Does the SCM SCR3320 work with GnuPG?
Peter Lebbing
peter at digitalbrains.com
Wed Sep 16 15:11:58 CEST 2009
Peter Lebbing wrote:
> I've just ordered the MyKey with the new model card reader. I'll report
> whether it works when I have it.
Well, bit of a disappointment, but hopefully it can be fixed. It turned out
that the reader included with the new model MyKey is the SCT3511. It seems
like a nice device: it can also support hybrid cards and be used as a
contactless token when not plugged in.
However, it does not work error free with GnuPG (Debian version 1.4.9-4).
- Basic access works
- Changing cardholder name works
- Command "verify" works
- Changing Admin PIN works
- Changing "user" PIN FAILS
- Anything involving RSA keys FAILS
As soon as a command has failed, the only way to talk to the reader(/card)
again is by unplugging and replugging. I have not tried removing the card
from the reader while the reader is plugged in.
Could a GnuPG dev please have a look at the debug logs? I believe Werner
does the card stuff, right? I really hope this reader can be made to work
with GnuPG.
It reports itself as (lsusb):
04e6:5116 SCM Microsystems, Inc. SCR331-LC1 SmartCard Reader
Linux recognises it as a "SCR3310 v2.0 USB SC Reader", so I suppose they
share the USB ID's.
I created a test key on the card, and used it both in the perfectly working
SPR532 as well as in the SCT3511. The PIN is 12345678 (as can be seen in the
debug log, if you know where to look :).
I encrypted a test file to the encryption subkey on the card. I have
included debug logs for both card readers attempting decryption. This is not
one of my smallest posts to this group, but I think it's just within
acceptable ranges :). If I'm mistaken, I'll put files on a website from now on.
The test key has the following properties:
pub 1024R/D75DDA31 2009-09-16
uid Test Test <test at example.com>
sub 1024R/CAAB1A36 2009-09-16
sub 1024R/40DC2931 2009-09-16
When decrypting with the non-working SCT3511 reader, gpg --debug-ccid-driver
-d test.asc produces the following debug output:
gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:5116:X:0)
gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: 5116 bcdDevice: 0204
gpg: DBG: ccid-driver: ChipCard Interface Descriptor:
gpg: DBG: ccid-driver: bLength 54
gpg: DBG: ccid-driver: bDescriptorType 33
gpg: DBG: ccid-driver: bcdCCID 1.10 (Warning: Only accurate
for version 1.0)
gpg: DBG: ccid-driver: nMaxSlotIndex 0
gpg: DBG: ccid-driver: bVoltageSupport 7 ?
gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1
gpg: DBG: ccid-driver: dwDefaultClock 4800
gpg: DBG: ccid-driver: dwMaxiumumClock 8000
gpg: DBG: ccid-driver: bNumClockSupported 0
gpg: DBG: ccid-driver: dwDataRate 12903 bps
gpg: DBG: ccid-driver: dwMaxDataRate 412903 bps
gpg: DBG: ccid-driver: bNumDataRatesSupp. 0
gpg: DBG: ccid-driver: dwMaxIFSD 252
gpg: DBG: ccid-driver: dwSyncProtocols 00000000
gpg: DBG: ccid-driver: dwMechanical 00000000
gpg: DBG: ccid-driver: dwFeatures 000101BA
gpg: DBG: ccid-driver: Auto configuration based on ATR
gpg: DBG: ccid-driver: Auto voltage selection
gpg: DBG: ccid-driver: Auto clock change
gpg: DBG: ccid-driver: Auto baud rate change
gpg: DBG: ccid-driver: Auto PPS made by CCID
gpg: DBG: ccid-driver: CCID can set ICC in clock stop mode
gpg: DBG: ccid-driver: TPDU level exchange
gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 271
gpg: DBG: ccid-driver: bClassGetResponse echo
gpg: DBG: ccid-driver: bClassEnvelope echo
gpg: DBG: ccid-driver: wlcdLayout none
gpg: DBG: ccid-driver: bPINSupport 0
gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
data: 11 10 FF 45 00 80 00
gpg: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 02 00 00 01
11 10 FF 45 00 80 00
gpg: DBG: ccid-driver: protocol ..........: T=1
gpg: DBG: ccid-driver: bmFindexDindex ....: 11
gpg: DBG: ccid-driver: bmTCCKST1 .........: 10
gpg: DBG: ccid-driver: bGuardTimeT1 ......: FF
gpg: DBG: ccid-driver: bmWaitingIntegersT1: 45
gpg: DBG: ccid-driver: bClockStop ........: 00
gpg: DBG: ccid-driver: bIFSC .............: 128
gpg: DBG: ccid-driver: bNadValue .........: 0
gpg: DBG: ccid-driver: sending 61 07 00 00 00 00 03 01 00 00 11 10 FF 45 00
80 00
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
data: 11 10 FF 45 00 80 00
gpg: DBG: ccid-driver: sending 6F 05 00 00 00 00 04 00 00 00 00 C1 01 FC 3C
