ePass 2003 review HOWTO Drivers - GOOZE downloading
ePass 2003 review HOWTO Drivers - GOOZE downloading
ePass 2003 review HOWTO Drivers - GOOZE downloading
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
Published on Gooze (http://www.gooze.eu)<br />
Home > <strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
The <strong>ePass</strong> <strong>2003</strong> is the successor of the <strong>ePass</strong> PKI.<br />
The <strong>ePass</strong> <strong>2003</strong> is being declared to the French National Agency.<br />
<strong>GOOZE</strong> will lauch the <strong>ePass</strong> <strong>2003</strong> OpenSC driver using a <strong>review</strong> process. The token itself is not beta off course, it is high<br />
quality. Review is the process to reach a good quality in OpenSC drivers, which are Free Software and need testing from the<br />
community.<br />
Product page: http://www.gooze.eu/feitian-epass-<strong>2003</strong>-free-software-developer-kit [1]<br />
<strong>Drivers</strong><br />
Windows 7 proprietary drivers<br />
End-user drivers are distributed using <strong>GOOZE</strong> website:<br />
Download the <strong>ePass</strong><strong>2003</strong> installer [2] for Windows.<br />
You may also download <strong>GOOZE</strong> PKI CD/DVD [3] image.<br />
Download the documentation in PDF format:<br />
<strong>ePass</strong><strong>2003</strong> user guide [4] (english)<br />
<strong>ePass</strong><strong>2003</strong> developer guide [5] (English)<br />
OpenSC support<br />
OpenSC free software drivers allow to use the <strong>ePass</strong> <strong>2003</strong> under the following systems:<br />
Windows 7<br />
Windows Vista<br />
Mac OS X 10.5 (Leopard)<br />
Mac OS X 10.6 (Snow Leopard)<br />
Mac OS X 10.7 (Lion)<br />
GNU/Linux Debian / Ubuntu and other systems<br />
OpenSC offers pkcs11 interface and read-only Windows mini-drivers.<br />
The OpenSC branch for the <strong>ePass</strong> <strong>2003</strong> is available from:<br />
https://github.com/entersafe [6]<br />
To fetch and compile source code, read our quickstarter guide:<br />
http://www.gooze.eu/howto/smartcard-quickstarter-guide/opensc-installati... [7]<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 1 / 6
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
Compatibility<br />
Proprietary and OpenSC drivers are not compatible:<br />
If your project includes only Windows, use proprietary drivers.<br />
If your project includes GNU/Linux, Mac OS X and Windows, use OpenSC drivers.<br />
Pricing<br />
The <strong>ePass</strong> <strong>2003</strong> is a very affordable token, targeted to middle to large projects:<br />
Unit prices<br />
Free for Open Source development (limited to one token per free-software developer).<br />
14,90 € / one unit.<br />
12,90 € / 10 units.<br />
9,90 € / 100 units.<br />
9.90 € / unit when upgrading from the <strong>ePass</strong> PKI.<br />
Large projects: contact us for pricing.<br />
Ordering one token is possible.<br />
Shipment<br />
Starting from 1€ to European countries.<br />
Starting from 2€ to the US and Canada.<br />
All prices excluding V.A.T.<br />
Schedule<br />
Done<br />
Initial submission of the <strong>ePass</strong> <strong>2003</strong> driver to OpenSC GIT. Many thanks to Martin for the fast response.<br />
Release of Windows administration beta tools on <strong>GOOZE</strong> <strong>downloading</strong> website [8].<br />
Writing of this short <strong>HOWTO</strong>, which simplifies the beta process.<br />
<strong>ePass</strong> <strong>2003</strong> beta ordering page [9]. Use this page to order a free <strong>ePass</strong> <strong>2003</strong> for testing.<br />
Validation of Proprierary drivers.<br />
Integration of the <strong>ePass</strong> <strong>2003</strong> in <strong>GOOZE</strong> documentation.<br />
Declaration to the French National Agency.<br />
Release of 50 free <strong>ePass</strong> PKI tokens to free software developers, mainly from OpenSC (being done)<br />
To-do-List<br />
Validation of OpenSC drivers.<br />
Ordering a free kit<br />
