ePass 2003 review HOWTO Drivers - GOOZE downloading

ePass 2003 review HOWTO
Published on Gooze (http://www.gooze.eu)
Home > ePass 2003 review HOWTO
ePass 2003 review HOWTO
The ePass 2003 is the successor of the ePass PKI.
The ePass 2003 is being declared to the French National Agency.
GOOZE will lauch the ePass 2003 OpenSC driver using a review process. The token itself is not beta off course, it is high
quality. Review is the process to reach a good quality in OpenSC drivers, which are Free Software and need testing from the
community.
Product page: http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit [1]
Drivers
Windows 7 proprietary drivers
End-user drivers are distributed using GOOZE website:
Download the ePass2003 installer [2] for Windows.
You may also download GOOZE PKI CD/DVD [3] image.
Download the documentation in PDF format:
ePass2003 user guide [4] (english)
ePass2003 developer guide [5] (English)
OpenSC support
OpenSC free software drivers allow to use the ePass 2003 under the following systems:
Windows 7
Windows Vista
Mac OS X 10.5 (Leopard)
Mac OS X 10.6 (Snow Leopard)
Mac OS X 10.7 (Lion)
GNU/Linux Debian / Ubuntu and other systems
OpenSC offers pkcs11 interface and read-only Windows mini-drivers.
The OpenSC branch for the ePass 2003 is available from:
https://github.com/entersafe [6]
To fetch and compile source code, read our quickstarter guide:
http://www.gooze.eu/howto/smartcard-quickstarter-guide/opensc-installati... [7]
Copyright GOOZE 2010-2011 http://www.gooze.eu 1 / 6

ePass 2003 review HOWTO
Compatibility
Proprietary and OpenSC drivers are not compatible:
If your project includes only Windows, use proprietary drivers.
If your project includes GNU/Linux, Mac OS X and Windows, use OpenSC drivers.
Pricing
The ePass 2003 is a very affordable token, targeted to middle to large projects:
Unit prices
Free for Open Source development (limited to one token per free-software developer).
14,90 € / one unit.
12,90 € / 10 units.
9,90 € / 100 units.
9.90 € / unit when upgrading from the ePass PKI.
Large projects: contact us for pricing.
Ordering one token is possible.
Shipment
Starting from 1€ to European countries.
Starting from 2€ to the US and Canada.
All prices excluding V.A.T.
Schedule
Done
Initial submission of the ePass 2003 driver to OpenSC GIT. Many thanks to Martin for the fast response.
Release of Windows administration beta tools on GOOZE downloading website [8].
Writing of this short HOWTO, which simplifies the beta process.
ePass 2003 beta ordering page [9]. Use this page to order a free ePass 2003 for testing.
Validation of Proprierary drivers.
Integration of the ePass 2003 in GOOZE documentation.
Declaration to the French National Agency.
Release of 50 free ePass PKI tokens to free software developers, mainly from OpenSC (being done)
To-do-List
Validation of OpenSC drivers.
Ordering a free kit
To order a Free ePass 2003 review kit, visit:
http://www.gooze.eu/feitian-epass-2003-review [10]
Each free software developer may order one ePass 2003 token.
Copyright GOOZE 2010-2011 http://www.gooze.eu 2 / 6

ePass 2003 review HOWTO
Checkout and choose "free delivery".
Indicate your development references as regards OpenSC and/or Free Software.
We will study your request and send the ePass 2003 after declaration to the National French Agency.
Issues
ePass 2003 OpenSC driver is functional under OpenSC.
This page summarizes the state of development.
GOOZE documentation was also updated.
Testing environment
Debian SID x64 (64bit), with following repositories:
deb http://ftp.fr.debian.org/debian/ [11] unstable main contrib non-free
deb-src http://ftp.fr.debian.org/debian/ [11] unstable main contrib non-free
deb http://ftp.fr.debian.org/debian/ [11] testing contrib non-free main
deb-src http://ftp.fr.debian.org/debian/ [11] testing contrib non-free main
deb http://ftp.fr.debian.org/debian/ [11] stable contrib non-free main
deb-src http://ftp.fr.debian.org/debian/ [11] stable contrib non-free main
Install:
pcscd 1.8.1-3
libccid 1.4.5-1
openssl 1.0.0e-3
Install a fixed version of libusb to avoid the 60 second bug:
$ git clone git://git.libusb.org/libusb.git
$ cd libusb
$ git branch testing origin/testing
$ git checkout testing
$ ./configure --prefix=/usr
$ make
$ sudo make install
Install build-dependencies:
$ apt-get build-dep opensc
Read http://www.gooze.eu/howto/smartcard-quickstarter-guide [12]
To install OpenSC ePass 2003 beta from GIT hub:
https://github.com/entersafe [6]
$ git clone git://github.com/entersafe/OpenSC.git
$ cd OpenSC
$ git branch testing origin/epass2003
$ git checkout epass2003
$ ./bootstrap
$ ./configure --prefix=/usr --sysconfdir=/etc/opensc
Copyright GOOZE 2010-2011 http://www.gooze.eu 3 / 6