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 E1 01 FC 1C
gpg: DBG: ccid-driver: IFSD has been set to 252
gpg: DBG: ccid-driver: sending 6F 0F 00 00 00 00 05 04 00 00 00 00 0B 00 A4
04 00 06 D2 76 00 01 24 01 2D
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 00 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00
00 08 9B 00 00 90 00 7D
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 06 04 00 00 00 40 05 00 CA
00 4F 00 C0
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 40 12 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00
00 90 00 D0
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 07 04 00 00 00 00 05 00 CA
00 C4 00 0B
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 00 09 01 FE FE FE 03 03 03 90 00 65
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 08 04 00 00 00 40 05 00 CA
00 6E 00 E1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08
9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05
01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD
1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB
7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A
36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0
C9 52 5E 00 90 00 C6
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 09 04 00 00 00 00 05 00 CA
00 5E 00 91
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 00 02 90 00 92
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 0A 04 00 00 00 40 05 00 CA
00 6E 00 E1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08
9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05
01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD
1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB
7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A
36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0
C9 52 5E 00 90 00 C6
gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0B 04 00 00 00 00 0D 00 20
00 82 08 31 32 33 34 35 36 37 38 AF
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 00 02 90 00 92
gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0C 04 00 00 00 40 0D 00 20
00 81 08 31 32 33 34 35 36 37 38 EC
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
gpg: DBG: ccid-driver: T=1 S-block response received cmd=26
gpg: ccid_transceive failed: (0x1000a)
gpg: apdu_send_simple(0) failed: card I/O error
gpg: verify CHV1 failed: general error
gpg: encrypted with 1024-bit RSA key, ID 40DC2931, created 2009-09-16
"Test Test <test at example.com>"
gpg: public key decryption failed: general error
gpg: decryption failed: secret key not available
gpg: DBG: ccid-driver: status: 01 error: 00 octet[9]: 01
data:
---------------------------------------------------------------------------
When decrypting the same file with the SPR532, the debug output is as follows:
gpg: DBG: ccid-driver: using CCID reader 0 (ID=04E6:E003:60200D5E:0)
gpg: DBG: ccid-driver: idVendor: 04E6 idProduct: E003 bcdDevice: 0510
gpg: DBG: ccid-driver: ChipCard Interface Descriptor:
gpg: DBG: ccid-driver: bLength 54
gpg: DBG: ccid-driver: bDescriptorType 33
gpg: DBG: ccid-driver: bcdCCID 1.00
gpg: DBG: ccid-driver: nMaxSlotIndex 0
gpg: DBG: ccid-driver: bVoltageSupport 1 5.0V
gpg: DBG: ccid-driver: dwProtocols 3 T=0 T=1
gpg: DBG: ccid-driver: dwDefaultClock 4000
gpg: DBG: ccid-driver: dwMaxiumumClock 8000
gpg: DBG: ccid-driver: bNumClockSupported 0
gpg: DBG: ccid-driver: dwDataRate 10753 bps
gpg: DBG: ccid-driver: dwMaxDataRate 344105 bps
gpg: DBG: ccid-driver: bNumDataRatesSupp. 0
gpg: DBG: ccid-driver: dwMaxIFSD 254
gpg: DBG: ccid-driver: dwSyncProtocols 00000000
gpg: DBG: ccid-driver: dwMechanical 00000000
gpg: DBG: ccid-driver: dwFeatures 000100BA
gpg: DBG: ccid-driver: Auto configuration based on ATR
gpg: DBG: ccid-driver: Auto voltage selection
gpg: DBG: ccid-driver: Auto clock change
gpg: DBG: ccid-driver: Auto baud rate change
gpg: DBG: ccid-driver: Auto PPS made by CCID
gpg: DBG: ccid-driver: TPDU level exchange
gpg: DBG: ccid-driver: dwMaxCCIDMsgLen 270
gpg: DBG: ccid-driver: bClassGetResponse echo
gpg: DBG: ccid-driver: bClassEnvelope echo
gpg: DBG: ccid-driver: wlcdLayout none
gpg: DBG: ccid-driver: bPINSupport 3 verification modification
gpg: DBG: ccid-driver: bMaxCCIDBusySlots 1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 3B FA 13 00 FF 81 31 80 45 00 31 C1 73 C0 01 00 00 90 00 B1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
