "atr": "3B7F96000080318065B084565110120FFE829000", "name": "Token name", "driver": "0ca280b5af17d6aa91af084f2d39d2a3" }] }

• Open file ~/.fortify/card.json
• Add your card to "cards" array
• Restart Fortify

Let us know if this works and we can add it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/301?email_source=notifications&email_token=ADCJRQ7FMOQY7DN6A4Q2KGTRGZ4NNA5CNFSM4LFBY4Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOMOSQA#issuecomment-597223744, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCJRQ36257ADABREJ33DQLRGZ4NNANCNFSM4LFBY4YQ .

--

רמי גבאי, CTO | 054-4820733 [image: חשבונית ירוקה] http://greeninvoice.co.il/

[rmhrisk]

@ramigabai can you share the path to the PKCS#11 library that you are using with this device?

[ramigabai]

I'm using built-in mac support. I think it could be /usr/lib/ssh-keychain.dylib or /usr/lib/libcrypto.dylib

Should this require installing OpenSC or similar?

On Wed, Mar 11, 2020 at 1:02 AM Ryan Hurst notifications@github.com wrote:

@ramigabai https://github.com/ramigabai can you share the path to the PKCS#11 library that you are using with this device?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/301?email_source=notifications&email_token=ADCJRQ2MGR2VGSWQ4O5KDZ3RG3BIZA5CNFSM4LFBY4Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEONQI3I#issuecomment-597361773, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCJRQ2N3GYB5MKEN2K2JW3RG3BIZANCNFSM4LFBY4YQ .

--

רמי גבאי, CTO | 054-4820733 [image: חשבונית ירוקה] http://greeninvoice.co.il/

[rmhrisk]

OpenSC is common, I just don't know if it is supported by it.

Try this

{
   "cards": [{
    "atr": "3B7F96000080318065B084565110120FFE829000",
    "name": "Gemalto IDBridge CT30",
    "driver": "993988460d8f49a2ac519a2935f11533"
   }]
}

[ramigabai]

Don't you include such lib in the PKG install file?

On Wed, Mar 11, 2020 at 2:35 AM Ryan Hurst notifications@github.com wrote:

OpenSC is common, I just don't know if it is supported by it.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/301?email_source=notifications&email_token=ADCJRQ2VTXGFTK4MJZCX3ATRG3MGPA5CNFSM4LFBY4Y2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEONWIDA#issuecomment-597386252, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCJRQ3PF4TTAEYUC2MLYJTRG3MGPANCNFSM4LFBY4YQ .

--

רמי גבאי, CTO | 054-4820733 [image: חשבונית ירוקה] http://greeninvoice.co.il/

[rmhrisk]

No we don’t ship OpenSC, most devices don’t need it.

Does it work with this card?

[ramigabai]

Haven't tested yet.

We're trying to find a single cross-browser / platform solution which integrates with Setasign PDF ( https://www.setasign.com/products/setapdf-signer/demos/fortify/) that will work with the largest Israeli smart card provider (ComSign) as they support only Windows.

On Wed, Mar 11, 2020 at 4:27 PM Ryan Hurst notifications@github.com wrote:

No we don’t ship OpenSC, most devices don’t need it.

Does it work with this card?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/301#issuecomment-597665821, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCJRQ7G7H6RKZURUTEIVGDRG6NUHANCNFSM4LFBY4YQ .

--

רמי גבאי, CTO | 054-4820733 [image: חשבונית ירוקה] http://greeninvoice.co.il/

[rmhrisk]

Much love for SetaSign; Jan is Fantastic.

I am positive Fortify will work for you, just need to get this verified.

[ramigabai]

Yes, it’s a wonderful product :-) Will try OpenSC and keep you updated.

בתאריך יום ד׳, 11 במרץ 2020 ב-19:44 מאת Ryan Hurst <notifications@github.com

:

Much love for SetaSign; Jan is Fantastic.

I am positive Fortify will work for you, just need to get this verified.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/301#issuecomment-597774016, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCJRQZUZLUASGPT4ZTS443RG7EYVANCNFSM4LFBY4YQ .

--

[image: חשבונית ירוקה] http://greeninvoice.co.il/

[ramigabai]

Hi, after installing SafeNet - we can use PKCS11. Fortify now shows this message:

The inserted smart card is supported by Fortify but we were unable to find middleware for the card. Make sure (/usr/local/lib/libidprimepkcs11.0.dylib) exists, if not install the smart cards middleware and try again.

[ramigabai]

Token name: Card #1B201C6106F96E94 Token category: Hardware Reader name: Gemalto PC Twin Reader Serial number (PKCS#11): 1B201C6106F96E94 Free space (minimum estimated): 26963 Hardware version: 0.0 Firmware version: N/A Card ID (GUID): 0x4600006500652A774600006500652A77 Product name: IDPrime MD 830-FIPS Rev B Model: N/A Card type: ID Prime MD Applet Version: IDPrime Java Applet 4.3.5.D Mask version: G286 Color: N/A Supported key size: 2048 bits Token Password: Present Token Password retries remaining: 7 Maximum Token Password retries: 7 Administrator Password: Present Administrator Password retries remaining: 5 Maximum administrator Password retries: 5 FIPS: FIPS 140-2 L2 initialized Common Criteria (CC): CC EAL6+ certified on chip level Sign padding on-board: Yes RSM: N/A ECC: Supported

[rmhrisk]

Does that file exist in your machine?

Can you attach the fortify log also.

[ramigabai]

Found it! The correct path should be:

/usr/local/lib/pkcs11/libIDPrimePKCS11.dylib

Now SetaSign doesn't work.

[rmhrisk]

We can add the second path for that library.

What kind of problem are you having with setasign?

Does tools.fortifyapp.com work? Can you see the certs? Can you create a self signed certificate or CSR?