ePass 2003 review HOWTO
$ make
$ sudo make install
This should result in:
$ opensc-tool --info
opensc 0.12.2 [gcc 4.6.2]
Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)
What works
Display ATR:
$ opensc-tool --atr
Using reader with a card: Feitian ePass2003 00 00
3b:9f:95:81:31:fe:9f:00:66:46:53:05:01:00:11:71:df:00:00:03:6a:82:f8
Display serial:
$ opensc-tool --serial
Using reader with a card: Feitian ePass2003 00 00
21 51 59 09 16 09 11 01 !QY.....
Erase ePass 2003:
$ pkcs15-init -E
Using reader with a card: Feitian ePass2003 00 00
Query name of driver:
$ opensc-tool --reader 0 --name
epass2003
Formatting smartcard with ONEPIN:
$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --
label "François Pérou"
Formatting smartcard with SO-PIN:
$ pkcs15-init -vvvvvvvvv -C --pin 1234 --puk 123456 --so-pin 123456 --so-puk 12345678
Dump content of smartcard:
$ pkcs15-tool --dump
Using reader with a card: Feitian ePass2003 00 00
PKCS#15 Card [François Pérou]:
Version : 0
Serial number : 2151590916091101
Manufacturer ID: EnterSafe
Last update : 20111202122804Z
Copyright GOOZE 2010-2011 http://www.gooze.eu 4 / 6

ePass 2003 review HOWTO
Flags : EID compliant
PIN [User PIN]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x32], local, initialized, needs-padding
Length : min_len:4, max_len:16, stored_len:16
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f005015
List PIN code:
$ pkcs15-tool --list-pins
Using reader with a card: Feitian ePass2003 00 00
PIN [User PIN]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x32], local, initialized, needs-padding
Length : min_len:4, max_len:16, stored_len:16
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f005015
Chaning PIN code:
$ pkcs15-tool --change-pin
Using reader with a card: Feitian ePass2003 00 00
Enter old PIN [User PIN]:
Enter new PIN [User PIN]:
Enter new PIN again [User PIN]:
Supported mechanisms:
$ pkcs11-tool --module /usr/lib/opensc-pkcs11.so -M
$ Using slot 1 with a present token (0x1)
Supported mechanisms:
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
GOSTR3411, digest
RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify
RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={512,2048}, sign, verify
SHA256-RSA-PKCS, keySize={512,2048}, sign, verify
MD5-RSA-PKCS, keySize={512,2048}, sign, verify
RIPEMD160-RSA-PKCS, keySize={512,2048}, sign, verify
RSA-PKCS-KEY-PAIR-GEN, keySize={512,2048}, generate_key_pair
Copyright GOOZE 2010-2011 http://www.gooze.eu 5 / 6

ePass 2003 review HOWTO
Show objects on token:
$ pkcs11-tool --module=/usr/lib/opensc-pkcs11.so -l -O
=> Importing PKCS#12 certificates (tested with StartSSL and CAcert):
$ pkcs15-init --store-private-key key-file.p12 --format pkcs12 -i 45 --auth-id 01 --pin 0000
Using OpenSSL works
$ openssl
OpenSSL>engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -
pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so
OpenSSL>req -engine pkcs11 -new -key slot_1-id_45 -keyform engine -x509 -out cert.pem -text
OpenSSL>quit
openssl verify -CAfile cert.pem cert.pem
pkcs15-init -vvvvvvvvv --store-certificate cert.pem --auth-id 01 --id 45 --format pem
openssl
OpenSSL>engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -
pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so
OpenSSL>smime -engine pkcs11 -encrypt -in plain.txt -des3 -out cipher.bin cert.pem
OpenSSL>smime -engine pkcs11 -decrypt -in cipher.bin -out decipher.txt -recip cert.pem -inkey slot_1-id_45 -
keyform engine
OpenSSL>quit
Copyright GOOZE.EU 2011.
Source URL: http://www.gooze.eu/epass-2003-review-howto
Links:
[1] http://www.gooze.eu/feitian-epass-2003-free-software-developer-kit
[2] http://download.gooze.eu/pki/feitian/epass-2003/ePass2003_SDK_20110905.zip
[3] http://download.gooze.eu/pki/iso/
[4] http://download.gooze.eu/pki/feitian/epass-2003/ePass2003_User_Guide_E.pdf
[5] http://download.gooze.eu/pki/feitian/epass-2003/ePass2003_Developer_Guide_E.pdf
[6] https://github.com/entersafe
[7] http://www.gooze.eu/howto/smartcard-quickstarter-guide/opensc-installation-under-gnu-linux
[8] http://download.gooze.eu/pki/feitian/epass-2003/
[9] http://www.gooze.eu/feitian-epass-2003-beta
[10] http://www.gooze.eu/feitian-epass-2003-review
[11] http://ftp.fr.debian.org/debian/
[12] http://www.gooze.eu/howto/smartcard-quickstarter-guide
Copyright GOOZE 2010-2011 http://www.gooze.eu 6 / 6