Using a Java Card with Bitlocker

一世执手 提交于 2021-02-08 07:26:21

问题


I want to use J2A040 JCOP 21-36k java cards to implement a smart card driven bitlocker-to-go solution using gidsapplet and OpenSC but when attempting to put a certificate on the card (certreq -new) I have not been able to get past the "The smart card is not fully personalized for use" error from windows.

This is the dump contents with gids-tool:

Dumping Files:
Found 5 entries in the masterfile
   Directory: mscp
      FileIdentifier: 0xa000

   File: \cardid
  FileIdentifier: 0xa012
  DataObjectIdentifier: 0xdf20
  Size: 16

   File: \cardapps
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf21
  Size: 8

   File: \cardcf
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf22
  Size: 6

   File: mscp\cmapfile
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf23
  Size: 0

Dumping containers:
   no container found

Using pkcs15-init I am not able to create the meta structure as I receive Failed to create PKCS #15 meta structure: Incorrect parameters in APDU This is the output of the pkcs15-init --create-pkcs15 -vvvvvvvvv starting at the gids driver portion:

trying driver 'gids'
card-gids.c:570:gids_match_card: called
card-gids.c:281:gids_select_aid: called
Got args: aid=00007FFC31591840, aidlen=9, response=0000007C6FD5EEF0, responselen=261
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:4, P2:0, data(9) 00007FFC31591840
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (15 bytes):
00 A4 04 00 09 A0 00 00 03 97 42 54 46 59 00 ..........BTFY.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (22 bytes):
61 12 4F 0B A0 00 00 03 97 42 54 46 59 02 01 73 a.O......BTFY..s
03 40 01 C0 90 00                               .@....
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
card-gids.c:299:gids_select_aid: returning with: 0 (Success)
found AID
matched: GIDS Smart Card
card-gids.c:632:gids_init: called
card info name:'GIDS Smart Card', type:30003, flags:0x0,             max_send/recv_size:255/256
card.c:1462:sc_card_sm_check: called
card->sm_ctx.ops.open 0000000000000000
card.c:1468:sc_card_sm_check: returning with: 0 (Success)
card.c:339:sc_connect_card: returning with: 0 (Success)
Using card driver GIDS Smart Card.
pkcs15-lib.c:313:sc_pkcs15init_bind: called
card.c:951:sc_card_ctl: called
card-gids.c:2019:gids_card_ctl: called
card_ctl(4) not supported
called; type=2, path=3f0050154946
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(4) 0000007C6FD5F222
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect     parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
profile.c:336:sc_profile_load: called
Using profile directory 'C:\Program Files\OpenSC Project\OpenSC\profiles'.
Trying profile file C:\Program Files\OpenSC         Project\OpenSC\profiles\pkcs15.profile
profile C:\Program Files\OpenSC Project\OpenSC\profiles\pkcs15.profile loaded ok
profile.c:383:sc_profile_load: returning with: 0 (Success)
profile.c:336:sc_profile_load: called
Using profile directory 'C:\Program Files\OpenSC Project\OpenSC\profiles'.
Trying profile file C:\Program Files\OpenSC Project\OpenSC\profiles\gids.profile
profile C:\Program Files\OpenSC Project\OpenSC\profiles\gids.profile loaded ok
profile.c:383:sc_profile_load: returning with: 0 (Success)
profile.c:395:sc_profile_finish: called
profile.c:438:sc_profile_finish: returning with: 0 (Success)
pkcs15-lib.c:420:sc_pkcs15init_bind: returning with: 0 (Success)
About to create PKCS #15 meta structure.
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN: Please type again to verify: Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): Please type again to verify:      card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
pkcs15-lib.c:774:sc_pkcs15init_add_app: called
pkcs15-lib.c:4172:sc_pkcs15init_qualify_pin: called
pkcs15-lib.c:4191:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
pkcs15-lib.c:4172:sc_pkcs15init_qualify_pin: called
pkcs15-lib.c:4191:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
Add virtual SO_PIN('Security Officer PIN',flags:B2,reference:-1,path:'3f005015')
card.c:951:sc_card_ctl: called
card-gids.c:2019:gids_card_ctl: called
card-gids.c:605:gids_get_serialnr: called
card-gids.c:386:gids_read_gidsfile: called
