pkcs11-tool看不到由pcsc识别的卡

时间:2019-03-13 13:06:18

标签: pkcs#11 opensc

我正在使用REINER SCT cyberJack RFID标准读卡器和爱沙尼亚身份证。 pcsc_scan可以正确识别卡:

$ pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: REINER SCT cyberJack RFID standard (9084002233) 00 00

Wed Mar 13 14:02:39 2019
 Reader 0: REINER SCT cyberJack RFID standard (9084002233) 00 00
  Card state: Card inserted, 
  ATR: 3B DB 96 00 80 B1 FE 45 1F 83 00 12 23 3F 53 65 49 44 0F 90 00 F1

ATR: 3B DB 96 00 80 B1 FE 45 1F 83 00 12 23 3F 53 65 49 44 0F 90 00 F1
+ TS = 3B --> Direct Convention
+ T0 = DB, Y(1): 1101, K: 11 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5
  TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following 
-----
  TA(4) = 83 --> Clock stop: state H - Class accepted by the card: (3G) A 5V B 3V 
+ Historical bytes: 00 12 23 3F 53 65 49 44 0F 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 1, len: 2 (country code, ISO 3166-1)
      Country code: 23 3F
    Tag: 5, len: 3 (card issuer's data)
      Card issuer data: 65 49 44
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0F (unknown)
      SW: 9000 (Normal processing.)
+ TCK = F1 (correct checksum)

Possibly identified card (using /home/mag/.cache/smartcard_list.txt):
3B DB 96 00 80 B1 FE 45 1F 83 00 12 23 3F 53 65 49 44 0F 90 00 F1
    Estonia ID-card (eID)
    https://id.ee

但是pkcs11工具看不到该卡:

$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L
Available slots:
Slot 0 (0x0): REINER SCT cyberJack RFID standard (9084002233) 00 00
  (empty)

是什么原因引起的?我想念什么?

1 个答案:

答案 0 :(得分:0)

显然,爱沙尼亚卡的工具链与pkcs-11不兼容。但是chrome-token-signing软件包至少包含用于铬和Firefox的服务验证所需的代码,而qdigidoc4软件包包含用于创建和检查签名/加密文档的工具。 他们的仓库在这里:

deb https://installer.id.ee/media/ubuntu/ bionic main

我遇到的另一个问题是我的证书被认为是无效的。那是因为当您收到ID时,不会立即启用证书。