data: 11 10 00 45 00 80 00
gpg: DBG: ccid-driver: GetParametes returned 82 07 00 00 00 00 02 00 00 01
11 10 00 45 00 80 00
gpg: DBG: ccid-driver: protocol ..........: T=1
gpg: DBG: ccid-driver: bmFindexDindex ....: 11
gpg: DBG: ccid-driver: bmTCCKST1 .........: 10
gpg: DBG: ccid-driver: bGuardTimeT1 ......: 00
gpg: DBG: ccid-driver: bmWaitingIntegersT1: 45
gpg: DBG: ccid-driver: bClockStop ........: 00
gpg: DBG: ccid-driver: bIFSC .............: 128
gpg: DBG: ccid-driver: bNadValue .........: 0
gpg: DBG: ccid-driver: sending 61 07 00 00 00 00 03 01 00 00 11 10 00 45 00
80 00
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 01
data: 11 10 00 45 00 80 00
gpg: DBG: ccid-driver: sending 6F 05 00 00 00 00 04 00 00 00 00 C1 01 FE 3E
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 00
data: 00 E1 01 FE 1E
gpg: DBG: ccid-driver: IFSD has been set to 254
gpg: DBG: ccid-driver: sending 6F 0F 00 00 00 00 05 04 00 00 00 00 0B 00 A4
04 00 06 D2 76 00 01 24 01 2D
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 00 16 6F 12 84 10 D2 76 00 01 24 01 01 01 00 01 00
00 08 9B 00 00 90 00 7D
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 06 04 00 00 00 40 05 00 CA
00 4F 00 C0
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 40 12 D2 76 00 01 24 01 01 01 00 01 00 00 08 9B 00
00 90 00 D0
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 07 04 00 00 00 00 05 00 CA
00 C4 00 0B
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 00 09 01 FE FE FE 03 03 03 90 00 65
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 08 04 00 00 00 40 05 00 CA
00 6E 00 E1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08
9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05
01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD
1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB
7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A
36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0
C9 52 5E 00 90 00 C6
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 09 04 00 00 00 00 05 00 CA
00 5E 00 91
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 00 02 90 00 92
gpg: DBG: ccid-driver: sending 6F 09 00 00 00 00 0A 04 00 00 00 40 05 00 CA
00 6E 00 E1
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 40 C4 4F 10 D2 76 00 01 24 01 01 01 00 01 00 00 08
9B 00 00 73 81 9D C0 01 78 C1 05 01 04 00 00 20 C2 05 01 04 00 00 20 C3 05
01 04 00 00 20 C4 07 01 FE FE FE 03 03 03 C5 3C 0A 70 A5 C5 B3 46 D2 1D DD
1B D5 EB 0F BC C6 E2 D7 5D DA 31 20 E2 BB 7D 50 8D C1 2F 83 5B 0C 20 2E FB
7A D3 40 DC 29 31 37 1E 37 7B 43 4A 27 A1 CF E1 B9 44 86 08 9C 6C CA AB 1A
36 C6 3C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 CD 0C 4A B0 C9 08 4A B0 C9 7C 4A B0
C9 52 5E 00 90 00 C6
gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0B 04 00 00 00 00 0D 00 20
00 82 08 31 32 33 34 35 36 37 38 AF
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 00 02 90 00 92
gpg: DBG: ccid-driver: sending 6F 11 00 00 00 00 0C 04 00 00 00 40 0D 00 20
00 81 08 31 32 33 34 35 36 37 38 EC
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 40 02 90 00 D2
gpg: DBG: ccid-driver: sending 6F 84 00 00 00 00 0D 04 00 00 00 20 80 00 2A
80 86 81 00 5F 13 C4 EF 28 20 A4 2F 68 89 E2 C4 8F C0 45 E5 E2 93 1E 76 CC
AD 4D 0C 51 7F 35 0C 68 35 A9 49 C3 CD 7D 50 FE 17 EF C3 A0 C8 52 06 32 82
65 F7 32 1F 18 4A CF 76 DE BB DE B6 0A 53 32 4D C5 CE 09 A5 B9 F7 93 ED AD
1A 34 23 D4 7B 19 BA C5 CA C9 41 EB E2 C2 63 19 B9 A0 50 3A 4C AB 30 7D 5D
DA 2B 6D B6 87 CF 62 BF 31 9F 73 CA 10 AF DF 20 73 41 40 C4 CA 4C CA FB B3 A4 30
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 90 00 90
gpg: DBG: ccid-driver: sending 6F 0A 00 00 00 00 0E 04 00 00 00 40 06 6F F9
DF 9F 3D C3 6E
gpg: DBG: ccid-driver: status: 00 error: 00 octet[9]: 04
data: 00 00 25 09 2A A8 6A BC 73 C8 E4 B8 B1 09 BC 1F 08 08
68 00 8D 4E 96 D2 53 22 57 92 3F F3 AA 3B 85 7F F8 56 0E E6 90 00 AE
gpg: encrypted with 1024-bit RSA key, ID 40DC2931, created 2009-09-16
"Test Test <test at example.com>"
Test
gpg: DBG: ccid-driver: status: 01 error: 00 octet[9]: 01
data:
---------------------------------------------------------------------------
Thanks for your time,
Peter Lebbing.
--
I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt
More information about the Gnupg-users
mailing list