[ramigabai]

I get this error when trying to create a CSR. Maybe it's because this certificate is aimed for document signing only.

[image: Screen Shot 2020-05-25 at 9.11.12.png]

On Sun, May 24, 2020 at 7:50 PM Ryan Hurst notifications@github.com wrote:

We can add the second path for that library.

What kind of problem are you having with setasign?

Does tools.fortifyapp.com work? Can you see the certs? Can you create a self signed certificate or CSR?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/301#issuecomment-633259002, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCJRQ7M5ZY7CD7NWUB6A4LRTFF4JANCNFSM4LFBY4YQ .

--

[image: חשבונית ירוקה] http://greeninvoice.co.il/

[ramigabai]

It works!

[ramigabai]

Can you add it to fortify json?

[ramigabai]

Regarding another USB TOKEN, Athena IDProtect..

I know it's not you, any idea where to get that OSX driver?

[rmhrisk]

It works!

So everything is working with that token?

[rmhrisk]

Regarding another USB TOKEN, Athena IDProtect..

I know it's not you, any idea where to get that OSX driver?

I would start with a contact to Athena (https://athena-scs.com/support/software-driver-downloads.html) but it’s also possible this token works with other middleware too.

What is it’s ATR, you can find this in the fortify log file.

[ramigabai]

ATR is 3bdc18ff8191fe1fc38073c8211366010b0352000538.

That's the log file:

{"message":"PCSCWatcher: New reader detected Athena IDProtect Key v2","level":"info"} {"message":"PCSCWatcher:Insert reader:'Athena IDProtect Key v2' ATR:3bdc18ff8191fe1fc38073c8211366010b0352000538","level":"info"} {"message":"PCSCWatcher: New reader detected Athena IDProtect Key v2","level":"info"} {"message":"PCSCWatcher:Insert reader:'Athena IDProtect Key v2' ATR:3bdc18ff8191fe1fc38073c8211366010b0352000538","level":"info"} {"message":"Provider:Token:Insert: reader:'Athena IDProtect Key v2' name:'Athena IDProtect Smart Card Logon Card' atr:3bdc18ff8191fe1fc38073c8211366010b0352000538","level":"info"} {"message":"Provider:Token:Insert: Loading PKCS#11 library from /Library/Application Support/Athena/libASEP11.dylib","level":"info"} {"message":"Provider:Token:Insert: File /Library/Application Support/Athena/libASEP11.dylib does not exist","level":"error"} {"message":"WebCryptoLocalError: /Library/Application Support/Athena/libASEP11.dylib\n at new WebCryptoLocalError (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:340:23)\n at LocalProvider.onTokenInsert (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2171:33)\n at CardWatcher.emit (events.js:194:13)\n at PCSCWatcher. (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:867:26)\n at PCSCWatcher.emit (events.js:194:13)\n at Timeout._onTimeout (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:797:38)\n at listOnTimeout (internal/timers.js:535:17)\n at processTimers (internal/timers.js:479:7)","level":"error"} {"message":"Fortify: Create window message","level":"info"} {"message":"Provider:Token:Remove reader:'Athena IDProtect Key v2' name:'Athena IDProtect Smart Card Logon Card' atr:3bdc18ff8191fe1fc38073c8211366010b0352000538","level":"info"} {"message":"WebCryptoLocalError: Provider:Token:Remove PKCS#11 lib /Library/Application Support/Athena/libASEP11.dylib. dlopen(/Library/Application Support/Athena/libASEP11.dylib, 1): image not found\n at Error (native) Load:136\n at new WebCryptoLocalError (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:340:23)\n at LocalProvider.onTokenRemove (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2290:40)\n at CardWatcher.emit (events.js:194:13)\n at PCSCWatcher. (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:895:26)\n at PCSCWatcher.emit (events.js:194:13)\n at CardReader. (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:808:30)\n at CardReader.emit (events.js:194:13)\n at CardReader. (/Applications/Fortify.app/Contents/Resources/app/node_modules/pcsclite/lib/pcsclite.js:55:23)\n at CardReader.emit (events.js:194:13)","level":"error"} {"message":"WebCryptoLocalError: TOKEN_REMOVE_NO_SLOTS_FOUND\n at new WebCryptoLocalError (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:340:23)\n at LocalProvider.onTokenRemove (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:2294:36)\n at CardWatcher.emit (events.js:194:13)\n at PCSCWatcher. (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:895:26)\n at PCSCWatcher.emit (events.js:194:13)\n at CardReader. (/Applications/Fortify.app/Contents/Resources/app/node_modules/@webcrypto-local/server/build/index.js:808:30)\n at CardReader.emit (events.js:194:13)\n at CardReader. (/Applications/Fortify.app/Contents/Resources/app/node_modules/pcsclite/lib/pcsclite.js:55:23)\n at CardReader.emit (events.js:194:13)","level":"error"}

[rmhrisk]

I’m not finding any other middleware that supports this card.

You could try installing this: https://www.certisign.com.br/duvidas-suporte/emitir-instalar-desbloquear

And see if you get the Athena bits.

[rmhrisk]

@ramigabai when you have a chance email me at ryan@peculiarventures.com or catch me on skype at rmhrisk.

[microshine]

@ramigabai I published a new version of cards.json@1.0.36. It includes a ATR 3b7f96000080318065b084565110120ffe829000

Please restart your Fortify application to update cards.json and let me know if it works fine for your token

[ramigabai]

@ramigabai I published a new version of cards.json@1.0.36. It includes a ATR 3b7f96000080318065b084565110120ffe829000

Please restart your Fortify application to update cards.json and let me know if it works fine for your token

GREAT @microshine - it works fine for Gemalto IDBridge CT-30 :-)