ePass2003 ATR different, minidriver not working? #2572
Description
Problem Description
I initialized an ePass2003 on Linux with OpenSC master, and stored a keypair + a certificate on it. Moving it to a Windows 10 machine with OpenSC 0.22 installed, I could access the token via PKCS11, but not CAPI.
The output of certutil -scinfo is :
> certutil -scinfo
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 1
0: FS USB Token 0
--- Reader: FS USB Token 0
--- Status: SCARD_STATE_PRESENT | SCARD_STATE_INUSE
--- Status: The card is being shared by a process.
--- Card:
--- ATR:
3b 9f 95 81 31 fe 9f 00 66 46 53 05 23 00 25 71 ;...1...fFS.#.%q
df 00 00 03 90 00 96 .......
=======================================================
Analyzing card in reader: FS USB Token 0
SCardGetCardTypeProviderName: The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
Cannot retrieve Provider Name for SCardGetCardTypeProviderName: The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
Cannot retrieve Provider Name for
--------------===========================--------------
CertUtil: -SCInfo command FAILED: 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.
So I looked at the registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ePass2003]
"Crypto Provider"="OpenSC CSP"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
"80000001"="C:\\Program Files\\OpenSC Project\\OpenSC\\minidriver\\opensc-minidriver.dll"
"ATR"=hex:3b,9f,95,81,31,fe,9f,00,66,46,53,05,01,00,11,71,df,00,00,03,6a,82,f8
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff
Here I could see that the ATR registered with the driver is different from my token's ATR, and with an ATRMask of all 1's, the driver does not pick up my token at all.
So I compared both ATRs and changed my registry like this:
"ATR"=hex:3b,9f,95,81,31,fe,9f,00,66,46,53,05,00,00,00,71,df,00,00,03,00,00,00
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,ff,00,ff,ff,ff,ff,ff,00,\
00,00
With this change, now certutil -scinfo can return the contents of the token, and applications using CAPI can access the token as well.
For refrerence, on a different Windows 10 computer I installed Feitian's proprietary driver and tools for ePass2003, and initialized a token. The ATR for that token is:
--- ATR:
3b 9f 95 81 31 fe 9f 00 66 46 53 05 23 00 25 71 ;...1...fFS.#.%q
df 00 00 00 00 00 05 .......
And in the registry, the proprietary driver's ATR is:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ePass2003]
"Crypto Provider"="EnterSafe ePass2003 CSP v1.0"
"ATR"=hex:3b,9f,95,81,31,fe,9f,00,66,46,53,05,00,00,00,71,df,00,00,00,00,00,00
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,00
Proposed Resolution
Figure out why the ATR registered by OpenSC is different from the actual ATR of my token, and why ATR of OpenSC-initialized token is different from proprietary-initialized one;
Determine which ePass2003 tokens the OpenSC driver should support; (for example, should OpenSC minidriver try to interact with a proprietary-initialized token?)
Change ATR and ATRMask registered by OpenSC driver, so it picks up only those tokens the driver should support.