card-gids.c:216:gids_get_DO: called
Got args: fileIdentifier=a000, dataObjectIdentifier=df1f,     response=00000250F5BCD1C0, responselen=65000
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:CB, P1:A0, P2:0, data(4) 0000007C6FD3ECE0
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 CB A0 00 04 5C 02 DF 1F 00 .....\....
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (147 bytes):
DF 1F 81 8D 01 6D 73 63 70 00 00 00 00 00 00 00 .....mscp.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 ................
00 00 00 00 00 00 00 00 00 00 63 61 72 64 69 64 ..........cardid
00 00 00 00 00 20 DF 00 00 12 A0 00 00 00 00 00 ..... ..........
00 00 00 00 00 00 63 61 72 64 61 70 70 73 00 00 ......cardapps..
00 21 DF 00 00 10 A0 00 00 00 00 00 00 00 00 00 .!..............
00 00 63 61 72 64 63 66 00 00 00 00 00 22 DF 00 ..cardcf....."..
00 10 A0 00 00 6D 73 63 70 00 00 00 00 00 63 6D .....mscp.....cm
61 70 66 69 6C 65 00 00 00 23 DF 00 00 10 A0 00 apfile...#......
00 90 00                                        ...
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
card-gids.c:311:gids_read_gidsfile_without_cache: called
Identifiers of  cardid is fileIdentifier=a012, dataObjectIdentifier=df20
card-gids.c:216:gids_get_DO: called
Got args: fileIdentifier=a012, dataObjectIdentifier=df20,     response=0000007C6FD4ECE0, responselen=65538
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:CB, P1:A0, P2:12, data(4) 0000007C6FD3ECB0
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 CB A0 12 04 5C 02 DF 20 00 .....\.. .
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (21 bytes):
DF 20 10 4D 55 E8 C6 5A C5 F4 49 4A F9 29 6E 96 . .MU..Z..IJ.)n.
EB 83 89 90 00                                  .....
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
card-gids.c:394:gids_read_gidsfile: returning with: 0 (Success)
card-gids.c:624:gids_get_serialnr: returning with: 0 (Success)
card.c:961:sc_card_ctl: returning with: 0 (Success)
pkcs15-lib.c:3143:sc_pkcs15init_add_object: called
add object 00000250F5C1B2D0 to DF of type 8
Append object
pkcs15-gids.c:109:gids_emu_update_any_df: called
pkcs15-gids.c:112:gids_emu_update_any_df: returning with: 0 (Success)
pkcs15-lib.c:3187:sc_pkcs15init_add_object: returning with: 0 (Success)
pkcs15-lib.c:2943:sc_pkcs15init_update_dir: called
dir.c:163:sc_enum_apps: called
called; type=2, path=3f002f00
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(2) 0000007C6FD5E7F2
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (8 bytes):
00 A4 08 00 02 2F 00 00 ...../..
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
dir.c:171:sc_enum_apps: Cannot select EF.DIR file: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:2971:sc_pkcs15init_update_dir: returning with: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:3922:sc_pkcs15init_update_file: called
path:3f0050154946; datalen:128
called; type=2, path=3f0050154946
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(4) 0000007C6FD5E932
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:3944:sc_pkcs15init_update_file: Failed to select file: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:920:sc_pkcs15init_add_app: returning with: -1205 (Incorrect parameters in APDU)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU
pkcs15-lib.c:430:sc_pkcs15init_unbind: called
Pksc15init Unbind: 0:0000000000000000:1
card.c:356:sc_disconnect_card: called
card-gids.c:656:gids_finish: called
Broadcom Corp Contacted SmartCard 0:SCardDisconnect returned: 0x00000000
card.c:378:sc_disconnect_card: returning with: 0 (Success)
ctx.c:906:sc_release_context: called
reader-pcsc.c:900:pcsc_finish: called

I am not committed to these tools and am open to any suggestions.


回答1:


It seems the issue the whole time was activclient smart card drivers.

I edited the registry key for my specific smart card: (HKLM\Software\Microsoft\Cryptography\Calais\Smartcards\ and changed the 80000001 string value to the default windows driver (C:\Windows\System32\msclmd.dll) and I am able to load applets, load keys, and utilize these cards for bitlocker encryption.



来源:https://stackoverflow.com/questions/54372235/using-a-java-card-with-bitlocker

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!