To order a Free <strong>ePass</strong> <strong>2003</strong> <strong>review</strong> kit, visit:<br />
http://www.gooze.eu/feitian-epass-<strong>2003</strong>-<strong>review</strong> [10]<br />
Each free software developer may order one <strong>ePass</strong> <strong>2003</strong> token.<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 2 / 6
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
Checkout and choose "free delivery".<br />
Indicate your development references as regards OpenSC and/or Free Software.<br />
We will study your request and send the <strong>ePass</strong> <strong>2003</strong> after declaration to the National French Agency.<br />
Issues<br />
<strong>ePass</strong> <strong>2003</strong> OpenSC driver is functional under OpenSC.<br />
This page summarizes the state of development.<br />
<strong>GOOZE</strong> documentation was also updated.<br />
Testing environment<br />
Debian SID x64 (64bit), with following repositories:<br />
deb http://ftp.fr.debian.org/debian/ [11] unstable main contrib non-free<br />
deb-src http://ftp.fr.debian.org/debian/ [11] unstable main contrib non-free<br />
deb http://ftp.fr.debian.org/debian/ [11] testing contrib non-free main<br />
deb-src http://ftp.fr.debian.org/debian/ [11] testing contrib non-free main<br />
deb http://ftp.fr.debian.org/debian/ [11] stable contrib non-free main<br />
deb-src http://ftp.fr.debian.org/debian/ [11] stable contrib non-free main<br />
Install:<br />
pcscd 1.8.1-3<br />
libccid 1.4.5-1<br />
openssl 1.0.0e-3<br />
Install a fixed version of libusb to avoid the 60 second bug:<br />
$ git clone git://git.libusb.org/libusb.git<br />
$ cd libusb<br />
$ git branch testing origin/testing<br />
$ git checkout testing<br />
$ ./configure --prefix=/usr<br />
$ make<br />
$ sudo make install<br />
Install build-dependencies:<br />
$ apt-get build-dep opensc<br />
Read http://www.gooze.eu/howto/smartcard-quickstarter-guide [12]<br />
To install OpenSC <strong>ePass</strong> <strong>2003</strong> beta from GIT hub:<br />
https://github.com/entersafe [6]<br />
$ git clone git://github.com/entersafe/OpenSC.git<br />
$ cd OpenSC<br />
$ git branch testing origin/epass<strong>2003</strong><br />
$ git checkout epass<strong>2003</strong><br />
$ ./bootstrap<br />
$ ./configure --prefix=/usr --sysconfdir=/etc/opensc<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 3 / 6
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
$ make<br />
$ sudo make install<br />
This should result in:<br />
$ opensc-tool --info<br />
opensc 0.12.2 [gcc 4.6.2]<br />
Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)<br />
What works<br />
Display ATR:<br />
$ opensc-tool --atr<br />
Using reader with a card: Feitian <strong>ePass</strong><strong>2003</strong> 00 00<br />
3b:9f:95:81:31:fe:9f:00:66:46:53:05:01:00:11:71:df:00:00:03:6a:82:f8<br />
Display serial:<br />
$ opensc-tool --serial<br />
Using reader with a card: Feitian <strong>ePass</strong><strong>2003</strong> 00 00<br />
21 51 59 09 16 09 11 01 !QY.....<br />
Erase <strong>ePass</strong> <strong>2003</strong>:<br />
$ pkcs15-init -E<br />
Using reader with a card: Feitian <strong>ePass</strong><strong>2003</strong> 00 00<br />
Query name of driver:<br />
$ opensc-tool --reader 0 --name<br />
epass<strong>2003</strong><br />
Formatting smartcard with ONEPIN:<br />
$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --<br />
label "François Pérou"<br />
Formatting smartcard with SO-PIN:<br />
$ pkcs15-init -vvvvvvvvv -C --pin 1234 --puk 123456 --so-pin 123456 --so-puk 12345678<br />
Dump content of smartcard:<br />
$ pkcs15-tool --dump<br />
Using reader with a card: Feitian <strong>ePass</strong><strong>2003</strong> 00 00<br />
PKCS#15 Card [François Pérou]:<br />
Version : 0<br />
Serial number : 2151590916091101<br />
Manufacturer ID: EnterSafe<br />
Last update : 20111202122804Z<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 4 / 6
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
Flags : EID compliant<br />
PIN [User PIN]<br />
Object Flags : [0x3], private, modifiable<br />
ID : 01<br />
