search

PeculiarVentures / fortify

Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.
https://fortifyapp.com
Other
113 stars 32 forks source link

Virtual Smart Card. #438

Closed mov-eax-eax closed 2 years ago

mov-eax-eax commented 3 years ago

Hi, im trying to use a "virtual smart card" from safelayer secure communications (trustedX), it provides a pkcs11 dll. but there is no physical device, when i install the software. i log in with user/pass and the certificate appears in the user certificates without private key.

What i dont understand is that it appears to be an smartcard, a but when i connect fortify it don't detect any event, there is no ATR, nothing is written in the logfile, when i try to sign using windows cryptoapi it appears to not have a private key, however, when i sign using acrobat reader it works just fine.

When i use the pkcs11 file in pkcsadmin it shows the certificates and the private keys.

Anyone have experience with this kind of virtual smart card?, is there any way to make fortify detect its certificates as smart card and not vanilla certificates?.

rmhrisk commented 3 years ago

Sounds like it has a deficiency in its emulation of a proper smart card. Without the software and any associated back end service to debug with it would be impossible to figure out what they’ve done wrong and determine if it can be worked around.

mov-eax-eax commented 3 years ago

i have no problem sharing the client software (https://web.certicamara.com/files/vsc_certicamara_v3.msi) and the related credentials(in private), the server side is beyond what i can access.

microshine commented 3 years ago

@mov-eax-eax Is there MacOS version of the client? Could you share dev credentials to my email microshine@peculiarventures.com? I'd like to try it.

Please try to add your PKCS11 provider using Fortify config file (~/fortify/config.json).

{
  "providers": [
    {
      "lib": "/usr/local/lib/softhsm/libsofthsm2.so",
      "slots": [
        0
      ],
      "name": "SoftHSM"
    }
  ]
}
mov-eax-eax commented 3 years ago

unfortunatelly, there is no macosx client, only windows; tried to add the provider, but get "Cannot load PKCS#11 library by path" I forwarded the information i have to your email.

microshine commented 3 years ago

I think the problem is in wrong arch usage. Your PKCS#11 library is x86. I suppose Fortify is x64.

I created a simple project to test that client on NodeJS x86. Looks like it works fine

Here is my test code

const {Crypto} = require("node-webcrypto-p11");
const fs =require("fs");

async function main() {
    const library = "C:\\Program Files (x86)\\Safelayer\\TrustedX\\Virtual Smart Card\\1.3.2\\p11tx.dll";
    const crypto = new Crypto({
        library,
        slot: 0,
        name: "Virtual Smart Card",
    });

    console.log(crypto.slot);

    const certs = await crypto.certStorage.keys();
    console.log(certs);

    const keys = await crypto.keyStorage.keys();
    console.log(keys);
}

main().catch((e) => console.log(e));

Outlog

Slot {
  lib: PKCS11 {
    libPath: 'C:\\Program Files (x86)\\Safelayer\\TrustedX\\Virtual Smart Card\\1.3.2\\p11tx.dll'
  },
  handle: <Buffer 01 00 00 00>,
  module: Module {
    lib: PKCS11 {
      libPath: 'C:\\Program Files (x86)\\Safelayer\\TrustedX\\Virtual Smart Card\\1.3.2\\p11tx.dll'
    },
    libFile: 'C:\\Program Files (x86)\\Safelayer\\TrustedX\\Virtual Smart Card\\1.3.2\\p11tx.dll',
    libName: 'Virtual Smart Card',
    cryptokiVersion: { major: 2, minor: 11 },
    manufacturerID: 'Safelayer Secure Communications',
    libraryDescription: 'SFLY TX',
    flags: 0,
    libraryVersion: { major: 1, minor: 0 }
  },
  slotDescription: 'https://tokenvirtual.certicamara.com:443/trustedx-gw/SoapGat...',
  manufacturerID: 'Safelayer Secure Communications',
  flags: 7,
  hardwareVersion: { major: 1, minor: 0 },
  firmwareVersion: { major: 1, minor: 0 }
}
[]
[]

Try to install Fortify x86 and add your PKCS#11 module to ~/.fortify/config.json

{
  "providers": [
    {
      "lib": "C:\\Program Files (x86)\\Safelayer\\TrustedX\\Virtual Smart Card\\1.3.2\\p11tx.dll",
      "slots": [
        0
      ],
      "name": "Virtual Smart Card"
    }
  ]
}
mov-eax-eax commented 3 years ago

thanx!,im getting the same error 193 (bad image x64 vs x86) even if i use C:\Program Files (x86)\Fortify> and the x86 version.

For some reason the application runs in 64bit mode even if it is the 32 bit download, maybe because im running a 64bit os?.

[image: image.png]

[image: image.png]

On Thu, Oct 14, 2021 at 10:39 AM Miroshin Stepan @.***> wrote:

I think the problem is in wrong arch usage. Your PKCS#11 library is x86. I suppose Fortify is x64.

I created a simple project to test that client on NodeJS x86. Looks like it works fine

Here is my test code

const {Crypto} = require("node-webcrypto-p11");const fs =require("fs"); async function main() { const library = "C:\Program Files (x86)\Safelayer\TrustedX\Virtual Smart Card\1.3.2\p11tx.dll"; const crypto = new Crypto({ library, slot: 0, name: "Virtual Smart Card", });

console.log(crypto.slot);

const certs = await crypto.certStorage.keys();
console.log(certs);

const keys = await crypto.keyStorage.keys();
console.log(keys);}

main().catch((e) => console.log(e));

Outlog

Slot { lib: PKCS11 { libPath: 'C:\Program Files (x86)\Safelayer\TrustedX\Virtual Smart Card\1.3.2\p11tx.dll' }, handle: <Buffer 01 00 00 00>, module: Module { lib: PKCS11 { libPath: 'C:\Program Files (x86)\Safelayer\TrustedX\Virtual Smart Card\1.3.2\p11tx.dll' }, libFile: 'C:\Program Files (x86)\Safelayer\TrustedX\Virtual Smart Card\1.3.2\p11tx.dll', libName: 'Virtual Smart Card', cryptokiVersion: { major: 2, minor: 11 }, manufacturerID: 'Safelayer Secure Communications', libraryDescription: 'SFLY TX', flags: 0, libraryVersion: { major: 1, minor: 0 } }, slotDescription: 'https://tokenvirtual.certicamara.com:443/trustedx-gw/SoapGat...', manufacturerID: 'Safelayer Secure Communications', flags: 7, hardwareVersion: { major: 1, minor: 0 }, firmwareVersion: { major: 1, minor: 0 } } [] []

Try to install Fortify x86 and add your PKCS#11 module to ~/.fortify/config.json

{ "providers": [ { "lib": "C:\Program Files (x86)\Safelayer\TrustedX\Virtual Smart Card\1.3.2\p11tx.dll", "slots": [ 0 ], "name": "Virtual Smart Card" } ] }

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/PeculiarVentures/fortify/issues/438#issuecomment-943478402, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALXHXTKXVZ5EKQBZYXBTRV3UG32THANCNFSM5F44DTFQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

mov-eax-eax commented 3 years ago

hi, after reviewing the solution, i used the release 1.4 32 bits and it seems it works ok with the library, i think you can close this issue. however, the build of 1.8 in win32 is broken, (and there are many of this bugs) i will try to build a win32 of 1.8, i will report back if successful in other open issues.

rmhrisk commented 3 years ago

We are working on the x86 issue.

mov-eax-eax commented 2 years ago

tested with the latest fortifyapp 1.8.3, it works allright.