Flags : [0x32], local, initialized, needs-padding<br />
Length : min_len:4, max_len:16, stored_len:16<br />
Pad char : 0x00<br />
Reference : 1<br />
Type : ascii-numeric<br />
Path : 3f005015<br />
List PIN code:<br />
$ pkcs15-tool --list-pins<br />
Using reader with a card: Feitian <strong>ePass</strong><strong>2003</strong> 00 00<br />
PIN [User PIN]<br />
Object Flags : [0x3], private, modifiable<br />
ID : 01<br />
Flags : [0x32], local, initialized, needs-padding<br />
Length : min_len:4, max_len:16, stored_len:16<br />
Pad char : 0x00<br />
Reference : 1<br />
Type : ascii-numeric<br />
Path : 3f005015<br />
Chaning PIN code:<br />
$ pkcs15-tool --change-pin<br />
Using reader with a card: Feitian <strong>ePass</strong><strong>2003</strong> 00 00<br />
Enter old PIN [User PIN]:<br />
Enter new PIN [User PIN]:<br />
Enter new PIN again [User PIN]:<br />
Supported mechanisms:<br />
$ pkcs11-tool --module /usr/lib/opensc-pkcs11.so -M<br />
$ Using slot 1 with a present token (0x1)<br />
Supported mechanisms:<br />
SHA-1, digest<br />
SHA256, digest<br />
SHA384, digest<br />
SHA512, digest<br />
MD5, digest<br />
RIPEMD160, digest<br />
GOSTR3411, digest<br />
RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify<br />
RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify<br />
SHA1-RSA-PKCS, keySize={512,2048}, sign, verify<br />
SHA256-RSA-PKCS, keySize={512,2048}, sign, verify<br />
MD5-RSA-PKCS, keySize={512,2048}, sign, verify<br />
RIPEMD160-RSA-PKCS, keySize={512,2048}, sign, verify<br />
RSA-PKCS-KEY-PAIR-GEN, keySize={512,2048}, generate_key_pair<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 5 / 6
<strong>ePass</strong> <strong>2003</strong> <strong>review</strong> <strong>HOWTO</strong><br />
Show objects on token:<br />
$ pkcs11-tool --module=/usr/lib/opensc-pkcs11.so -l -O<br />
=> Importing PKCS#12 certificates (tested with StartSSL and CAcert):<br />
$ pkcs15-init --store-private-key key-file.p12 --format pkcs12 -i 45 --auth-id 01 --pin 0000<br />
Using OpenSSL works<br />
$ openssl<br />
OpenSSL>engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -<br />
pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so<br />
OpenSSL>req -engine pkcs11 -new -key slot_1-id_45 -keyform engine -x509 -out cert.pem -text<br />
OpenSSL>quit<br />
openssl verify -CAfile cert.pem cert.pem<br />
pkcs15-init -vvvvvvvvv --store-certificate cert.pem --auth-id 01 --id 45 --format pem<br />
openssl<br />
OpenSSL>engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -<br />
pre LOAD -pre MODULE_PATH:/usr/local/lib/opensc-pkcs11.so<br />
OpenSSL>smime -engine pkcs11 -encrypt -in plain.txt -des3 -out cipher.bin cert.pem<br />
OpenSSL>smime -engine pkcs11 -decrypt -in cipher.bin -out decipher.txt -recip cert.pem -inkey slot_1-id_45 -<br />
keyform engine<br />
OpenSSL>quit<br />
Copyright <strong>GOOZE</strong>.EU 2011.<br />
Source URL: http://www.gooze.eu/epass-<strong>2003</strong>-<strong>review</strong>-howto<br />
Links:<br />
[1] http://www.gooze.eu/feitian-epass-<strong>2003</strong>-free-software-developer-kit<br />
[2] http://download.gooze.eu/pki/feitian/epass-<strong>2003</strong>/<strong>ePass</strong><strong>2003</strong>_SDK_20110905.zip<br />
[3] http://download.gooze.eu/pki/iso/<br />
[4] http://download.gooze.eu/pki/feitian/epass-<strong>2003</strong>/<strong>ePass</strong><strong>2003</strong>_User_Guide_E.pdf<br />
[5] http://download.gooze.eu/pki/feitian/epass-<strong>2003</strong>/<strong>ePass</strong><strong>2003</strong>_Developer_Guide_E.pdf<br />
[6] https://github.com/entersafe<br />
[7] http://www.gooze.eu/howto/smartcard-quickstarter-guide/opensc-installation-under-gnu-linux<br />
[8] http://download.gooze.eu/pki/feitian/epass-<strong>2003</strong>/<br />
[9] http://www.gooze.eu/feitian-epass-<strong>2003</strong>-beta<br />
[10] http://www.gooze.eu/feitian-epass-<strong>2003</strong>-<strong>review</strong><br />
[11] http://ftp.fr.debian.org/debian/<br />
[12] http://www.gooze.eu/howto/smartcard-quickstarter-guide<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 6 / 6